Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0434659 by security tracker role at 2020-08-16T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-24363
+ RESERVED
+CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next
plugin befor ...)
+ TODO: check
CVE-2020-24362
RESERVED
CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via
EXEC, P ...)
@@ -16955,6 +16959,7 @@ CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages
in unencrypted POP3 commu
NOTE: kdepim-runtime:
https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2
NOTE: kmail-account-wizard:
https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6
CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3
and other ...)
+ {DLA-2329-1}
- libetpan <unfixed> (bug #966647)
NOTE: https://github.com/dinhvh/libetpan/issues/386
NOTE: https://github.com/dinhvh/libetpan/pull/387
@@ -67375,7 +67380,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for
WordPress has SQL injection via
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying
non-public ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through
2.6.4 allow ...)
- {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -67383,7 +67388,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through
2.5.6, and 2.6.x through 2.6.4
NOTE:
https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5:
https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through
2.6.4 allow ...)
- {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -67574,7 +67579,7 @@ CVE-2019-16203 (Brocade Fabric OS Versions before
v8.2.2a and v8.2.1d could expo
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain
situations. ...)
NOT-FOR-US: MISP
CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x
through 2.5 ...)
- {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -93029,7 +93034,7 @@ CVE-2019-8327
CVE-2019-8326
RESERVED
CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through
3.0.2. Since ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -93039,7 +93044,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through
3.0.2. A cra ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -93049,7 +93054,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through
3.0.2. Gem:: ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -93059,7 +93064,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through
3.0.2. The g ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -93069,7 +93074,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through
3.0.2. Since ...)
- {DSA-4433-1 DLA-1796-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -93080,7 +93085,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6
and later through 3.0.2.
NOTE:
https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE:
https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6
and later ...)
- {DSA-4433-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -160323,7 +160328,7 @@ CVE-2017-17744 (A cross-site scripting (XSS)
vulnerability in the custom-map plu
CVE-2017-17743 (Improper input sanitization within the restricted
administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4,
2.5.x befo ...)
- {DSA-4259-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- jruby <unfixed>
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a04346590b810aaed2855d28287c73b24c879b0f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a04346590b810aaed2855d28287c73b24c879b0f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
