[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 24 May 2020 13:11:30 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bc69be23 by security tracker role at 2020-05-24T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB 
datasource. ...)
+       TODO: check
+CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin 
before 1. ...)
+       TODO: check
 CVE-2020-13428
        RESERVED
 CVE-2020-13427
@@ -114560,6 +114564,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 
0.7.3 has CSRF via a delete a
 CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and 
resultant Authe ...)
        NOT-FOR-US: CSP MySQL User Manager
 CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission 
before 3.0 ...)
+       {DLA-2218-1}
        - transmission <unfixed> (bug #961461)
        NOTE: 
https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e
 (3.00)
        NOTE: https://tomrichards.net/2020/05/cve-2018-10756-transmission/
@@ -173431,7 +173436,7 @@ CVE-2017-7877 (CSRF vulnerability in flatCore version 
1.4.6 allows remote attack
 CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. 
...)
        NOT-FOR-US: QNAP QTS
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client 
pretends t ...)
-       {DLA-899-1}
+       {DLA-2219-1 DLA-899-1}
        - feh 2.18-2 (low; bug #860367)
        NOTE: Fixed by: 
https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
 CVE-2017-7874
@@ -206373,7 +206378,7 @@ CVE-2016-6320 (Cross-site scripting (XSS) 
vulnerability in app/assets/javascript
 CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in 
app/helpers/form_helper.rb ...)
        - foreman <itp> (bug #663101)
 CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in 
lib/fa ...)
-       {DLA-599-1}
+       {DLA-2220-1 DLA-599-1}
        - cracklib2 2.9.2-2 (bug #834502)
        NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
        NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at 
most application crash



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc69be235c8a4a7efaa0851cc8793b253fd32767

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc69be235c8a4a7efaa0851cc8793b253fd32767
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to