Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c6503ba by security tracker role at 2020-02-27T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -338,7 +338,7 @@ CVE-2020-9275
CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized
pointer ...)
TODO: check
CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by
interru ...)
- {DLA-2115-1}
+ {DSA-4635-1 DLA-2115-1}
- proftpd-dfsg 1.3.6c-1 (bug #951800)
NOTE: https://github.com/proftpd/proftpd/issues/903
NOTE:
https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49
(master)
@@ -1431,6 +1431,7 @@ CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0
through 12.7.5, sharing
- gitlab <not-affected> (Only affects EE version)
NOTE:
https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of
an out- ...)
+ {DSA-4634-1}
- opensmtpd 6.6.4p1-1 (bug #952453)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5
NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
@@ -2871,6 +2872,7 @@ CVE-2020-8131 (Arbitrary filesystem write vulnerability
in Yarn 1.21.1 and earli
- node-yarnpkg <unfixed>
NOTE: https://hackerone.com/reports/730239
CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake
< 12.3. ...)
+ {DLA-2120-1}
- rake 12.3.3-1
NOTE: https://hackerone.com/reports/651518
NOTE: Fixed by:
https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee
(v12.3.3)
@@ -13099,10 +13101,10 @@ CVE-2020-3926 (An arbitrary-file-access vulnerability
exists in ServiSign securi
NOT-FOR-US: ServiSign security plugin
CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some
designated a ...)
NOT-FOR-US: ServiSign security plugin
-CVE-2020-3924
- RESERVED
-CVE-2020-3923
- RESERVED
+CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided
by TONN ...)
+ TODO: check
+CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided
by TONN ...)
+ TODO: check
CVE-2020-3922
RESERVED
CVE-2020-3921
@@ -24587,8 +24589,8 @@ CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and
prior, several heap-based bu
NOT-FOR-US: Fuji
CVE-2019-18239
RESERVED
-CVE-2019-18238
- RESERVED
+CVE-2019-18238 (Moxa ioLogik 2542-HSPA Series Controllers and IOs, and
IOxpress Config ...)
+ TODO: check
CVE-2019-18237
RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC
Editor Ver ...)
@@ -42498,7 +42500,7 @@ CVE-2019-12884
CVE-2019-12883
RESERVED
CVE-2019-12882
- RESERVED
+ REJECTED
CVE-2019-12881 (i915_gem_userptr_get_pages in
drivers/gpu/drm/i915/i915_gem_userptr.c ...)
- linux <undetermined>
NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
@@ -75319,7 +75321,7 @@ CVE-2018-19670
CVE-2018-19669
RESERVED
CVE-2018-19668
- RESERVED
+ REJECTED
CVE-2018-19667
RESERVED
CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users
to gain ...)
@@ -166618,8 +166620,8 @@ CVE-2017-6373
RESERVED
CVE-2017-6372
RESERVED
-CVE-2017-6371
- RESERVED
+CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to
cause a de ...)
+ TODO: check
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an
index.php?loginProvider URI i ...)
NOT-FOR-US: TYPO3
CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x
before 2.5. ...)
@@ -166640,8 +166642,8 @@ CVE-2017-6365
RESERVED
CVE-2017-6364
RESERVED
-CVE-2017-6363
- RESERVED
+CVE-2017-6363 (** DISPUTED ** In the GD Graphics Library (aka LibGD) through
2.2.5, t ...)
+ TODO: check
CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in
libgd2 befo ...)
{DSA-3961-1 DLA-1106-1}
- libgd2 2.2.5-1
@@ -168211,7 +168213,7 @@ CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3
and earlier is affected by:
CVE-2017-5862
RESERVED
CVE-2017-5861
- RESERVED
+ REJECTED
CVE-2017-5860
RESERVED
CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there
is a vu ...)
@@ -223376,8 +223378,8 @@ CVE-2015-5688 (Directory traversal vulnerability in
lib/app/index.js in Geddy be
NOTE: https://nodesecurity.io/advisories/10
CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows
remote at ...)
NOT-FOR-US: Anchor CMS
-CVE-2015-5686
- RESERVED
+CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be
susceptibl ...)
+ TODO: check
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server
(bootstra ...)
{DLA-312-1}
- libtorrent-rasterbar 1.0.6-1 (bug #797046)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
