[Git][security-tracker-team/security-tracker][master] Reassociate some older NFUs with the php-laravel-framework source package
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 15 21:31:23 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3c12a26 by Salvatore Bonaccorso at 2021-12-15T22:30:45+01:00
Reassociate some older NFUs with the php-laravel-framework source package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -84827,9 +84827,11 @@ CVE-2020-24943
CVE-2020-24942
RESERVED
CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://blog.laravel.com/security-release-laravel-61835-7240
CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://blog.laravel.com/security-release-laravel-61834-7232
CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to ...)
NOT-FOR-US: Stampit supermixer
CVE-2020-24938
@@ -179766,7 +179768,7 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xi
CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
- NOT-FOR-US: Laravel Framework
+ - php-laravel-framework <undetermined>
CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
NOT-FOR-US: DomainMOD
CVE-2019-9079
@@ -216254,7 +216256,7 @@ CVE-2018-15135
CVE-2018-15134
RESERVED
CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...)
- php7.2 <not-affected> (Windows-specific)
- php7.1 <not-affected> (Windows-specific)
@@ -240763,7 +240765,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...)
- NOT-FOR-US: Laravel Framework
+ - php-laravel-framework <undetermined>
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
@@ -259776,7 +259778,7 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass
CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
NOT-FOR-US: Arq
CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
- NOT-FOR-US: Laravel framework
+ - php-laravel-framework <undetermined>
CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
- piwigo <removed>
CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)
@@ -266607,7 +266609,8 @@ CVE-2017-14777
CVE-2017-14776
REJECTED
CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/laravel/framework/pull/21320
CVE-2017-14774
RESERVED
CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...)
@@ -283069,7 +283072,7 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulati
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77
CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...)
NOT-FOR-US: RealPlayer
CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c12a26236ba1f0aad9599570f42d83d893a8b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c12a26236ba1f0aad9599570f42d83d893a8b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211215/c23c3b73/attachment.htm>
More information about the debian-security-tracker-commits
mailing list