[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20843/expat
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 24 21:41:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c26d6424 by Salvatore Bonaccorso at 2019-06-24T20:40:59Z
Add CVE-2018-20843/expat
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,11 @@ CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection i
CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to p ...)
TODO: check
CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names that ...)
- TODO: check
+ - expat <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
+ NOTE: https://github.com/libexpat/libexpat/issues/186
+ NOTE: https://github.com/libexpat/libexpat/pull/262
+ NOTE: https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow ...)
TODO: check
CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c26d642475fb5b6f959bb73073db547e28637a47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c26d642475fb5b6f959bb73073db547e28637a47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190624/78b7a5ae/attachment.html>
More information about the debian-security-tracker-commits
mailing list