[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 19 Feb 2020 00:11:05 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f753b805 by security tracker role at 2020-02-19T08:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-9285
+       RESERVED
+CVE-2020-9284
+       RESERVED
+CVE-2020-9283
+       RESERVED
+CVE-2020-9282
+       RESERVED
+CVE-2020-9281
+       RESERVED
+CVE-2020-9280
+       RESERVED
+CVE-2020-9279
+       RESERVED
+CVE-2020-9278
+       RESERVED
+CVE-2020-9277
+       RESERVED
+CVE-2020-9276
+       RESERVED
+CVE-2020-9275
+       RESERVED
+CVE-2020-9274
+       RESERVED
+CVE-2020-9273
+       RESERVED
+CVE-2020-9272
+       RESERVED
+CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote 
code exec ...)
+       TODO: check
+CVE-2019-20477 (PyYAML 5.1 through 5.1.2 has insufficient restrictions on the 
load and ...)
+       TODO: check
+CVE-2019-20476
+       RESERVED
+CVE-2019-20475
+       RESERVED
+CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x 
before 1 ...)
+       TODO: check
 CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user 
creation via s ...)
        NOT-FOR-US: ICE Hrm
 CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password 
reset via  ...)
@@ -589,7 +627,7 @@ CVE-2020-8999
        RESERVED
 CVE-2020-8998
        REJECTED
-CVE-2020-8997 (Abbott FreeStyle Libre 14-day before February 2020 and 
FreeStyle Libre ...)
+CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote 
attackers ...)
        NOT-FOR-US: Abbott FreeStyle Libre
 CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal 
to read  ...)
        NOT-FOR-US: AnyShare Cloud
@@ -1379,8 +1417,8 @@ CVE-2020-8635
        RESERVED
 CVE-2020-8634
        RESERVED
-CVE-2020-8633
-       RESERVED
+CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) 
before 8.8 ...)
+       TODO: check
 CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in 
cloudinit/config/cc_ ...)
        - cloud-init 19.4-2 (bug #951363)
        [buster] - cloud-init <no-dsa> (Minor issue)
@@ -3327,8 +3365,8 @@ CVE-2020-7798
        RESERVED
 CVE-2020-7797
        RESERVED
-CVE-2020-7796
-       RESERVED
+CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows 
SSRF whe ...)
+       TODO: check
 CVE-2020-7795
        RESERVED
 CVE-2020-7794
@@ -3994,6 +4032,7 @@ CVE-2019-20387 (repodata_schema2id in repodata.c in 
libsolv before 0.7.6 has a h
        [stretch] - libsolv 0.6.24-1+deb9u2
        NOTE: 
https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da
 (0.7.6)
 CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 
3.0.3 al ...)
+       {DSA-4629-1}
        - python-django 2:2.2.10-1 (bug #950581)
        [jessie] - python-django <not-affected> (Vulnerable code introduced in 
Django ~1.9)
        NOTE: 
https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
@@ -4878,7 +4917,7 @@ CVE-2020-7062
 CVE-2020-7061
        RESERVED
 CVE-2020-7060 (When using certain mbstring functions to convert multibyte 
encodings,  ...)
-       {DSA-4626-1}
+       {DSA-4628-1 DSA-4626-1}
        - php7.4 7.4.2-7
        - php7.3 <unfixed>
        - php7.0 <removed>
@@ -4886,7 +4925,7 @@ CVE-2020-7060 (When using certain mbstring functions to 
convert multibyte encodi
        NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
        NOTE: PHP Bug: http://bugs.php.net/79037
 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, 
in PHP  ...)
-       {DSA-4626-1}
+       {DSA-4628-1 DSA-4626-1}
        - php7.4 7.4.2-7
        - php7.3 <unfixed>
        - php7.0 <removed>
@@ -47043,7 +47082,7 @@ CVE-2019-11052
 CVE-2019-11051
        RESERVED
 CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an 
image, e.g ...)
-       {DSA-4626-1 DLA-2050-1}
+       {DSA-4628-1 DSA-4626-1 DLA-2050-1}
        - php7.3 <unfixed>
        - php7.0 <removed>
        - php5 <removed>
@@ -47058,14 +47097,14 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 
and 7.4.0 on Windows, when su
 CVE-2019-11048
        RESERVED
 CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an 
image, e.g ...)
-       {DSA-4626-1 DLA-2050-1}
+       {DSA-4628-1 DSA-4626-1 DLA-2050-1}
        - php7.3 <unfixed>
        - php7.0 <removed>
        - php5 <removed>
        NOTE: Fixed in PHP 7.4.1, 7.3.13
        NOTE: PHP Bug: http://bugs.php.net/78910
 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 
7.4.0, PHP  ...)
-       {DSA-4626-1 DLA-2050-1}
+       {DSA-4628-1 DSA-4626-1 DLA-2050-1}
        - php7.3 <unfixed>
        - php7.0 <removed>
        - php5 <removed>
@@ -47073,7 +47112,7 @@ CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 
7.3.x below 7.3.13 and 7.4.0
        NOTE: PHP Bug: http://bugs.php.net/78878
        NOTE: 
http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 
7.4.0, PHP  ...)
-       {DSA-4626-1 DLA-2050-1}
+       {DSA-4628-1 DSA-4626-1 DLA-2050-1}
        - php7.3 <unfixed>
        - php7.0 <removed>
        - php5 <removed>
@@ -84978,8 +85017,8 @@ CVE-2018-16996
        RESERVED
 CVE-2018-16995
        RESERVED
-CVE-2018-16994
-       RESERVED
+CVE-2018-16994 (An issue was discovered on PHOENIX CONTACT AXL F BK PN 
&lt;=1.0.4, AXL ...)
+       TODO: check
 CVE-2018-16993
        RESERVED
 CVE-2018-16992
@@ -238187,8 +238226,8 @@ CVE-2015-0751 (Cisco IP Phone 7861, when firmware 
from Cisco Unified Communicati
        NOT-FOR-US: Cisco
 CVE-2015-0750 (The administrative web interface in Cisco Hosted Collaboration 
Solutio ...)
        NOT-FOR-US: Cisco
-CVE-2015-0749
-       RESERVED
+CVE-2015-0749 (A vulnerability in Cisco Unified Communications Manager could 
allow an ...)
+       TODO: check
 CVE-2015-0748
        RESERVED
 CVE-2015-0747 (Cisco Conductor for Videoscape 3.0 and Cisco Headend System 
Release al ...)
@@ -310459,8 +310498,7 @@ CVE-2011-2056
        RESERVED
 CVE-2011-2055
        RESERVED
-CVE-2011-2054
-       RESERVED
+CVE-2011-2054 (A vulnerability in the Cisco ASA that could allow a remote 
attacker to ...)
        NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
 CVE-2011-2053
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f753b805253f9bf88cc705f6907c0a5514759a94

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f753b805253f9bf88cc705f6907c0a5514759a94
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to