[Git][security-tracker-team/security-tracker][master] three laraval issues n/a

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 12 09:30:42 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fd6ff80 by Moritz Muehlenhoff at 2022-07-12T10:27:07+02:00
three laraval issues n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -225400,7 +225400,8 @@ CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xi
 CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
 	NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
-	- php-laravel-framework <undetermined>
+	- php-laravel-framework <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-174529
 CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
 	NOT-FOR-US: DomainMOD
 CVE-2019-9079
@@ -286404,7 +286405,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
 CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
 	NOT-FOR-US: Buck parser-cache
 CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php  ...)
-	- php-laravel-framework <undetermined>
+	- php-laravel-framework <not-affected> (Fixed before initial upload to archive)
 CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
 	NOT-FOR-US: Unitrends Backup
 CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
@@ -305407,7 +305408,8 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass
 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
 	NOT-FOR-US: Arq
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
-	- php-laravel-framework <undetermined>
+	- php-laravel-framework <not-affected> (Fixed before initial upload to archive)
+	NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-72070
 CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
 	- piwigo <removed>
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fd6ff80035d0332fd884bcbae94ae6c7cc651e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fd6ff80035d0332fd884bcbae94ae6c7cc651e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220712/f6b7e1d5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list