[Git][security-tracker-team/security-tracker][master] automatic update

Thu May 9 09:10:28 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59306100 by security tracker role at 2019-05-09T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to multiline  ...)
+	TODO: check
+CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a  ...)
+	TODO: check
+CVE-2019-11833
+	RESERVED
+CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
+	TODO: check
+CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...)
+	TODO: check
+CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...)
+	TODO: check
 CVE-2019-XXXX [Insecure deserialization on bundled third-party library "Phar Stream Wrapper" (SA-CORE-2019-007)]
 	- drupal7 <removed> (bug #928688)
 	NOTE: https://www.drupal.org/SA-CORE-2019-007
@@ -19,8 +31,8 @@ CVE-2019-11822
 	RESERVED
 CVE-2019-11821
 	RESERVED
-CVE-2019-11820
-	RESERVED
+CVE-2019-11820 (Information exposure through process environment vulnerability in Syno ...)
+	TODO: check
 CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...)
 	NOT-FOR-US: Alkacon OpenCMS
 CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross site sc ...)
@@ -11404,8 +11416,8 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit
 	[jessie] - kde4libs <no-dsa> (Minor issue)
 	NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
 	NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
-CVE-2019-7442
-	RESERVED
+CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...)
+	TODO: check
 CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
 	NOT-FOR-US: WooCommerce
 CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...)
@@ -42161,7 +42173,7 @@ CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6,
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11 ...)
+CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2. ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge  ...)
 	NOT-FOR-US: F5 BIG-IP



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/593061002b7acde5f32faff445c4a9751b40a4c8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/593061002b7acde5f32faff445c4a9751b40a4c8
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190509/4ee73666/attachment.html>
