[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68560c4b by security tracker role at 2019-07-07T20:10:25Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-13389
+	RESERVED
+CVE-2019-13388
+	RESERVED
+CVE-2019-13387
+	RESERVED
+CVE-2019-13386
+	RESERVED
+CVE-2019-13385
+	RESERVED
+CVE-2019-13384
+	RESERVED
+CVE-2019-13383
+	RESERVED
+CVE-2019-13382
+	RESERVED
+CVE-2019-13381
+	RESERVED
+CVE-2019-13380
+	RESERVED
+CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access  ...)
+	TODO: check
+CVE-2019-13378
+	RESERVED
+CVE-2019-13377
+	RESERVED
+CVE-2019-13376
+	RESERVED
 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...)
 	NOT-FOR-US: D-Link
 CVE-2019-13374 (A cross-site scripting (XSS) vulnerability in resource view in PayActi ...)
@@ -62,6 +90,7 @@ CVE-2019-13347
 CVE-2019-13346
 	RESERVED
 CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
+	{DLA-1847-1}
 	- squid <unfixed> (bug #931478)
 	- squid3 <removed>
 	NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=4957
@@ -338,6 +367,7 @@ CVE-2019-13235
 CVE-2019-13234
 	RESERVED
 CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...)
+	{DLA-1846-1}
 	- unzip <unfixed> (bug #931433)
 	NOTE: https://www.bamsoftware.com/hacks/zipbomb/
 	NOTE: Fixed by: https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c
@@ -452,8 +482,8 @@ CVE-2019-13185
 	RESERVED
 CVE-2019-13184
 	RESERVED
-CVE-2019-13183
-	RESERVED
+CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as  ...)
+	TODO: check
 CVE-2019-13182
 	RESERVED
 CVE-2019-13181
@@ -1946,6 +1976,7 @@ CVE-2019-12596
 CVE-2019-12595
 	RESERVED
 CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...)
+	{DLA-1845-1}
 	- dosbox <unfixed> (bug #931222)
 	NOTE: Fixed in 0.74-3 upstream.
 	NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594
@@ -16584,6 +16615,7 @@ CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a cou
 CVE-2019-7166
 	RESERVED
 CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitra ...)
+	{DLA-1845-1}
 	- dosbox <unfixed> (bug #931222)
 	NOTE: Fixed in 0.74-3 upstream.
 	NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/68560c4bcad3258c5786f237a0fda3143684eaa7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/68560c4bcad3258c5786f237a0fda3143684eaa7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190707/a09d035c/attachment.html>