[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 11 Jul 2020 01:11:07 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3006724f by security tracker role at 2020-07-11T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1270,8 +1270,8 @@ CVE-2020-15107
        RESERVED
 CVE-2020-15106
        RESERVED
-CVE-2020-15105
-       RESERVED
+CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the 
user's passwo ...)
+       TODO: check
 CVE-2020-15104
        RESERVED
 CVE-2020-15103
@@ -12467,8 +12467,8 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, 
multiple reflexive XSS oc
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
        NOTE: 
https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
        NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11061
-       RESERVED
+CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 
18.2.8, and  ...)
+       TODO: check
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands 
by abusi ...)
        - glpi <removed> (unimportant)
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
@@ -29888,8 +29888,8 @@ CVE-2020-4044 (The xrdp-sesman service before version 
0.9.13.1 can be crashed by
        NOTE: Fixed by: 
https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
 CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an 
unserializati ...)
        NOT-FOR-US: phpMussel
-CVE-2020-4042
-       RESERVED
+CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious 
client to  ...)
+       TODO: check
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded 
files was v ...)
        NOT-FOR-US: Bolt CMS
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the 
preview ge ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3006724f86a6703a375e1e467e42e5b5173d2d2f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3006724f86a6703a375e1e467e42e5b5173d2d2f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to