[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 22 20:10:37 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64008dba by security tracker role at 2019-11-22T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests wit ...)
+ TODO: check
+CVE-2019-19239
+ RESERVED
+CVE-2019-19238
+ RESERVED
+CVE-2019-19237
+ RESERVED
+CVE-2019-19236
+ RESERVED
+CVE-2019-19235
+ RESERVED
+CVE-2019-19234
+ RESERVED
+CVE-2019-19233
+ RESERVED
+CVE-2019-19232
+ RESERVED
+CVE-2019-19231
+ RESERVED
+CVE-2019-19230
+ RESERVED
+CVE-2019-19229
+ RESERVED
+CVE-2019-19228
+ RESERVED
+CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a ...)
+ TODO: check
CVE-2019-19226
RESERVED
CVE-2019-19225
@@ -476,8 +504,8 @@ CVE-2019-19015
RESERVED
CVE-2019-19014
RESERVED
-CVE-2019-19013
- RESERVED
+CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...)
+ TODO: check
CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
- libonig <unfixed> (bug #944959)
NOTE: https://github.com/kkos/oniguruma/issues/164
@@ -557,8 +585,8 @@ CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middlewa
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
CVE-2019-18977
RESERVED
-CVE-2019-18976
- RESERVED
+CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through ...)
+ TODO: check
CVE-2019-18975
RESERVED
CVE-2019-18974
@@ -1014,8 +1042,8 @@ CVE-2019-18792
RESERVED
CVE-2019-18791
RESERVED
-CVE-2019-18790
- RESERVED
+CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
+ TODO: check
CVE-2019-18789
RESERVED
CVE-2019-18788
@@ -3586,8 +3614,8 @@ CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.3
NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34 for Me ...)
NOT-FOR-US: CheckUser MediaWiki extension
-CVE-2019-18610
- RESERVED
+CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
+ TODO: check
CVE-2019-18609
RESERVED
CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information modification bec ...)
@@ -7517,10 +7545,10 @@ CVE-2019-17448
RESERVED
CVE-2019-17447
RESERVED
-CVE-2019-17446
- RESERVED
-CVE-2019-17445
- RESERVED
+CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26. The agen ...)
+ TODO: check
+CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Ag ...)
+ TODO: check
CVE-2019-17444
RESERVED
CVE-2019-17443
@@ -9197,8 +9225,8 @@ CVE-2019-16765
RESERVED
CVE-2019-16764
RESERVED
-CVE-2019-16763
- RESERVED
+CVE-2019-16763 (In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data ...)
+ TODO: check
CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
NOT-FOR-US: SLP
CVE-2019-16761 (A specially crafted Bitcoin script can cause a discrepancy between the ...)
@@ -12307,8 +12335,8 @@ CVE-2019-15654
RESERVED
CVE-2019-15653
RESERVED
-CVE-2019-15652
- RESERVED
+CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...)
+ TODO: check
CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
- wolfssl 4.1.0+dfsg-2
NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
@@ -16659,7 +16687,7 @@ CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an inpu
{DLA-1907-1}
- libav <removed>
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1159
-CVE-2019-14441 (An issue was discovered in Libav 12.3. An access violation allows remo ...)
+CVE-2019-14441 (** DISPUTED ** An issue was discovered in Libav 12.3. An access violat ...)
- libav <removed>
[jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent info upstream)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0
@@ -29123,8 +29151,7 @@ CVE-2019-14856 [Incomplete fix for CVE-2019-10206]
- ansible <not-affected> (Incomplete fix for CVE-2019-10206 not applied)
NOTE: https://github.com/ansible/ansible/pull/63351
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
-CVE-2019-10206 [disclosure data when prompted for password and template characters are passed]
- RESERVED
+CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
- ansible 2.8.6+dfsg-1 (bug #933005)
[buster] - ansible <no-dsa> (Minor issue)
[stretch] - ansible <no-dsa> (Minor issue)
@@ -29141,8 +29168,7 @@ CVE-2019-10205
NOT-FOR-US: Red Hat Quay
CVE-2019-10204
RESERVED
-CVE-2019-10203 [PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records]
- RESERVED
+CVE-2019-10203 (PowerDNS Authoritative daemon , all versions pdns 4.1.x before pdns 4. ...)
- pdns 4.2.0-1 (low)
[buster] - pdns <no-dsa> (Minor issue)
[stretch] - pdns <no-dsa> (Minor issue)
@@ -32114,8 +32140,8 @@ CVE-2019-9538
RESERVED
CVE-2019-9537
RESERVED
-CVE-2019-9536
- RESERVED
+CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a non-NULL poin ...)
+ TODO: check
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
NOT-FOR-US: iTerm2
CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not validate its ...)
@@ -44801,10 +44827,10 @@ CVE-2019-4572 (IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configura
NOT-FOR-US: IBM
CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
NOT-FOR-US: IBM
-CVE-2019-4570
- RESERVED
-CVE-2019-4569
- RESERVED
+CVE-2019-4570 (IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error me ...)
+ TODO: check
+CVE-2019-4569 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cr ...)
