[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 26 Sep 2020 13:11:23 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3a891da9 by security tracker role at 2020-09-26T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -821,6 +821,7 @@ CVE-2020-25741 [fdc: null pointer dereference during r/w 
data transfer]
 CVE-2020-25740
        RESERVED
 CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for 
Ruby. Mult ...)
+       {DLA-2380-1}
        - ruby-gon <unfixed> (bug #970938)
        NOTE: 
https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
 CVE-2020-25738
@@ -2629,6 +2630,7 @@ CVE-2020-24918
 CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to 
DraftAjaxA ...)
        NOT-FOR-US: osTicket
 CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 
is vulner ...)
+       {DLA-2384-1}
        - yaws 2.0.8+dfsg-1
        NOTE: 
https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
        NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
@@ -3782,6 +3784,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform 
(aka openeclass) throu
 CVE-2020-24380
        RESERVED
 CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 
2.0.7 is vul ...)
+       {DLA-2384-1}
        - yaws 2.0.8+dfsg-1
        NOTE: 
https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
        NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
@@ -3807,6 +3810,7 @@ CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the 
interaction between barriers a
        NOTE: 
https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
        NOTE: https://www.lua.org/bugs.html#5.4.0-10
 CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and 
segmentation faul ...)
+       {DLA-2381-1}
        - lua5.4 <unfixed>
        - lua5.3 <unfixed>
        [buster] - lua5.3 <no-dsa> (Minor issue)
@@ -42126,6 +42130,7 @@ CVE-2020-8232 (An information disclosure vulnerability 
exists in EdgeMax EdgeSwi
        NOT-FOR-US: Edgeswitch
 CVE-2020-8231
        RESERVED
+       {DLA-2382-1}
        - curl 7.72.0-1 (bug #968831)
        NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
        NOTE: https://github.com/curl/curl/pull/5824
@@ -77599,6 +77604,7 @@ CVE-2019-14461
 CVE-2019-14460
        RESERVED
 CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow 
in the fu ...)
+       {DLA-2383-1}
        - nfdump 1.6.18-1 (bug #933740)
        [buster] - nfdump <no-dsa> (Minor issue)
        NOTE: https://github.com/phaag/nfdump/issues/171
@@ -92674,6 +92680,7 @@ CVE-2019-1010059
 CVE-2019-1010058
        RESERVED
 CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow. 
The impact  ...)
+       {DLA-2383-1}
        - nfdump 1.6.17-1
        NOTE: https://github.com/phaag/nfdump/issues/104
        NOTE: 
https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a891da9db88ae6b1a4a83e32aa78b5036b1637e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a891da9db88ae6b1a4a83e32aa78b5036b1637e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to