[Git][security-tracker-team/security-tracker][master] automatic update

Thu May 2 09:10:28 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09b7fd3e by security tracker role at 2019-05-02T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,64 @@
-CVE-2019-11675 [Privilege escalation due to insecure use of logrotate]
+CVE-2019-11674
+	RESERVED
+CVE-2019-11673
+	RESERVED
+CVE-2019-11672
+	RESERVED
+CVE-2019-11671
+	RESERVED
+CVE-2019-11670
+	RESERVED
+CVE-2019-11669
+	RESERVED
+CVE-2019-11668
+	RESERVED
+CVE-2019-11667
+	RESERVED
+CVE-2019-11666
+	RESERVED
+CVE-2019-11665
+	RESERVED
+CVE-2019-11664
+	RESERVED
+CVE-2019-11663
+	RESERVED
+CVE-2019-11662
+	RESERVED
+CVE-2019-11661
+	RESERVED
+CVE-2019-11660
+	RESERVED
+CVE-2019-11659
+	RESERVED
+CVE-2019-11658
+	RESERVED
+CVE-2019-11657
+	RESERVED
+CVE-2019-11656
+	RESERVED
+CVE-2019-11655
+	RESERVED
+CVE-2019-11654
+	RESERVED
+CVE-2019-11653
+	RESERVED
+CVE-2019-11652
+	RESERVED
+CVE-2019-11651
+	RESERVED
+CVE-2019-11650
+	RESERVED
+CVE-2019-11649
+	RESERVED
+CVE-2019-11648
+	RESERVED
+CVE-2019-11647
+	RESERVED
+CVE-2019-11646
+	RESERVED
+CVE-2019-11645
+	RESERVED
+CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ...)
 	- groonga <unfixed> (bug #928304)
 CVE-2019-11644
 	RESERVED
@@ -31014,8 +31074,7 @@ CVE-2019-0228 (Apache PDFBox 2.0.14 does not properly initialize the XML parser,
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/12/1
 	NOTE: https://issues.apache.org/jira/browse/PDFBOX-4505
 	NOTE: Fixed by: https://svn.apache.org/r1856952 (2.0.15)
-CVE-2019-0227 [Hard coded domain name in example web service named StockQuoteService.jws leading to remote code execution]
-	RESERVED
+CVE-2019-0227 (A Server Side Request Forgery (SSRF) vulnerability affected the Apache ...)
 	- axis <unfixed> (unimportant)
 	NOTE: https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
 	NOTE: https://github.com/apache/axis1-java/commit/7043f1ab0397d1ae35f879f2bcc99be1e9b55644
@@ -60912,8 +60971,8 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
 	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
-CVE-2018-8035
-	RESERVED
+CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
+	TODO: check
 CVE-2018-8034 (The host name verification when using TLS with the WebSocket client wa ...)
 	{DSA-4281-1 DLA-1491-1 DLA-1453-1}
 	- tomcat9 <not-affected> (Fixed before initial upload to Debian)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09b7fd3e44467549b61810106b53c1ce26da22e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/09b7fd3e44467549b61810106b53c1ce26da22e4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190502/c7bb4909/attachment-0001.html>