+ TODO: check
CVE-2019-4568
RESERVED
CVE-2019-4567
@@ -45455,8 +45481,8 @@ CVE-2019-4245
RESERVED
CVE-2019-4244
RESERVED
-CVE-2019-4243
- RESERVED
+CVE-2019-4243 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized discl ...)
+ TODO: check
CVE-2019-4242
RESERVED
CVE-2019-4241 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an auth ...)
@@ -45509,12 +45535,12 @@ CVE-2019-4218 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 all
NOT-FOR-US: IBM
CVE-2019-4217 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could al ...)
NOT-FOR-US: IBM
-CVE-2019-4216
- RESERVED
-CVE-2019-4215
- RESERVED
-CVE-2019-4214
- RESERVED
+CVE-2019-4216 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible ...)
+ TODO: check
+CVE-2019-4215 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote atta ...)
+ TODO: check
+CVE-2019-4214 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure a ...)
+ TODO: check
CVE-2019-4213
RESERVED
CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forger ...)
@@ -47519,10 +47545,10 @@ CVE-2019-3430
RESERVED
CVE-2019-3429
RESERVED
-CVE-2019-3428
- RESERVED
-CVE-2019-3427
- RESERVED
+CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
+ TODO: check
+CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
+ TODO: check
CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
NOT-FOR-US: ZTE
CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
@@ -59128,7 +59154,7 @@ CVE-2018-19134 (In Artifex Ghostscript through 9.25, the setpattern operator did
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26)
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...)
NOT-FOR-US: Flarum Core
-CVE-2018-19130 (In Libav 12.3, there is an invalid memory access in vc1_decode_frame i ...)
+CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...)
- libav <removed>
[jessie] - libav <ignored> (cf. CVE-2017-17127)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
@@ -81314,8 +81340,7 @@ CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor
[jessie] - ansible <not-affected> (vulnerable code not present)
NOTE: https://github.com/ansible/ansible/pull/41414
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855
-CVE-2018-10854
- RESERVED
+CVE-2018-10854 (cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable t ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before 4.18 em ...)
{DLA-1423-1 DLA-1422-1}
@@ -196848,8 +196873,7 @@ CVE-2015-7830 (The pcapng_read_if_descr_block function in wiretap/pcapng.c in th
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-30.html
CVE-2015-7811
RESERVED
-CVE-2015-7810
- RESERVED
+CVE-2015-7810 (libbluray MountManager class has a time-of-check time-of-use (TOCTOU) ...)
- libbluray 1:0.9.1-1 (low)
[jessie] - libbluray <no-dsa> (Minor issue, too intrusive to backport)
[wheezy] - libbluray <no-dsa> (Minor issue)
@@ -202577,8 +202601,7 @@ CVE-2015-5695 (Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kil
[experimental] - designate 1:1.0.0~b2-1
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate 2014.1-18+deb8u1
-CVE-2015-5694 [does not enforce the DNS protocol limit concerning record set sizes]
- RESERVED
+CVE-2015-5694 (Designate does not enforce the DNS protocol limit concerning record se ...)
[experimental] - designate 1:1.0.0~b2-1
- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
@@ -214200,8 +214223,7 @@ CVE-2015-1781 (Buffer overflow in the gethostbyname_r and other unspecified NSS
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18287
NOTE: Upstream commit: https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386
-CVE-2015-1780
- RESERVED
+CVE-2015-1780 (oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a st ...)
NOT-FOR-US: oVirt Engine backend
CVE-2015-1779 (The VNC websocket frame decoder in QEMU allows remote attackers to cau ...)
{DSA-3259-1}
@@ -228677,12 +228699,10 @@ CVE-2014-XXXX [install-sh: insecure use of /tmp]
NOTE: Neutralised by kernel hardening
CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.5029 ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl]
- RESERVED
+CVE-2014-6311 (generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file ...)
- ace 6.2.7+dfsg-2 (unimportant; bug #760709)
NOTE: Not installed into the binary packages
-CVE-2014-6310
- RESERVED
+CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attacker ...)
- chicken <not-affected> (Affects only CHICKEN Scheme on the Android platform)
CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...)
- squid <removed> (unimportant)
@@ -235175,8 +235195,7 @@ CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c
- file 1:5.19-2
CVE-2014-3586 (The default configuration for the Command Line Interface in Red Hat En ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2014-3585
- RESERVED
+CVE-2014-3585 (redhat-upgrade-tool: Does not check GPG signatures when upgrading vers ...)
NOT-FOR-US: redhat-upgrade-tool
CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7. ...)
NOT-FOR-US: Apache CXF
@@ -239448,11 +239467,9 @@ CVE-2014-2236 (Multiple cross-site scripting (XSS) vulnerabilities in Askbot bef
- askbot <itp> (bug #687966)
CVE-2014-2235 (Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allow ...)
- askbot <itp> (bug #687966)
-CVE-2014-2214
- RESERVED
+CVE-2014-2214 (Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh ...)
NOT-FOR-US: POSH web app (different from src:posh)
-CVE-2014-2213
- RESERVED
+CVE-2014-2213 (Open redirect vulnerability in the password reset functionality in POS ...)
