[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 27 Jan 2020 00:11:29 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
52d07022 by security tracker role at 2020-01-27T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in 
virglrenderer throu ...)
+       TODO: check
+CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer 
throug ...)
+       TODO: check
+CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a 
hardcoded pass ...)
+       TODO: check
+CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 
for the  ...)
+       TODO: check
+CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded 
values ...)
+       TODO: check
+CVE-2020-7998
+       RESERVED
+CVE-2020-7997
+       RESERVED
+CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS 
via th ...)
+       TODO: check
+CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 
10.0.6 allow ...)
+       TODO: check
+CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 
10.0.6 ...)
+       TODO: check
+CVE-2020-7993
+       RESERVED
+CVE-2020-7992
+       RESERVED
+CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the 
Administrato ...)
+       TODO: check
+CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
+       TODO: check
+CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
+       TODO: check
+CVE-2020-7988
+       RESERVED
+CVE-2020-7987
+       RESERVED
+CVE-2020-7986
+       RESERVED
+CVE-2020-7985
+       RESERVED
+CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 
HF2 allow ...)
+       TODO: check
+CVE-2020-7983
+       RESERVED
+CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an 
out-of- ...)
+       TODO: check
+CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has 
an osd_ ...)
+       TODO: check
+CVE-2019-20430 (In the Lustre file system before 2.12.3, the mdt module has an 
LBUG pa ...)
+       TODO: check
+CVE-2019-20429 (In the Lustre file system before 2.12.3, the ptlrpc module has 
an out- ...)
+       TODO: check
+CVE-2019-20428 (In the Lustre file system before 2.12.3, the ptlrpc module has 
an out- ...)
+       TODO: check
+CVE-2019-20427 (In the Lustre file system before 2.12.3, the ptlrpc module has 
a buffe ...)
+       TODO: check
+CVE-2019-20426 (In the Lustre file system before 2.12.3, the ptlrpc module has 
an out- ...)
+       TODO: check
+CVE-2019-20425 (In the Lustre file system before 2.12.3, the ptlrpc module has 
an out- ...)
+       TODO: check
+CVE-2019-20424 (In the Lustre file system before 2.12.3, mdt_object_remote in 
the mdt  ...)
+       TODO: check
+CVE-2019-20423 (In the Lustre file system before 2.12.3, the ptlrpc module has 
a buffe ...)
+       TODO: check
+CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in 
net/ipv6/ip6_fib ...)
+       TODO: check
+CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, 
an input  ...)
+       TODO: check
 CVE-2020-7982
        RESERVED
 CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL 
injection whe ...)
@@ -2037,6 +2103,7 @@ CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 
relies on the /tmp/stor
        NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
        NOTE: SuSE provided patch: 
https://www.openwall.com/lists/oss-security/2020/01/20/3/1
 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, 
misman ...)
+       {DLA-2076-1}
        - libslirp 4.1.0-2 (bug #949084)
        - qemu 1:4.1-2
        [buster] - qemu <postponed> (Minor issue)
@@ -15322,12 +15389,14 @@ CVE-2020-1769
 CVE-2020-1768
        RESERVED
 CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then 
Agent  ...)
+       {DLA-2079-1}
        - otrs2 6.0.25-1
        [buster] - otrs2 <no-dsa> (Non-free not supported)
        [stretch] - otrs2 <no-dsa> (Non-free not supported)
        NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
        NOTE: 
https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in 
very unl ...)
+       {DLA-2079-1}
        - otrs2 6.0.25-1
        [buster] - otrs2 <no-dsa> (Non-free not supported)
        [stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -15335,6 +15404,7 @@ CVE-2020-1766 (Due to improper handling of uploaded 
images it is possible in ver
        NOTE: 
https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 
(OTRS6)
        NOTE: 
https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a 
(OTRS5)
 CVE-2020-1765 (An improper control of parameters allows the spoofing of the 
from fiel ...)
+       {DLA-2079-1}
        - otrs2 6.0.25-1
        [buster] - otrs2 <no-dsa> (Non-free not supported)
        [stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -23239,6 +23309,7 @@ CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer 
class that is vulnerable
        NOTE: should upgrade to Log4j 2.x.
        NOTE: Fixed by 
https://src.fedoraproject.org/rpms/log4j12/c/d4c817c458d69dcc629a7271999d178b0dcb7c74?branch=master
 CVE-2019-17570 (An untrusted deserialization was found in the 
org.apache.xmlrpc.parser ...)
+       {DLA-2078-1}
        - libxmlrpc3-java <unfixed> (bug #949089)
        NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
        NOTE: Proposed patch: 
https://bugzilla.redhat.com/show_bug.cgi?id=1775193
@@ -23256,7 +23327,7 @@ CVE-2019-17565
 CVE-2019-17564
        RESERVED
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 
9.0.29,  ...)
-       {DSA-4596-1}
+       {DSA-4596-1 DLA-2077-1}
        - tomcat9 <unfixed>
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -39672,7 +39743,7 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a 
message can be crafted in
 CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the 
components that ...)
        NOT-FOR-US: Apache CFX
 CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 
and 7.0. ...)
-       {DSA-4596-1}
+       {DSA-4596-1 DLA-2077-1}
        - tomcat9 <unfixed>
        - tomcat8 <removed>
        - tomcat7 <removed>
@@ -216746,6 +216817,7 @@ CVE-2015-6739
 CVE-2015-6738
        RESERVED
 CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. 
...)
+       {DLA-2075-1}
        - jsoup 1.8.3-1 (bug #797275)
        [wheezy] - jsoup <no-dsa> (Minor issue)
        NOTE: https://github.com/jhy/jsoup/pull/582



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d0702218d4186f541a6eb17bbd94c9f5be8613

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d0702218d4186f541a6eb17bbd94c9f5be8613
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to