[Git][security-tracker-team/security-tracker][master] Reassociate some older NFUs with the php-laravel-framework source package

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 15 21:31:23 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3c12a26 by Salvatore Bonaccorso at 2021-12-15T22:30:45+01:00
Reassociate some older NFUs with the php-laravel-framework source package

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -84827,9 +84827,11 @@ CVE-2020-24943
 CVE-2020-24942
 	RESERVED
 CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://blog.laravel.com/security-release-laravel-61835-7240
 CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://blog.laravel.com/security-release-laravel-61834-7232
 CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to  ...)
 	NOT-FOR-US: Stampit supermixer
 CVE-2020-24938
@@ -179766,7 +179768,7 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xi
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
-	NOT-FOR-US: Laravel Framework
+	- php-laravel-framework <undetermined>
 CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
 	NOT-FOR-US: DomainMOD
 CVE-2019-9079
@@ -216254,7 +216256,7 @@ CVE-2018-15135
 CVE-2018-15134
 	RESERVED
 CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
 CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...)
 	- php7.2 <not-affected> (Windows-specific)
 	- php7.1 <not-affected> (Windows-specific)
@@ -240763,7 +240765,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
 CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
 	NOT-FOR-US: Buck parser-cache
 CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php  ...)
-	NOT-FOR-US: Laravel Framework
+	- php-laravel-framework <undetermined>
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
 	NOT-FOR-US: Unitrends Backup
 CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
@@ -259776,7 +259778,7 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass
 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
 	NOT-FOR-US: Arq
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
-	NOT-FOR-US: Laravel framework
+	- php-laravel-framework <undetermined>
 CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
 	- piwigo <removed>
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)
@@ -266607,7 +266609,8 @@ CVE-2017-14777
 CVE-2017-14776
 	REJECTED
 CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/laravel/framework/pull/21320
 CVE-2017-14774
 	RESERVED
 CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...)
@@ -283069,7 +283072,7 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulati
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77
 CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...)
 	NOT-FOR-US: RealPlayer
 CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c12a26236ba1f0aad9599570f42d83d893a8b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c12a26236ba1f0aad9599570f42d83d893a8b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211215/c23c3b73/attachment.htm>

More information about the debian-security-tracker-commits mailing list