Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0c17039b by Moritz Muehlenhoff at 2020-03-04T13:06:53+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4171,7 +4171,7 @@ CVE-2020-8134 CVE-2020-8133 RESERVED CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) - TODO: check + NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) - node-yarnpkg <unfixed> (bug #952912) NOTE: https://hackerone.com/reports/730239 @@ -49673,15 +49673,15 @@ CVE-2019-10807 CVE-2019-10806 RESERVED CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...) - TODO: check + NOT-FOR-US: Node valib CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...) - TODO: check + NOT-FOR-US: Node serial-number CVE-2019-10803 (push-dir through 0.4.1 allows execution of arbritary commands. Argumen ...) - TODO: check + NOT-FOR-US: Node push-dir CVE-2019-10802 (giting version prior to 0.0.8 allows execution of arbritary commands. ...) - TODO: check + NOT-FOR-US: Node giting CVE-2019-10801 (enpeem through 2.2.0 allows execution of arbitrary commands. The "opti ...) - TODO: check + NOT-FOR-US: Node enpeem CVE-2019-10800 RESERVED CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...) @@ -49730,7 +49730,7 @@ CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScri CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...) NOT-FOR-US: BibTeX-ruby CVE-2019-10779 (All versions of stroom:stroom-app before 5.5.12 and all versions of th ...) - TODO: check + NOT-FOR-US: Stroom CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...) NOT-FOR-US: devcert-sanscache CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...) @@ -261827,7 +261827,7 @@ CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows re ...) NOT-FOR-US: vTiger CRM CVE-2013-7324 (Webkit-GTK 2.x (any version with HTML5 audio/video support based on GS ...) - TODO: check + NOT-FOR-US: Historic webkit issue CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...) - linux 3.2.29-1 - linux-2.6 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c17039b7c6cc04892607fca54c3cac18c9494b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c17039b7c6cc04892607fca54c3cac18c9494b5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits