Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5aded3a4 by security tracker role at 2020-08-22T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14521,11 +14521,11 @@ CVE-2020-17370
CVE-2020-17369
RESERVED
CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during
use of ...)
- {DSA-4742-1}
+ {DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
NOTE:
https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options
indicator ...)
- {DSA-4742-1}
+ {DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
NOTE:
https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through
0.7.1. ...)
@@ -18088,6 +18088,7 @@ CVE-2020-15710
RESERVED
CVE-2020-15709
RESERVED
+ {DLA-2339-1}
- software-properties <unfixed> (bug #968850)
[buster] - software-properties <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1
@@ -18165,6 +18166,7 @@ CVE-2019-20908 (An issue was discovered in
drivers/firmware/efi/efi.c in the Lin
NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
NOTE: Fixed by:
https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able
to craf ...)
+ {DLA-2337-1}
- python3.9 3.9.0~b5-1 (low)
- python3.8 3.8.5-1 (low)
- python3.7 <removed> (low)
@@ -68565,7 +68567,7 @@ CVE-2019-16058 (An issue was discovered in the pam_p11
component 0.2.0 and 0.3.0
CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is
vulnera ...)
NOT-FOR-US: D-Link
CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through
3.5.7, 3 ...)
- {DLA-2280-1 DLA-1925-1 DLA-1924-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1925-1 DLA-1924-1}
- python3.8 3.8.0~b4-1
- python3.7 3.7.4-4
[buster] - python3.7 3.7.3-2+deb10u1
@@ -77771,7 +77773,7 @@ CVE-2019-13578 (A SQL injection vulnerability exists in
the Impress GiveWP Give
CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an
Unauthe ...)
NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator
CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in
Lib/http/cookiejar.py ...)
- {DLA-2280-1 DLA-1906-1 DLA-1889-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1906-1 DLA-1889-1}
- python3.7 3.7.3~rc1-1
- python3.5 <removed>
- python3.4 <removed>
@@ -87995,7 +87997,7 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud
Mirror Gen2, My Cloud EX2 Ultr
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100,
EX4100 ...)
NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file:
scheme, w ...)
- {DLA-2280-1 DLA-1852-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1852-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -88009,7 +88011,7 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16
supports the local_file: sche
NOTE:
https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca
(2.7)
NOTE:
https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641
(2.7)
CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16
and ur ...)
- {DLA-2280-1 DLA-1835-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -89559,7 +89561,7 @@ CVE-2019-9741 (An issue was discovered in net/http in
Go 1.11.5. CRLF injection
NOTE:
https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
NOTE:
https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16
and ur ...)
- {DLA-2280-1 DLA-1835-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -89837,7 +89839,7 @@ CVE-2019-9643
CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio
through 8. ...)
- extplorer <removed>
CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected
by: Impr ...)
- {DLA-2280-1 DLA-1835-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.3~rc1-1 (bug #924072)
- python3.6 <removed>
- python3.5 <removed>
@@ -102031,7 +102033,7 @@ CVE-2019-5012 (An exploitable privilege escalation
vulnerability exists in the W
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the
helper ...)
NOT-FOR-US: CleanMyMac
CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the
X509 cert ...)
- {DLA-2280-1 DLA-1834-1 DLA-1663-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1834-1 DLA-1663-1}
- python3.7 3.7.2-2 (bug #921064)
- python3.6 <removed> (bug #921063)
- python3.5 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aded3a4c725b6a084c8513192f7c3f7679650b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aded3a4c725b6a084c8513192f7c3f7679650b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
