[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 21 Jun 2020 13:10:48 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a2574bd by security tracker role at 2020-06-21T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-14957
+       RESERVED
+CVE-2020-14956
+       RESERVED
+CVE-2020-14955
+       RESERVED
+CVE-2020-14953
+       RESERVED
+CVE-2020-14952
+       RESERVED
+CVE-2020-14951
+       RESERVED
+CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to 
execute arb ...)
+       TODO: check
+CVE-2020-14949
+       RESERVED
+CVE-2020-14948
+       RESERVED
+CVE-2020-14947
+       RESERVED
+CVE-2020-14946
+       RESERVED
+CVE-2020-14945
+       RESERVED
+CVE-2020-14944
+       RESERVED
+CVE-2020-14943
+       RESERVED
+CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in 
apps\helpdesk\ ...)
+       TODO: check
+CVE-2020-14941
+       RESERVED
+CVE-2020-14940
+       RESERVED
+CVE-2020-14939
+       RESERVED
+CVE-2020-14938
+       RESERVED
 CVE-2020-14937
        RESERVED
 CVE-2020-14936
@@ -1275,7 +1313,8 @@ CVE-2016-11062 (An issue was discovered in Mattermost 
Server before 3.5.1. E-mai
        NOT-FOR-US: Mattermost
 CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It 
allows a ...)
        NOT-FOR-US: Mattermost
-CVE-2020-14954 [MITM response injection attack when using STARTTLS with IMAP, 
POP3 and SMTP]
+CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a 
STARTTLS buffe ...)
+       {DSA-4707-1}
        - mutt 1.14.4-1
        - neomutt 20200619+dfsg.1-1
        NOTE: 
https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
@@ -1939,6 +1978,7 @@ CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers 
to cause a denial of ser
 CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the 
path provi ...)
        NOT-FOR-US: uftpd
 CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 
26~rc2 allo ...)
+       {DLA-2252-1}
        - ngircd <unfixed> (bug #963147)
        [buster] - ngircd <no-dsa> (Minor issue)
        [stretch] - ngircd <no-dsa> (Minor issue)
@@ -58224,6 +58264,7 @@ CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, 
and 1.2.x before 1.2.1,
        NOTE: 
https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8
        NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1
 CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be 
obtained by  ...)
+       {DLA-2253-1}
        - lynis <unfixed> (bug #963161)
        NOTE: https://cisofy.com/security/cve/cve-2019-13033/
        NOTE: 
https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a2574bdcac698cb221f783cf0f0b286020cf7a5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a2574bdcac698cb221f783cf0f0b286020cf7a5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to