[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Mar 25 08:10:25 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f803d02c by security tracker role at 2019-03-25T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field  ...)
+	TODO: check
+CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10025 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10024 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10023 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10022 (An issue was discovered in Xpdf 4.01.01. There is a NULL pointer deref ...)
+	TODO: check
+CVE-2019-10021 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+	TODO: check
+CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, ...)
+	TODO: check
+CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words ...)
+	TODO: check
+CVE-2019-10015 (baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitra ...)
+	TODO: check
+CVE-2019-10014 (In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticate ...)
+	TODO: check
 CVE-2019-9999
 	RESERVED
 CVE-2019-9998
@@ -63823,7 +63851,7 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe
 CVE-2018-5765
 	RESERVED
 CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
-	{DLA-1247-1}
+	{DLA-1725-1 DLA-1247-1}
 	- rsync 3.1.2-2.2 (bug #887588)
 	[stretch] - rsync <no-dsa> (Minor issue)
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
@@ -124263,6 +124291,7 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulat
 	- qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
 CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...)
+	{DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-3 (bug #847275)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
@@ -124271,6 +124300,7 @@ CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow conte
 	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...)
+	{DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-3 (bug #847274)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
@@ -124279,6 +124309,7 @@ CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow c
 	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...)
+	{DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-4 (bug #847270)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)
@@ -124287,6 +124318,7 @@ CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers t
 	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
 	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
 CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...)
+	{DLA-1725-1}
 	- zlib 1:1.2.8.dfsg-3 (bug #847270)
 	[jessie] - zlib <no-dsa> (Minor issue)
 	[wheezy] - zlib <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f803d02cdf64199e80c153aa2120b456286fcb47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f803d02cdf64199e80c153aa2120b456286fcb47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190325/855e6d0a/attachment.html>

More information about the debian-security-tracker-commits mailing list