[Git][security-tracker-team/security-tracker][master] zoneminder fixed in sid, and unimportant in general
Moritz Muehlenhoff
jmm at debian.org
Sun Dec 13 18:36:11 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e710c39 by Moritz Muehlenhoff at 2020-12-13T19:35:40+01:00
zoneminder fixed in sid, and unimportant in general
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -114081,89 +114081,142 @@ CVE-2019-7353 (An Incorrect Access Control issue was discovered in GitLab Commun
- gitlab <not-affected> (Only affects 11.7)
NOTE: https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2475
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/effd609ff736e7853e9d39eed81ed029b9525159
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7351 (Log Injection exists in ZoneMinder through 1.32.3, as an attacker can ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2466
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attacker c ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2471
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- zoneminder <unfixed> (bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2465
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/cef54feaf9bf1374f0404bf525cdd322300882b5
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7348 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2467
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/9ce05a9a09de47868398a09e6c5259645b9ee73e
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7347 (A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMind ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2476
+ NOTE: https://github.com/ZoneMinder/zoneminder/pull/2487
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7346 (A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a C ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2469
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/dbc1c7b72f8cab5094a4a498a66ca2c0d3f29872
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7345 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2468
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/6af2c4ad0e288fae5702e96391657d173bba2297
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7344 (Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacke ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2455
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/70e59ed546474bf18b9af2040d0ed732dce835bc
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7343 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2464
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/9705edfe24ca429fb8c7c6cac9ef947e8410219a
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7342 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2461
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/dd37808ef790a77100845c2c3c3bb28d9038950f
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7341 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2463
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/ef0e5f453a4e60a5bdd6bc347e517a87182b6cad
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7340 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2462
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/bb75dad091bfa35af49467fede06adb972ed0545
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7339 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2460
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/c9d597dced27f7a826bac1c6fccd1003d8643064
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7338 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2454
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/7b0ee8a6a22576b66c341ee6f09668852769cbb6
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7337 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2456
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/fcbc22b6a27b2375327327c3d75995fe6a3cafd9
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7336 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2457
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/d7ede4643df3efd21d3cb8a758cfabf244f38b16
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7335 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2453
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/255806bd549392114af4306422cd23445e843259
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7334 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2443
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/02f09aad7f4ff50f1dd113c964f10d8e675da916
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7333 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2441
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/0b38e72f882aea7006dac01d3348f2465bcc8c09
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7332 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2442
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/61f6a92cc050f3db831f04c3c19f8f2d52cbe08e
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2451
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- zoneminder <unfixed> (bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2446
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/a97711de89d808edcec1b422b5c97645dbd9f501
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7328 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2449
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7327 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2447
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7326 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2452
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/fa6716a64b7481677b0d8d73d460200e60429410
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2450
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/99f1e23c5b115b46265ab78d57fd6548490c6802
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...)
- kanboard <itp> (bug #790814)
CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e710c396a55b2362554a461743766caea5a10b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e710c396a55b2362554a461743766caea5a10b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201213/3b3c459f/attachment.html>
More information about the debian-security-tracker-commits
mailing list