[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 27 May 2020 01:11:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
09b53a92 by security tracker role at 2020-05-27T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of 
service (stack ...)
+       TODO: check
+CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of 
service (asser ...)
+       TODO: check
+CVE-2020-13621
+       RESERVED
+CVE-2020-13620
+       RESERVED
+CVE-2020-13619
+       RESERVED
+CVE-2020-13618
+       RESERVED
+CVE-2020-13617
+       RESERVED
+CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 
lacks TLS ...)
+       TODO: check
+CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname 
verification  ...)
+       TODO: check
+CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The 
TLS implem ...)
+       TODO: check
+CVE-2020-13613
+       RESERVED
+CVE-2020-13612
+       RESERVED
+CVE-2020-13611
+       RESERVED
+CVE-2020-13610
+       RESERVED
+CVE-2020-13609
+       RESERVED
+CVE-2020-13608
+       RESERVED
+CVE-2020-13607
+       RESERVED
+CVE-2020-13606
+       RESERVED
+CVE-2020-13605
+       RESERVED
+CVE-2020-13604
+       RESERVED
+CVE-2020-13603
+       RESERVED
+CVE-2020-13602
+       RESERVED
+CVE-2020-13601
+       RESERVED
+CVE-2020-13600
+       RESERVED
+CVE-2020-13599
+       RESERVED
+CVE-2020-13598
+       RESERVED
+CVE-2020-13597
+       RESERVED
+CVE-2020-13596
+       RESERVED
+CVE-2020-13595
+       RESERVED
+CVE-2020-13594
+       RESERVED
+CVE-2020-13593
+       RESERVED
 CVE-2020-XXXX [Drupal SA 2020-003]
        - drupal7 <removed>
        [stretch] - drupal7 7.52-2+deb9u10
@@ -2063,10 +2125,12 @@ CVE-2020-12665
 CVE-2020-12664
        RESERVED
 CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS 
answers r ...)
+       {DSA-4694-1}
        - unbound 1.10.1-1
        NOTE: 
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
        NOTE: Patch: 
https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
 CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network 
Message Volu ...)
+       {DSA-4694-1}
        - unbound 1.10.1-1
        NOTE: 
https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
        NOTE: Patch: 
https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
@@ -7137,6 +7201,7 @@ CVE-2020-11025 (In affected versions of WordPress, a 
cross-site scripting (XSS)
 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is 
vulnerable  ...)
        NOT-FOR-US: Moonlight iOS/tvOS
 CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 
3.5.0, pa ...)
+       {DSA-4693-1}
        - jquery <removed>
        [jessie] - jquery <not-affected> (Vulnerable code note present)
        - drupal7 <removed>
@@ -7144,6 +7209,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal 
to 1.0.3 and before 3.5
        NOTE: 
https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
        NOTE: https://www.drupal.org/sa-core-2020-002
 CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 
3.5.0, pass ...)
+       {DSA-4693-1}
        - jquery <removed>
        [jessie] - jquery <not-affected> (Vulnerable code note present)
        - node-jquery 3.5.0+dfsg-2
@@ -8098,8 +8164,7 @@ CVE-2020-10739
        NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 
before 3.7.6 ...)
        - moodle <removed>
-CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in 
mkhomedir.c can lead to symlink attack]
-       RESERVED
+CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with 
the oddj ...)
        - oddjob <unfixed> (bug #960089)
        [buster] - oddjob <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
@@ -12074,8 +12139,8 @@ CVE-2020-9048
        RESERVED
 CVE-2020-9047
        RESERVED
-CVE-2020-9046
-       RESERVED
+CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions 
could po ...)
+       TODO: check
 CVE-2020-9045 (During installation or upgrade to Software House C&#8226;CURE 
9000 v2. ...)
        NOT-FOR-US: Software House
 CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web 
Services ...)
@@ -12088,7 +12153,7 @@ CVE-2020-9041
        RESERVED
 CVE-2020-9040
        RESERVED
-CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure 
Permissions for ...)
+CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 
through 4.6. ...)
        NOT-FOR-US: Couchbase
 CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
        NOT-FOR-US: Joplin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b53a92bdf62ab9ae853343eeb7f6fbc672a4f4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b53a92bdf62ab9ae853343eeb7f6fbc672a4f4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to