Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98f146be by Abhijith PA at 2020-08-02T10:15:57+05:30
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -739,6 +739,7 @@ CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS)
vulnerabilities were
NOT-FOR-US: Mida eFramework
CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol
violation ...)
- claws-mail 3.17.6-1
+ [stretch] - claws-mail <no-dsa> (low priority issue)
NOTE:
https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19
devices a ...)
NOT-FOR-US: Tenda devices
@@ -4657,6 +4658,7 @@ CVE-2020-14348
CVE-2020-14347 [X Server Pixel Data Uninitialized Memory Information
Disclosure]
RESERVED
- xorg-server <unfixed>
+ [stretch] - xorg-server <postponed> (Minor issue, can be fixed along in
next release)
NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
CVE-2020-14346
@@ -14034,6 +14036,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6,
multiple reflexive XSS oc
NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9,
18.2.8, and ...)
- bareos <unfixed> (bug #965985)
+ [stretch] - bareos <no-dsa> (minor issue, low priority)
NOTE:
https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands
by abusi ...)
- glpi <removed> (unimportant)
@@ -31638,6 +31641,7 @@ CVE-2020-4043 (phpMussel from versions 1.0.0 and less
than 1.6.0 has an unserial
NOT-FOR-US: phpMussel
CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious
client to ...)
- bareos <unfixed> (bug #965985)
+ [stretch] - bareos <no-dsa> (minor issue, low priority)
NOTE:
https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded
files was v ...)
NOT-FOR-US: Bolt CMS
=====================================
data/dla-needed.txt
=====================================
@@ -52,6 +52,8 @@ condor (Roberto C. Sánchez)
NOTE: 20200712: Requested input on path forward from [email protected]
(roberto)
NOTE: 20200727: Waiting on maintainer feedback:
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
--
+evolution-data-server
+--
firefox-esr (Emilio)
NOTE: 20200720: working on ESR 78 backport. (Emilio)
--
@@ -73,6 +75,8 @@ jruby (Adrian Bunk)
jupyter-notebook
NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
--
+libx11
+--
linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98f146be45839b3b897b79544f48b8f6f97bc24f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98f146be45839b3b897b79544f48b8f6f97bc24f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
