[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2020-12272/opendmarc

Wed, 29 Apr 2020 00:15:22 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cbf8a1a7 by Salvatore Bonaccorso at 2020-04-29T09:13:28+02:00
Add CVE-2020-12272/opendmarc

- - - - -
f62bac2a by Salvatore Bonaccorso at 2020-04-29T09:13:56+02:00
Add CVE-2019-20790/opendmarc

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -362,7 +362,9 @@ CVE-2020-12274 (In TestLink 1.9.20, the 
lib/cfields/cfieldsExport.php goback_url
 CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter 
exposes clear ...)
        NOT-FOR-US: TestLink
 CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject 
authentic ...)
-       TODO: check
+       - opendmarc <unfixed>
+       NOTE: https://sourceforge.net/p/opendmarc/tickets/237/
+       NOTE: 
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
 CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 
18.0 bef ...)
        NOT-FOR-US: SFOS
 CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses 
six-character alpha ...)
@@ -376,7 +378,10 @@ CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in 
Artifex jbig2dec before
 CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related 
to QTextM ...)
        TODO: check
 CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with 
pypolicyd-spf 2.0.2, ...)
-       TODO: check
+       - opendmarc <unfixed>
+       NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
+       NOTE: https://sourceforge.net/p/opendmarc/tickets/235/
+       NOTE: 
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
 CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 
M79X3.V5030.180719, WL-W ...)
        NOT-FOR-US: WAVLINK
 CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable 
to Arbit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70a20b215efa3b2d5445ebdfd301444ea33f8b60...f62bac2a95224d01cae33e86bc2b6f8655c07f4a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70a20b215efa3b2d5445ebdfd301444ea33f8b60...f62bac2a95224d01cae33e86bc2b6f8655c07f4a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to