Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: ccbe3819 by Moritz Muehlenhoff at 2020-02-28T17:22:27+01:00 NFUs update fixed proftpd version due to followup patch - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -21,11 +21,11 @@ CVE-2020-9436 CVE-2020-9435 RESERVED CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) - TODO: check + NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) - TODO: check + NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) - TODO: check + NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9427 RESERVED CVE-2020-9426 @@ -426,7 +426,7 @@ CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized poi NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-1} - - proftpd-dfsg 1.3.6c-1 (bug #951800) + - proftpd-dfsg 1.3.6c-2 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) @@ -9055,11 +9055,11 @@ CVE-2020-5404 CVE-2020-5403 RESERVED CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...) - TODO: check + NOT-FOR-US: Cloud Foundry CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) NOT-FOR-US: Cloud Foundry CredHub CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) @@ -48457,25 +48457,25 @@ CVE-2019-10801 CVE-2019-10800 RESERVED CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...) - TODO: check + NOT-FOR-US: Node module compile-sass CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...) - TODO: check + NOT-FOR-US: Node module rdf-graph-array CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...) - TODO: check + NOT-FOR-US: WSO2 CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The variable ...) - TODO: check + NOT-FOR-US: Node module rpi CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...) NOT-FOR-US: undefsafe CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...) - TODO: check + NOT-FOR-US: Node module component-flatten CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set ...) - TODO: check + NOT-FOR-US: Node module dot-object CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler ...) - TODO: check + NOT-FOR-US: Node module bodymen CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...) - TODO: check + NOT-FOR-US: Node module promise-probe CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...) - TODO: check + NOT-FOR-US: Node module taffy CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...) NOT-FOR-US: curling.js CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccbe381946949cf3aaf8bc6680d1b00222ad2097 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccbe381946949cf3aaf8bc6680d1b00222ad2097 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits