[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 22 09:10:42 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
645e05e9 by security tracker role at 2019-10-22T08:10:25Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2667,8 +2667,8 @@ CVE-2019-17500
RESERVED
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
NOT-FOR-US: Compal CH7465LG devices
-CVE-2019-17498
- RESERVED
+CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
+ TODO: check
CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...)
- boa <removed>
CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...)
@@ -2971,8 +2971,8 @@ CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer ov
[buster] - liblnk <no-dsa> (Minor issue)
[stretch] - liblnk <no-dsa> (Minor issue)
NOTE: https://github.com/libyal/liblnk/issues/40
-CVE-2019-17400
- RESERVED
+CVE-2019-17400 (The unoconv package before 0.9 mishandles untrusted pathnames, leading ...)
+ TODO: check
CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...)
NOT-FOR-US: Shack Forms Pro extension for Joomla!
CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token informa ...)
@@ -3336,8 +3336,8 @@ CVE-2019-17222
RESERVED
CVE-2019-17221
RESERVED
-CVE-2019-17220
- RESERVED
+CVE-2019-17220 (Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. ...)
+ TODO: check
CVE-2019-17219 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
NOT-FOR-US: V-Zug Combi-Steam MSLQ devices
CVE-2019-17218 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...)
@@ -3882,22 +3882,22 @@ CVE-2019-16976
RESERVED
CVE-2019-16975
RESERVED
-CVE-2019-16974
- RESERVED
+CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...)
+ TODO: check
CVE-2019-16973
RESERVED
CVE-2019-16972
RESERVED
CVE-2019-16971
RESERVED
-CVE-2019-16970
- RESERVED
-CVE-2019-16969
- RESERVED
-CVE-2019-16968
- RESERVED
-CVE-2019-16967
- RESERVED
+CVE-2019-16970 (In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses ...)
+ TODO: check
+CVE-2019-16969 (In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php ...)
+ TODO: check
+CVE-2019-16968 (An issue was discovered in FusionPBX up to 4.5.7. In the file app\conf ...)
+ TODO: check
+CVE-2019-16967 (An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x befor ...)
+ TODO: check
CVE-2019-16966 (An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x ...)
NOT-FOR-US: FusionPBX
CVE-2019-16965 (resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command inje ...)
@@ -5333,8 +5333,8 @@ CVE-2019-16406
RESERVED
CVE-2019-16405
RESERVED
-CVE-2019-16404
- RESERVED
+CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...)
+ TODO: check
CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...)
NOT-FOR-US: Webkul Bagisto
CVE-2019-16402
@@ -8913,7 +8913,7 @@ CVE-2019-15168
CVE-2019-15167
RESERVED
CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 l ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
@@ -22831,7 +22831,7 @@ CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Travers
NOT-FOR-US: BlogEngine.NET
CVE-2019-10716 (An Information Disclosure issue in Verodin Director 3.5.3.1 and earlie ...)
NOT-FOR-US: Verodin Director
-CVE-2019-10715 (There is Stored XSS in Verodin Director before 3.5.4.0 via input field ...)
+CVE-2019-10715 (There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input ...)
NOT-FOR-US: Verodin Director
CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 ...)
- imagemagick <not-affected> (Vulnerable code introduced later)
@@ -44650,7 +44650,7 @@ CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement produ
CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
NOT-FOR-US: Oracle
CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44668,7 +44668,7 @@ CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44677,17 +44677,17 @@ CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
NOT-FOR-US: Oracle
CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
@@ -44698,14 +44698,14 @@ CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44714,7 +44714,7 @@ CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Or
CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44724,14 +44724,14 @@ CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component
CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
NOT-FOR-US: Oracle
CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44753,14 +44753,14 @@ CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
NOT-FOR-US: Oracle
CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44792,7 +44792,7 @@ CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources pr
CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44805,7 +44805,7 @@ CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -44922,7 +44922,7 @@ CVE-2019-2896 (Vulnerability in the MICROS Relate CRM Software product of Oracle
CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4546-1}
+ {DSA-4548-1 DSA-4546-1}
- openjdk-11 11.0.5+10-1
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
@@ -60870,11 +60870,11 @@ CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote a
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search b ...)
NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print- ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. ...)
@@ -61320,7 +61320,7 @@ CVE-2018-16301 (libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buf
NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855 (asked upstream for info)
NOTE: rpcapd not built in Debian.
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
@@ -61464,19 +61464,19 @@ CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFir
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows r ...)
NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office 400 ...)
@@ -64729,19 +64729,19 @@ CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.3
NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a buffer ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key content]
@@ -66055,43 +66055,43 @@ CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0 ...)
- libredwg <itp> (bug #595191)
CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print- ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
@@ -77911,13 +77911,13 @@ CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWA
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
NOT-FOR-US: D-Link
CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2 ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: "Fixed" by disabling SMB printing
CVE-2018-10104
RESERVED
CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2 ...)
- {DLA-1955-1}
+ {DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
NOTE: "Fixed" by disabling SMB printing
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/645e05e99093b59be4b8db31d1eac68ae39c641e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/645e05e99093b59be4b8db31d1eac68ae39c641e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/252a40aa/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list