[Git][security-tracker-team/security-tracker][master] various bugs filed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d529c07f by Moritz Muehlenhoff at 2019-03-11T22:03:01Z
various bugs filed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4756,7 +4756,7 @@ CVE-2019-7631
 CVE-2019-7630
 	RESERVED
 CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in ...)
-	- tintin++ <unfixed>
+	- tintin++ <unfixed> (bug #924348)
 	[stretch] - tintin++ <no-dsa> (Minor issue)
 	[jessie] - tintin++ <no-dsa> (Minor issue)
 CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail ...)
@@ -14607,7 +14607,7 @@ CVE-2018-20595 (A CSRF issue was discovered in ...)
 CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS ...)
 	NOT-FOR-US: hsweb
 CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...)
-	- mxml <unfixed>
+	- mxml <unfixed> (low; bug #924353)
 	[buster] - mxml <ignored> (Minor issue)
 	[stretch] - mxml <ignored> (Minor issue)
 	[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
@@ -14618,7 +14618,7 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overfl
 	NOTE: https://github.com/michaelrsweet/mxml/issues/237
 	NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
 CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...)
-	- mxml <unfixed>
+	- mxml <unfixed> (low; bug #924353)
 	[buster] - mxml <ignored> (Minor issue)
 	[stretch] - mxml <ignored> (Minor issue)
 	[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
@@ -32112,11 +32112,11 @@ CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF. ...)
 CVE-2018-16649
 	RESERVED
 CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c ...)
-	- mupdf <unfixed>
+	- mupdf <unfixed> (bug #924351)
 	[jessie] - mupdf <ignored> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699685
 CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in ...)
-	- mupdf <unfixed>
+	- mupdf <unfixed> (bug #924351)
 	[jessie] - mupdf <ignored> (Minor issue)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686
 CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause ...)
@@ -32870,7 +32870,7 @@ CVE-2018-16386
 CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity ...)
-	- modsecurity-crs <unfixed> (low)
+	- modsecurity-crs <unfixed> (low; bug #924352)
 	[buster] - modsecurity-crs <no-dsa> (Minor issue)
 	[stretch] - modsecurity-crs <no-dsa> (Minor issue)
 	[jessie] - modsecurity-crs <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d529c07fa3fde4adc00d64619c860181a552108b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d529c07fa3fde4adc00d64619c860181a552108b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190311/31062978/attachment.html>