[Git][security-tracker-team/security-tracker][master] Track two CVEs for nextcloud-server

Tue, 10 Nov 2020 12:55:01 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c52cc49a by Salvatore Bonaccorso at 2020-11-10T21:54:33+01:00
Track two CVEs for nextcloud-server

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49823,7 +49823,7 @@ CVE-2020-8151 (There is a possible information 
disclosure issue in Active Resour
        NOTE: ActiveResource was extracted to a separate gem in starting in the 
4.0 rails
        NOTE: release as it was not widely used.
 CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an 
attacker t ...)
-       TODO: check
+       - nextcloud-server <itp> (bug #941708)
 CVE-2020-8149 (Lack of output sanitization allowed an attack to execute 
arbitrary she ...)
        NOT-FOR-US: Node logkitty
 CVE-2020-8148 (UniFi Cloud Key firmware &lt; 1.1.6 contains a vulnerability 
that enab ...)
@@ -49859,7 +49859,7 @@ CVE-2020-8135 (The uppy npm package &lt; 1.9.3 is 
vulnerable to a Server-Side Re
 CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS 
&lt; 3.1 ...)
        NOT-FOR-US: Ghost CMS
 CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in 
Nextcl ...)
-       TODO: check
+       - nextcloud-server <itp> (bug #941708)
 CVE-2020-8132 (Lack of input validation in pdf-image npm package version &lt;= 
2.0.0  ...)
        NOT-FOR-US: Node pdf-image package
 CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 
allows  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to