[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Oct 26 09:10:31 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
49e27066 by security tracker role at 2019-10-26T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2019-18465
+	RESERVED
+CVE-2019-18464
+	RESERVED
+CVE-2019-18463
+	RESERVED
+CVE-2019-18462
+	RESERVED
+CVE-2019-18461
+	RESERVED
+CVE-2019-18460
+	RESERVED
+CVE-2019-18459
+	RESERVED
+CVE-2019-18458
+	RESERVED
+CVE-2019-18457
+	RESERVED
+CVE-2019-18456
+	RESERVED
+CVE-2019-18455
+	RESERVED
+CVE-2019-18454
+	RESERVED
+CVE-2019-18453
+	RESERVED
+CVE-2019-18452
+	RESERVED
+CVE-2019-18451
+	RESERVED
+CVE-2019-18450
+	RESERVED
+CVE-2019-18449
+	RESERVED
+CVE-2019-18448
+	RESERVED
+CVE-2019-18447
+	RESERVED
+CVE-2019-18446
+	RESERVED
 CVE-2019-18445
 	RESERVED
 CVE-2019-18444
@@ -473,14 +513,14 @@ CVE-2019-18223
 	RESERVED
 CVE-2019-18222
 	RESERVED
-CVE-2019-18221
-	RESERVED
+CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...)
+	TODO: check
 CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...)
 	NOT-FOR-US: Sitemagic CMS
 CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
 	NOT-FOR-US: Sitemagic CMS
 CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
-	{DLA-1969-1}
+	{DSA-4550-1 DLA-1969-1}
 	- file 1:5.37-6 (bug #942830)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
 	NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 
@@ -2771,6 +2811,7 @@ CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using use
 	NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
 	NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
 CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...)
+	{DSA-4551-1}
 	- golang-1.13 1.13.3-1 (bug #942628)
 	- golang-1.12 1.12.12-1 (bug #942629)
 	- golang-1.11 <removed>
@@ -115078,8 +115119,8 @@ CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME eleme
 	NOT-FOR-US: UEditor
 CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL inje ...)
 	NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices
-CVE-2017-14742
-	RESERVED
+CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...)
+	TODO: check
 CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
 	{DLA-1785-1 DLA-1131-1}
 	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49e27066acdb71dd250a2a955ab0d84e199cdf21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/49e27066acdb71dd250a2a955ab0d84e199cdf21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191026/48b1a70b/attachment.html>


More information about the debian-security-tracker-commits mailing list