[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 20 Jun 2020 01:10:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
df4f88e1 by security tracker role at 2020-06-20T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information 
Gatheri ...)
+       TODO: check
+CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal 
CT-464. A ...)
+       TODO: check
+CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of 
products, has ...)
+       TODO: check
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure 
connection aft ...)
        - alpine <unfixed> (bug #963179)
        NOTE: 
http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
@@ -1103,24 +1109,24 @@ CVE-2018-21249 (An issue was discovered in Mattermost 
Server before 5.3.0. It mi
        NOT-FOR-US: Mattermost
 CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It 
mishandl ...)
        NOT-FOR-US: Mattermost
-CVE-2017-18921
-       RESERVED
-CVE-2017-18920
-       RESERVED
-CVE-2017-18919
-       RESERVED
-CVE-2017-18918
-       RESERVED
-CVE-2017-18917
-       RESERVED
-CVE-2017-18916
-       RESERVED
-CVE-2017-18915
-       RESERVED
-CVE-2017-18914
-       RESERVED
-CVE-2017-18913
-       RESERVED
+CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 
3.5.2. X ...)
+       TODO: check
+CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The 
WebSock ...)
+       TODO: check
+CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 
3.6.3. A ...)
+       TODO: check
+CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 
3.6.5. A ...)
+       TODO: check
+CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
+       TODO: check
+CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
+       TODO: check
+CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
+       TODO: check
+CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
+       TODO: check
+CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
+       TODO: check
 CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
        NOT-FOR-US: Mattermost
 CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 
3.7.5, and  ...)
@@ -1129,14 +1135,14 @@ CVE-2017-18910 (An issue was discovered in Mattermost 
Server before 3.8.2, 3.7.5
        NOT-FOR-US: Mattermost
 CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when 
SAML is ...)
        NOT-FOR-US: Mattermost
-CVE-2017-18908
-       RESERVED
-CVE-2017-18907
-       RESERVED
-CVE-2017-18906
-       RESERVED
-CVE-2017-18905
-       RESERVED
+CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 
3.10.2, and ...)
+       TODO: check
+CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 
3.10.2, and ...)
+       TODO: check
+CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 
3.10.2, and ...)
+       TODO: check
+CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 
3.10.2, and ...)
+       TODO: check
 CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 
3.10.2, and ...)
        NOT-FOR-US: Mattermost
 CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 
3.10.2, and ...)
@@ -1207,54 +1213,54 @@ CVE-2017-18871 (An issue was discovered in Mattermost 
Server before 4.5.0, 4.4.5
        NOT-FOR-US: Mattermost
 CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 
4.4.5, and  ...)
        NOT-FOR-US: Mattermost
-CVE-2016-11084
-       RESERVED
-CVE-2016-11083
-       RESERVED
-CVE-2016-11082
-       RESERVED
-CVE-2016-11081
-       RESERVED
-CVE-2016-11080
-       RESERVED
-CVE-2016-11079
-       RESERVED
-CVE-2016-11078
-       RESERVED
-CVE-2016-11077
-       RESERVED
-CVE-2016-11076
-       RESERVED
-CVE-2016-11075
-       RESERVED
-CVE-2016-11074
-       RESERVED
-CVE-2016-11073
-       RESERVED
-CVE-2016-11072
-       RESERVED
-CVE-2016-11071
-       RESERVED
-CVE-2016-11070
-       RESERVED
-CVE-2016-11069
-       RESERVED
-CVE-2016-11068
-       RESERVED
-CVE-2016-11067
-       RESERVED
-CVE-2016-11066
-       RESERVED
-CVE-2016-11065
-       RESERVED
-CVE-2016-11064
-       RESERVED
-CVE-2016-11063
-       RESERVED
-CVE-2016-11062
-       RESERVED
-CVE-2015-9548
-       RESERVED
+CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It 
allows u ...)
+       TODO: check
+CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It 
offers s ...)
+       TODO: check
+CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It 
potentia ...)
+       TODO: check
+CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It 
has a su ...)
+       TODO: check
+CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It 
does not ...)
