[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Mar 4 20:10:37 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
088a6b02 by security tracker role at 2019-03-04T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,15 @@
+CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 ...)
+	TODO: check
+CVE-2019-9567 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 ...)
+	TODO: check
+CVE-2019-9566 (FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. ...)
+	TODO: check
+CVE-2019-9565 (Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 ...)
+	TODO: check
 CVE-2019-9564
 	RESERVED
-CVE-2019-9563
-	RESERVED
+CVE-2019-9563 (In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the ...)
+	TODO: check
 CVE-2019-9562
 	RESERVED
 CVE-2019-9561
@@ -24243,16 +24251,19 @@ CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path
 CVE-2018-19363
 	RESERVED
 CVE-2018-19362 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
 	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
 CVE-2018-19361 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
 	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
 CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
@@ -36404,18 +36415,22 @@ CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in ...)
 	- btrfsmaintenance 0.4.1-2 (bug #906131)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
 CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
 CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote ...)
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
@@ -43633,11 +43648,13 @@ CVE-2018-12024
 	RESERVED
 CVE-2018-12023 [improper polymorphic deserialization of types from Oracle JDBC driver]
 	RESERVED
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2058
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
 CVE-2018-12022 [improper polymorphic deserialization of types from Jodd-db library]
 	RESERVED
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2052
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
@@ -45626,6 +45643,7 @@ CVE-2018-11308
 	RESERVED
 CVE-2018-11307 [Potential information exfiltration with default typing, serialization gadget from MyBatis]
 	RESERVED
+	{DLA-1703-1}
 	- jackson-databind 2.9.8-1
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/088a6b02451486d4a4c2ae5547a93d10a9d41439

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/088a6b02451486d4a4c2ae5547a93d10a9d41439
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190304/6035910b/attachment.html>

More information about the debian-security-tracker-commits mailing list