Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b184916 by security tracker role at 2020-06-28T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in
parse_exif() in ...)
+ TODO: check
+CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows
top-map/?search_locat ...)
+ TODO: check
+CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows
side-map/?search_orde ...)
+ TODO: check
CVE-2020-15362
RESERVED
CVE-2020-15361
@@ -64865,6 +64871,7 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and
7.4.0 on Windows, when su
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78943
CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and
7.4.x below ...)
+ {DLA-2261-1}
- php7.4 <unfixed>
- php7.3 <removed>
- php7.0 <removed>
@@ -104219,6 +104226,7 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows
remote attackers to bypass t
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory
Traversal via t ...)
NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a
memory ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #910335)
[stretch] - zziplib 0.13.62-3.2~deb9u1
NOTE: https://github.com/gdraheim/zziplib/issues/58
@@ -127587,6 +127595,7 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib
0.13.68. There is a memory lea
NOTE:
https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4
(v0.13.69)
NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary
packages.
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus
error cause ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -127596,6 +127605,7 @@ CVE-2018-7726 (An issue was discovered in ZZIPlib
0.13.68. There is a bus error
NOTE:
https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be
(v0.13.69)
NOTE:
https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b
(v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory
address ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -130451,7 +130461,7 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x
before 6.0.1 allows remote attac
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script
2.0.3 v ...)
NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation
and a c ...)
- {DLA-1287-1}
+ {DLA-2258-1 DLA-1287-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
NOTE: https://github.com/gdraheim/zziplib/issues/22
@@ -131497,12 +131507,14 @@ CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus
error (when handling a disk64_
NOTE:
https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e
(v0.13.68)
NOTE: Negligible impact and unzzipcat utility not installed into binary
packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
misali ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
NOTE:
https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3
(v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a
misali ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #923659)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
@@ -131762,6 +131774,7 @@ CVE-2018-6485 (An integer overflow in the
implementation of the posix_memalign i
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus
error in ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
@@ -132004,6 +132017,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows
local users to conduct SQL
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by
invalid me ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889096)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
@@ -170151,7 +170165,7 @@ CVE-2017-10791 (There is an Integer overflow in the
hash_int function of the lib
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
NOTE: No security impact as built in Debian
CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through
4.12 cause ...)
- {DSA-4106-1 DLA-1038-1}
+ {DSA-4106-1 DLA-2255-1 DLA-1038-1}
- libtasn1-6 4.12-2.1 (bug #867398)
- libtasn1-3 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
@@ -174759,7 +174773,7 @@ CVE-2017-9244 (Cross-site scripting (XSS)
vulnerability in the Trello app before
CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version
WRC.253.2.0913 ...)
NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the
'send ...)
- {DLA-974-1}
+ {DLA-2259-1 DLA-974-1}
- picocom 1.7-2 (bug #863671)
NOTE:
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the
Linux k ...)
@@ -201669,7 +201683,7 @@ CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5,
9.10.x before 9.10.4-P5, a
- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
NOTE: https://kb.isc.org/article/AA-01441/0
CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks,
which allow ...)
- {DLA-724-1}
+ {DLA-2260-1 DLA-724-1}
- mcabber 0.10.2-1.1 (bug #845258)
NOTE:
https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
@@ -213846,7 +213860,7 @@ CVE-2016-5738
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5
BIG-IP ...)
NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in
rwpng.c ...)
- {DLA-966-1}
+ {DLA-2257-1 DLA-966-1}
- pngquant 2.5.0-2 (bug #863469)
NOTE:
https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and
4.6.x be ...)
@@ -218614,6 +218628,7 @@ CVE-2016-4430 (Apache Struts 2 2.3.20 through
2.3.28.1 mishandles token validati
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in
sunrpc/cln ...)
+ {DLA-2256-1}
- glibc 2.22-10
[jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b184916276f93f61662a263da9e120787abbe82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b184916276f93f61662a263da9e120787abbe82
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