+       TODO: check
+CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It 
allows a ...)
+       TODO: check
+CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A 
password- ...)
+       TODO: check
+CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The 
purpose ...)
+       TODO: check
+CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It 
allows X ...)
+       TODO: check
+CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It 
mishandl ...)
+       TODO: check
+CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. 
Attackers c ...)
+       TODO: check
+CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It 
allowed  ...)
+       TODO: check
+CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The 
initial ...)
+       TODO: check
+CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An 
attacker ...)
+       TODO: check
+CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 
3.4.0. String ...)
+       TODO: check
+CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS 
can occ ...)
+       TODO: check
+CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. 
E-mail addr ...)
+       TODO: check
+CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It 
allows a ...)
+       TODO: check
 CVE-2020-XXXX [MITM response injection attack when using STARTTLS with IMAP, 
POP3 and SMTP]
        - mutt 1.14.4-1
        [stretch] - mutt 1.7.2-1+deb9u3
@@ -2056,6 +2062,7 @@ CVE-2017-18869 (A TOCTOU issue in the chownr package 
before 1.1.0 for Node.js 10
        NOTE: https://github.com/isaacs/chownr/issues/14
        NOTE: https://snyk.io/vuln/npm:chownr:20180731
 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone 
man-in-the-middle attac ...)
+       {DSA-4707-1}
        - mutt 1.14.3-1 (bug #962897)
        - neomutt 20200619+dfsg.1-1
        NOTE: 
https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
@@ -4048,16 +4055,16 @@ CVE-2020-13278
        RESERVED
 CVE-2020-13277 (An authorization issue in the mirroring logic allowed read 
access to p ...)
        TODO: check
-CVE-2020-13276
-       RESERVED
-CVE-2020-13275
-       RESERVED
-CVE-2020-13274
-       RESERVED
-CVE-2020-13273
-       RESERVED
-CVE-2020-13272
-       RESERVED
+CVE-2020-13276 (User is allowed to set an email as a notification email even 
without v ...)
+       TODO: check
+CVE-2020-13275 (A user with an unverified email address could request an 
access to dom ...)
+       TODO: check
+CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks 
through m ...)
+       TODO: check
+CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the 
system resour ...)
+       TODO: check
+CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later 
through 13 ...)
+       TODO: check
 CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the 
execution of a ...)
        - gitlab <unfixed>
 CVE-2020-13270 (Missing permission check on fork relation creation in GitLab 
CE/EE 11. ...)
@@ -4070,16 +4077,16 @@ CVE-2020-13267 (A Stored Cross-Site Scripting 
vulnerability allowed the executio
        - gitlab <unfixed>
 CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 
12.8 and ...)
        - gitlab <unfixed>
-CVE-2020-13265
-       RESERVED
-CVE-2020-13264
-       RESERVED
-CVE-2020-13263
-       RESERVED
-CVE-2020-13262
-       RESERVED
-CVE-2020-13261
-       RESERVED
+CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later 
through  ...)
+       TODO: check
+CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and 
later thr ...)
+       TODO: check
+CVE-2020-13263 (An authorization issue relating to project maintainer 
impersonation wa ...)
+       TODO: check
+CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab 
CE/EE 12.9 ...)
+       TODO: check
+CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and 
later throu ...)
+       TODO: check
 CVE-2020-13260
        RESERVED
 CVE-2020-13259
@@ -11757,8 +11764,8 @@ CVE-2020-10751 (A flaw was found in the Linux kernels 
SELinux LSM hook implement
        {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
        - linux 5.6.14-1
        NOTE: 
https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
-CVE-2020-10750
-       RESERVED
+CVE-2020-10750 (Sensitive information written to a log file vulnerability was 
found in ...)
+       TODO: check
 CVE-2020-10749 (A vulnerability was found in all versions of 
containernetworking/plugi ...)
        - golang-github-containernetworking-plugins <unfixed>
        NOTE: https://github.com/containernetworking/plugins/pull/484



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4f88e15798f88fe4e97a247f1fed4e74587145

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4f88e15798f88fe4e97a247f1fed4e74587145
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to