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2212 (The remember me feature in portal/scr_authentif.php in POSH (aka Posh ...)
NOT-FOR-US: POSH web app (different from src:posh)
@@ -242138,8 +242155,7 @@ CVE-2014-1240
RESERVED
CVE-2014-1239
RESERVED
-CVE-2014-1238
- RESERVED
+CVE-2014-1238 (Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialo ...)
NOT-FOR-US: Q-Pulse
CVE-2014-1237 (Cross-site scripting (XSS) vulnerability in synetics i-doit pro before ...)
NOT-FOR-US: i-doit
@@ -246032,14 +246048,11 @@ CVE-2013-6882 (Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto
NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6881 (CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows ...)
NOT-FOR-US: Ditto Forensic FieldStation
-CVE-2013-6880
- RESERVED
+CVE-2013-6880 (Open redirect in proxy.php in FlashCanvas before 1.6 allows remote att ...)
NOT-FOR-US: FlashCanvas
-CVE-2013-6879
- RESERVED
+CVE-2013-6879 (The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows ...)
NOT-FOR-US: MijoSearch
-CVE-2013-6878
- RESERVED
+CVE-2013-6878 (Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch co ...)
NOT-FOR-US: MijoSearch
CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 ...)
NOT-FOR-US: RealPlayer
@@ -246186,8 +246199,8 @@ CVE-2013-6813
RESERVED
CVE-2013-6812 (The ONEDC app before 1.7 for iOS does not properly verify X.509 certif ...)
NOT-FOR-US: ONEDC app
-CVE-2013-6811
- RESERVED
+CVE-2013-6811 (Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Li ...)
+ TODO: check
CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC Co ...)
NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before 4.50 allow ...)
@@ -247830,8 +247843,8 @@ CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite
NOT-FOR-US: Open-Xchange
CVE-2013-6240
RESERVED
-CVE-2013-6239
- RESERVED
+CVE-2013-6239 (Cross-site scripting (XSS) vulnerability in the photo gallery model in ...)
+ TODO: check
CVE-2013-6238
RESERVED
CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...)
@@ -247842,8 +247855,7 @@ CVE-2013-6236
CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...)
- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
NOTE: http://seclists.org/bugtraq/2014/Jan/92
-CVE-2013-6234
- RESERVED
+CVE-2013-6234 (Unrestricted file upload vulnerability in the Worksheet designer in Sp ...)
NOT-FOR-US: SpagoBI
CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
NOT-FOR-US: SpagoBI
@@ -264651,13 +264663,11 @@ CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful We
CVE-2013-0204 (settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote aut ...)
- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/
-CVE-2013-0203 [XSS vulnerabilities]
- RESERVED
+CVE-2013-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...)
- owncloud 4.0.8debian-1.4 (bug #698737)
[wheezy] - owncloud 4.0.4debian2-3.3
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
-CVE-2013-0202 [XSS vulnerabilities]
- RESERVED
+CVE-2013-0202 (Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, an ...)
- owncloud 4.0.8debian-1.4 (bug #698737)
[wheezy] - owncloud 4.0.4debian2-3.3
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
@@ -265587,16 +265597,13 @@ CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move func
[wheezy] - moin 1.9.4-8+deb7u1
- moin 1.9.5-4 (bug #696949)
NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
-CVE-2012-6079
- RESERVED
+CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...)
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
-CVE-2012-6078
- RESERVED
+CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...)
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
-CVE-2012-6077
- RESERVED
+CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...)
NOT-FOR-US: W3 Total Cache
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...)
@@ -273089,8 +273096,7 @@ CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Pupp
NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
NOTE: There's no code fix, but this should be addressed in stable with a NEWS file warning about this
NOTE: Fixed in 2.7.18 by updated docs
-CVE-2012-3407
- RESERVED
+CVE-2012-3407 (plow has local buffer overflow vulnerability ...)
NOT-FOR-US: plow
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
@@ -279428,8 +279434,7 @@ CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group member
- pastescript 1.7.5-2 (low; bug #661061)
[squeeze] - pastescript <no-dsa> (Minor issue)
NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
-CVE-2012-0877 [hash table collisions CPU usage DoS]
- RESERVED
+CVE-2012-0877 (PyXML: Hash table collisions CPU usage Denial of Service ...)
- python-xml <removed>
CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...)
{DSA-2525-1}
@@ -279628,8 +279633,7 @@ CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in Open
CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in /var/log ...)
- wicd 1.7.1~b3-4 (unimportant; bug #652417)
NOTE: Not a security issue per se, logfile only accessible by root:adm
-CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities]
- RESERVED
+CVE-2012-0812 (PostfixAdmin 2.3.4 has multiple XSS vulnerabilities ...)
- postfixadmin 2.3.5-1
NOTE: http://seclists.org/oss-sec/2012/q1/285
CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixad ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64008dba56191738ee44718d5382807824f0f5da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/64008dba56191738ee44718d5382807824f0f5da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191122/6b967100/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list