[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1bf745aa by security tracker role at 2019-05-17T08:10:33Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-12151
+	RESERVED
+CVE-2019-12150
+	RESERVED
+CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...)
+	TODO: check
 CVE-2019-12149
 	RESERVED
 CVE-2019-12148
@@ -2877,33 +2883,28 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se
 	- matrixssl <removed>
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
 	NOTE: https://github.com/matrixssl/matrixssl/issues/26
-CVE-2019-10913
-	RESERVED
+CVE-2019-10913 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
 	{DSA-4441-1 DLA-1778-1}
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
-CVE-2019-10912
-	RESERVED
+CVE-2019-10912 (In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4. ...)
 	{DSA-4441-1}
 	- symfony 3.4.22+dfsg-2
 	[jessie] - symfony <not-affected> (vulnerable code is not present)
 	NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
-CVE-2019-10911
-	RESERVED
+CVE-2019-10911 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
 	{DSA-4441-1 DLA-1778-1}
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
 	NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
-CVE-2019-10910
-	RESERVED
+CVE-2019-10910 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
 	{DSA-4441-1 DLA-1778-1}
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
 	NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
-CVE-2019-10909
-	RESERVED
+CVE-2019-10909 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x  ...)
 	{DSA-4441-1 DLA-1778-1}
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
@@ -8713,10 +8714,10 @@ CVE-2019-8927
 	RESERVED
 CVE-2019-8926
 	RESERVED
-CVE-2019-8925
-	RESERVED
-CVE-2019-8924
-	RESERVED
+CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...)
+	TODO: check
+CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel ...)
+	TODO: check
 CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
 	NOT-FOR-US: XAMPP
 CVE-2019-8922
@@ -64978,8 +64979,8 @@ CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php in
 	NOT-FOR-US: osTicket
 CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic  ...)
 	NOT-FOR-US: osTicket
-CVE-2018-7191
-	RESERVED
+CVE-2018-7191 (In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid ...)
+	TODO: check
 CVE-2018-7190
 	RESERVED
 CVE-2018-7189



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf745aaea1043ab346d5e58074b1ba9b4184714

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bf745aaea1043ab346d5e58074b1ba9b4184714
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190517/272ddd2b/attachment.html>