[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 26 Apr 2020 01:10:43 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ff60f771 by security tracker role at 2020-04-26T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-12253
+       RESERVED
+CVE-2020-12252
+       RESERVED
+CVE-2020-12251
+       RESERVED
+CVE-2020-12250
+       RESERVED
+CVE-2020-12249
+       RESERVED
 CVE-2020-12248
        RESERVED
 CVE-2020-12247
@@ -115009,6 +115019,7 @@ CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce 
a configuration in which k
        NOTE: https://dev.gnupg.org/T3844
        NOTE: 
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
 CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. 
If a u ...)
+       {DLA-2186-1}
        - ncmpc 0.33-1 (low; bug #894724)
        [stretch] - ncmpc 0.25-0.1+deb9u1
        [wheezy] - ncmpc <no-dsa> (Minor issue)
@@ -168717,7 +168728,7 @@ CVE-2016-10349 (The archive_le32dec function in 
archive_endian.h in libarchive 3
        NOTE: https://github.com/libarchive/libarchive/issues/834
        NOTE: Fixed by: 
https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
 (v3.3.0)
 CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to 
timing oracl ...)
-       {DLA-934-1}
+       {DLA-2187-1 DLA-934-1}
        - radicale 1.1.1+20160115-4 (bug #861514)
        NOTE: 
https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b
 (1.1.x)
        NOTE: 
https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d
 (master)
@@ -201137,7 +201148,7 @@ CVE-2016-6857 (Cross-site scripting (XSS) 
vulnerability in the Create Catalogue
 CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search 
feature i ...)
        NOT-FOR-US: SAP Hybris
 CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 
3.19.x, a ...)
-       {DLA-605-1}
+       {DLA-2185-1 DLA-605-1}
        - eog 3.20.4-1
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143
        NOTE: 
https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff60f7710883b946b812ff8ed1528d3d52c2ccc8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff60f7710883b946b812ff8ed1528d3d52c2ccc8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to