Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: aa0b3060 by Moritz Muehlenhoff at 2020-09-21T11:29:52+02:00 NFUs (issues affecting src:gradle are listed at https://github.com/gradle/gradle/security/advisories) - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -20599,25 +20599,25 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...) NOT-FOR-US: Maven Extension plugin for Gradle Enterprise CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of ...) - TODO: check + NOT-FOR-US: Gradle Enterprise CVE-2020-15766 RESERVED CVE-2020-15765 @@ -26982,7 +26982,7 @@ CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/p NOT-FOR-US: Gila CMS CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...) - jodd <unfixed> (bug #961298) - [buster] - jodd <no-dsa> (Minor issue) + [buster] - jodd <ignored> (Minor issue; upstream fix needs changes in rdeps and none present in Buster) NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 NOTE: https://github.com/oblac/jodd/issues/628 CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...) @@ -52131,7 +52131,7 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - libpodofo <unfixed> - [buster] - libpodofo <no-dsa> (Minor issue) + [buster] - libpodofo <ignored> (Minor issue) [stretch] - libpodofo <no-dsa> (Minor issue) [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/podofo/tickets/75/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0b3060d871cd236263d96925004ad370fe2fbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0b3060d871cd236263d96925004ad370fe2fbd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
