[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 31 21:10:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f912933a by security tracker role at 2019-03-31T20:10:19Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,26 @@
-CVE-2019-10672
+CVE-2019-10675 (** DISPUTED ** WordPress 5.1.1 allows remote authenticated authors to ...)
+ TODO: check
+CVE-2019-10674
+ RESERVED
+CVE-2019-10673
+ RESERVED
+CVE-2019-10671
+ RESERVED
+CVE-2019-10670
+ RESERVED
+CVE-2019-10669
+ RESERVED
+CVE-2019-10668
+ RESERVED
+CVE-2019-10667
+ RESERVED
+CVE-2019-10666
+ RESERVED
+CVE-2019-10665
+ RESERVED
+CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx parameter in ...)
+ TODO: check
+CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not properly vali ...)
- libmysofa <unfixed> (bug #926125)
NOTE: https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1
CVE-2019-10663 (Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticate ...)
@@ -2681,6 +2703,7 @@ CVE-2019-9780
CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of b ...)
NOT-FOR-US: Highcharts JS
CVE-2019-9787 (WordPress before 5.1.1 does not properly filter comment content, leadi ...)
+ {DLA-1742-1}
- wordpress 5.1.1+dfsg1-1 (bug #924546)
NOTE: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
@@ -3076,35 +3099,35 @@ CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary functional
- golang-1.11 <not-affected> (Only affects Go on Windows)
- golang-1.10 <not-affected> (Only affects Go on Windows)
CVE-2019-9637 (An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630
CVE-2019-9641 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509
CVE-2019-9640 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540
CVE-2019-9639 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1 (unimportant)
- php7.0 <removed> (unimportant)
- php5 <removed> (unimportant)
NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659
CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...)
- {DSA-4403-1}
+ {DSA-4403-1 DLA-1741-1}
- php7.3 7.3.3-1
- php7.0 <removed>
- php5 <removed>
@@ -4688,7 +4711,7 @@ CVE-2019-9023 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26,
NOTE: https://github.com/php/php-src/commit/28362ed4fae6969b5a8878591a5a06eadf114e03 (7.1)
NOTE: https://github.com/php/php-src/commit/9d6c59eeea88a3e9d7039cb4fed5126ef704593a (7.1)
CVE-2019-9022 (An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...)
- {DSA-4398-1}
+ {DSA-4398-1 DLA-1741-1}
- php7.3 7.3.2-1
- php7.0 <removed>
- php5 <removed>
@@ -4918,7 +4941,7 @@ CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image().
- wordpress <unfixed> (bug #923583)
NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ...)
- {DSA-4401-1}
+ {DSA-4401-1 DLA-1742-1}
- wordpress 5.0.1+dfsg1-1
NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: Issue fixed in 4.9.9 and 5.0.1 upstream
@@ -12336,54 +12359,70 @@ CVE-2019-5804
- chromium <not-affected> (Windows-specific)
CVE-2019-5803
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5802
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5801
RESERVED
- chromium <not-affected> (iOS specific)
CVE-2019-5800
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5799
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5798
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5797
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5796
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5795
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5794
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5793
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5792
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5791
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5790
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5789
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5788
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5787
RESERVED
+ {DSA-4421-1}
- chromium 73.0.3683.75-1
CVE-2019-5786
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f912933aec4a9b024b75dc526dfce255bb3beb07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f912933aec4a9b024b75dc526dfce255bb3beb07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190331/949614ee/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list