[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 10 Oct 2020 13:11:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7691e477 by security tracker role at 2020-10-10T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-26941
+       RESERVED
+CVE-2020-26940
+       RESERVED
+CVE-2020-26939
+       RESERVED
+CVE-2020-26938
+       RESERVED
+CVE-2020-26937
+       RESERVED
+CVE-2020-26936
+       RESERVED
+CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin 
before 4.9.6 ...)
+       TODO: check
+CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS 
through the tr ...)
+       TODO: check
+CVE-2020-26933
+       RESERVED
 CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
        NOT-FOR-US: Netgear
 CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by 
incorrect conf ...)
@@ -28099,6 +28117,7 @@ CVE-2020-13957
        RESERVED
 CVE-2020-13956 [incorrect handling of malformed authority component in request 
URIs]
        RESERVED
+       {DLA-2405-1}
        - httpcomponents-client 4.5.13-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
        NOTE: Fixed by: 
https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e
 (4.5.13-RC1)
@@ -37171,7 +37190,8 @@ CVE-2020-10936 (Sympa before 6.2.56 allows privilege 
escalation. ...)
        NOTE: Patch for sympa-6.1.25: 
https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch
        NOTE: 
https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
        NOTE: https://github.com/sympa-community/sympa/issues/943
-CVE-2020-26932
+CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 
6.2.40~dfsg- ...)
+       {DLA-2401-1}
        - sympa 6.2.40~dfsg-7 (bug #971904)
        NOTE: Debian specific issue where sympa_newaliases-wrapper had loose 
permissions
        NOTE: (already suid root and word-executable) allowing to gain root 
privileges



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7691e4775838ae8c967bfe7733b46e6da4ac4532

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7691e4775838ae8c967bfe7733b46e6da4ac4532
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to