[Git][security-tracker-team/security-tracker][master] CVE-2019-16993/phpbb3 assigned for SECURITY-188 issue

Salvatore Bonaccorso carnil at debian.org
Mon Sep 30 21:14:53 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27105ded by Salvatore Bonaccorso at 2019-09-30T20:14:25Z
CVE-2019-16993/phpbb3 assigned for SECURITY-188 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,8 +110,6 @@ CVE-2019-16997 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/syst
 	TODO: check
 CVE-2019-16996 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/pro ...)
 	TODO: check
-CVE-2019-16993 (In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper v ...)
-	TODO: check
 CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...)
 	TODO: check
 CVE-2019-16995 (In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_final ...)
@@ -11534,10 +11532,11 @@ CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_suppli
 	NOTE: Patches: https://w1.fi/security/2019-6/
 CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...)
 	- phpbb3 <removed>
-	NOTE: SECURITY-246:
 	NOTE: https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
-	NOTE: more generally we've been missing SECURITY-188:
+CVE-2019-16993
+	- phpbb3 <removed>
 	NOTE: https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789
+	NOTE: https://www.phpbb.com/community/viewtopic.php?t=2352606
 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...)
 	NOT-FOR-US: D-Link
 CVE-2019-13374 (A cross-site scripting (XSS) vulnerability in resource view in PayActi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27105dedffc08c0d202b1b34b91186135e74d3e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27105dedffc08c0d202b1b34b91186135e74d3e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190930/b4c2ebd6/attachment.html>

More information about the debian-security-tracker-commits mailing list