Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: df4f88e1 by security tracker role at 2020-06-20T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,9 @@ +CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...) + TODO: check +CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...) + TODO: check +CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...) + TODO: check CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...) - alpine <unfixed> (bug #963179) NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html @@ -1103,24 +1109,24 @@ CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mi NOT-FOR-US: Mattermost CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...) NOT-FOR-US: Mattermost -CVE-2017-18921 - RESERVED -CVE-2017-18920 - RESERVED -CVE-2017-18919 - RESERVED -CVE-2017-18918 - RESERVED -CVE-2017-18917 - RESERVED -CVE-2017-18916 - RESERVED -CVE-2017-18915 - RESERVED -CVE-2017-18914 - RESERVED -CVE-2017-18913 - RESERVED +CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...) + TODO: check +CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...) + TODO: check +CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...) + TODO: check +CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...) + TODO: check +CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + TODO: check +CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + TODO: check +CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + TODO: check +CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + TODO: check +CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + TODO: check CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) NOT-FOR-US: Mattermost CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) @@ -1129,14 +1135,14 @@ CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5 NOT-FOR-US: Mattermost CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...) NOT-FOR-US: Mattermost -CVE-2017-18908 - RESERVED -CVE-2017-18907 - RESERVED -CVE-2017-18906 - RESERVED -CVE-2017-18905 - RESERVED +CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + TODO: check +CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + TODO: check +CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + TODO: check +CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + TODO: check CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) NOT-FOR-US: Mattermost CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) @@ -1207,54 +1213,54 @@ CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5 NOT-FOR-US: Mattermost CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and ...) NOT-FOR-US: Mattermost -CVE-2016-11084 - RESERVED -CVE-2016-11083 - RESERVED -CVE-2016-11082 - RESERVED -CVE-2016-11081 - RESERVED -CVE-2016-11080 - RESERVED -CVE-2016-11079 - RESERVED -CVE-2016-11078 - RESERVED -CVE-2016-11077 - RESERVED -CVE-2016-11076 - RESERVED -CVE-2016-11075 - RESERVED -CVE-2016-11074 - RESERVED -CVE-2016-11073 - RESERVED -CVE-2016-11072 - RESERVED -CVE-2016-11071 - RESERVED -CVE-2016-11070 - RESERVED -CVE-2016-11069 - RESERVED -CVE-2016-11068 - RESERVED -CVE-2016-11067 - RESERVED -CVE-2016-11066 - RESERVED -CVE-2016-11065 - RESERVED -CVE-2016-11064 - RESERVED -CVE-2016-11063 - RESERVED -CVE-2016-11062 - RESERVED -CVE-2015-9548 - RESERVED +CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...) + TODO: check +CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) + TODO: check +CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) + TODO: check +CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...) + TODO: check +CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...) + TODO: check +CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...) + TODO: check +CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...) + TODO: check +CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...) + TODO: check +CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...) + TODO: check +CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...) + TODO: check +CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...) + TODO: check +CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...) + TODO: check +CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...) + TODO: check +CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...) + TODO: check +CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...) + TODO: check +CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...) + TODO: check +CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...) + TODO: check +CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed ...) + TODO: check +CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...) + TODO: check +CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...) + TODO: check +CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...) + TODO: check +CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...) + TODO: check +CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...) + TODO: check +CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...) + TODO: check CVE-2020-XXXX [MITM response injection attack when using STARTTLS with IMAP, POP3 and SMTP] - mutt 1.14.4-1 [stretch] - mutt 1.7.2-1+deb9u3 @@ -2056,6 +2062,7 @@ CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10 NOTE: https://github.com/isaacs/chownr/issues/14 NOTE: https://snyk.io/vuln/npm:chownr:20180731 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...) + {DSA-4707-1} - mutt 1.14.3-1 (bug #962897) - neomutt 20200619+dfsg.1-1 NOTE: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 @@ -4048,16 +4055,16 @@ CVE-2020-13278 RESERVED CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...) TODO: check -CVE-2020-13276 - RESERVED -CVE-2020-13275 - RESERVED -CVE-2020-13274 - RESERVED -CVE-2020-13273 - RESERVED -CVE-2020-13272 - RESERVED +CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...) + TODO: check +CVE-2020-13275 (A user with an unverified email address could request an access to dom ...) + TODO: check +CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...) + TODO: check +CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...) + TODO: check +CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...) + TODO: check CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...) - gitlab <unfixed> CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...) @@ -4070,16 +4077,16 @@ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the executio - gitlab <unfixed> CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) - gitlab <unfixed> -CVE-2020-13265 - RESERVED -CVE-2020-13264 - RESERVED -CVE-2020-13263 - RESERVED -CVE-2020-13262 - RESERVED -CVE-2020-13261 - RESERVED +CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...) + TODO: check +CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...) + TODO: check +CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...) + TODO: check +CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...) + TODO: check +CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) + TODO: check CVE-2020-13260 RESERVED CVE-2020-13259 @@ -11757,8 +11764,8 @@ CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implement {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 -CVE-2020-10750 - RESERVED +CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...) + TODO: check CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...) - golang-github-containernetworking-plugins <unfixed> NOTE: https://github.com/containernetworking/plugins/pull/484 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4f88e15798f88fe4e97a247f1fed4e74587145 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4f88e15798f88fe4e97a247f1fed4e74587145 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits