[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Mar 10 08:10:24 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10437f6c by security tracker role at 2019-03-10T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9126,6 +9126,7 @@ CVE-2019-5787
 	RESERVED
 CVE-2019-5786
 	RESERVED
+	{DSA-4404-1}
 	- chromium 72.0.3626.121-1
 CVE-2019-5785
 	RESERVED
@@ -20731,9 +20732,11 @@ CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows lo
 CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not ...)
 	NOT-FOR-US: OpenLiteSpeed
 CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...)
+	{DLA-1707-1}
 	- symfony 3.4.20+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
 CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before ...)
+	{DLA-1707-1}
 	- symfony 3.4.20+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
 CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user ...)
@@ -36566,6 +36569,7 @@ CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2
 	[jessie] - symfony <not-affected> (Vulnerable code not present, introduced later in commit 4c8a25a6e2)
 	NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
 CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through ...)
+	{DLA-1707-1}
 	- symfony 3.4.14+dfsg-1
 	[stretch] - symfony <no-dsa> (Minor issue)
 	NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
@@ -45673,6 +45677,7 @@ CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the
 CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending ...)
 	NOT-FOR-US: Splunk
 CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x ...)
+	{DLA-1707-1}
 	- symfony 3.4.12+dfsg-1
 	[stretch] - symfony <not-affected> (Incomplete fix for CVE-2017-16652 wasn't backported)
 	NOTE: https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
@@ -45732,7 +45737,7 @@ CVE-2018-11386 (An issue was discovered in the HttpFoundation component in Symfo
 	[jessie] - symfony <not-affected> (vulnerable code no present, no rollback mechanism in this version)
 	NOTE: https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
 CVE-2018-11385 (An issue was discovered in the Security component in Symfony 2.7.x ...)
-	{DSA-4262-1}
+	{DSA-4262-1 DLA-1707-1}
 	- symfony 3.4.12+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
 CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...)
@@ -80112,7 +80117,7 @@ CVE-2017-16656
 CVE-2017-16655
 	RESERVED
 CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...)
-	{DSA-4262-1}
+	{DSA-4262-1 DLA-1707-1}
 	- symfony 3.4.0+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
 	NOTE: https://github.com/symfony/symfony/pull/24994
@@ -80123,7 +80128,7 @@ CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14
 	NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
 	NOTE: https://github.com/symfony/symfony/pull/24992
 CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...)
-	{DSA-4262-1}
+	{DSA-4262-1 DLA-1707-1}
 	- symfony 3.4.0+dfsg-1
 	NOTE: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
 	NOTE: https://github.com/symfony/symfony/pull/24995



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10437f6c996561e2df9fd75e4b1e8e829bb6ebe4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/10437f6c996561e2df9fd75e4b1e8e829bb6ebe4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190310/dd27e120/attachment.html>

More information about the debian-security-tracker-commits mailing list