[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 26 Apr 2020 13:10:39 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a1fddf6f by security tracker role at 2020-04-26T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-12266
+       RESERVED
+CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable 
to Arbit ...)
+       TODO: check
+CVE-2020-12264
+       RESERVED
+CVE-2020-12263
+       RESERVED
+CVE-2020-12262
+       RESERVED
+CVE-2020-12261
+       RESERVED
+CVE-2020-12260
+       RESERVED
+CVE-2020-12259
+       RESERVED
+CVE-2020-12258
+       RESERVED
+CVE-2020-12257
+       RESERVED
+CVE-2020-12256
+       RESERVED
+CVE-2020-12255
+       RESERVED
+CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows 
privilege escal ...)
+       TODO: check
+CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to 
admin/menus/menus or a ...)
+       TODO: check
 CVE-2020-12253
        RESERVED
 CVE-2020-12252
@@ -13212,6 +13240,7 @@ CVE-2020-7068
        RESERVED
 CVE-2020-7067 [OOB Read in urldecode()]
        RESERVED
+       {DLA-2188-1}
        - php7.4 7.4.5-1
        - php7.3 <removed>
        - php7.0 <removed>
@@ -13219,6 +13248,7 @@ CVE-2020-7067 [OOB Read in urldecode()]
        NOTE: Fixed in PHP 7.4.5, 7.3.17
        NOTE: PHP Bug: https://bugs.php.net/79465
 CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x 
below  ...)
+       {DLA-2188-1}
        - php7.4 7.4.5-1
        - php7.3 <removed>
        - php7.0 <removed>
@@ -13233,6 +13263,7 @@ CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 
7.4.x below 7.4.34, while
        NOTE: Fixed in PHP 7.4.4, 7.3.16
        NOTE: PHP Bug: https://bugs.php.net/79371
 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x 
below  ...)
+       {DLA-2188-1}
        - php7.4 7.4.5-1
        - php7.3 <removed>
        - php7.0 <removed>
@@ -168597,7 +168628,7 @@ CVE-2017-8365 (The i2les_array function in pcm.c in 
libsndfile 1.0.28 allows rem
        NOTE: https://github.com/erikd/libsndfile/issues/230
        NOTE: Fixed by: 
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
 CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote 
attackers  ...)
-       {DLA-955-1}
+       {DLA-2189-1 DLA-955-1}
        - rzip 2.1-4.1 (bug #861614)
        NOTE: 
https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
        NOTE: Patch in 
http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fddf6fe87f6e91d22f4e4a85515dd3fe0071bd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fddf6fe87f6e91d22f4e4a85515dd3fe0071bd
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to