Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7e008b6 by security tracker role at 2020-11-26T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read
because it tr ...)
+ TODO: check
+CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read
because it tri ...)
+ TODO: check
CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of
entitie ...)
TODO: check
CVE-2020-29127
@@ -126,7 +130,7 @@ CVE-2020-29067
CVE-2020-29066
RESERVED
CVE-2020-29065
- RESERVED
+ REJECTED
CVE-2020-29064
RESERVED
CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
@@ -173,10 +177,10 @@ CVE-2020-29045
RESERVED
CVE-2020-29044
RESERVED
-CVE-2020-29043
- RESERVED
-CVE-2020-29042
- RESERVED
+CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When
at attac ...)
+ TODO: check
+CVE-2020-29042 (An issue was discovered in BigBlueButton through 2.2.29. A
brute-force ...)
+ TODO: check
CVE-2020-29041
RESERVED
CVE-2020-29040 (An issue was discovered in Xen through 4.14.x allowing x86 HVM
guest O ...)
@@ -5728,6 +5732,7 @@ CVE-2020-27784
RESERVED
CVE-2020-27783
RESERVED
+ {DLA-2467-1}
- lxml 4.6.1-1
NOTE:
https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e
(lxml-4.6.1)
CVE-2020-27782
@@ -6544,10 +6549,10 @@ CVE-2020-27665 (In Strapi before 3.2.5, there is no
admin::hasPermissions restri
NOT-FOR-US: Strapi
CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in
Strapi befo ...)
NOT-FOR-US: Strapi
-CVE-2020-27663
- RESERVED
-CVE-2020-27662
- RESERVED
+CVE-2020-27663 (In GLPI before 9.5.3, ajax/getDropdownValue.php has an
Insecure Direct ...)
+ TODO: check
+CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct
Object ...)
+ TODO: check
CVE-2020-27661 [divide by zero in dwc2_handle_packet() in hw/usb/hcd-dwc2.c]
RESERVED
- qemu <unfixed> (bug #972864)
@@ -7517,8 +7522,8 @@ CVE-2020-27209
RESERVED
CVE-2020-27208
RESERVED
-CVE-2020-27207
- RESERVED
+CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free,
related to sq ...)
+ TODO: check
CVE-2020-27206
RESERVED
CVE-2020-27205
@@ -8174,8 +8179,8 @@ CVE-2020-26938
RESERVED
CVE-2020-26937
RESERVED
-CVE-2020-26936
- RESERVED
+CVE-2020-26936 (Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a
CSRF at ...)
+ TODO: check
CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin
before 4.9.6 ...)
{DLA-2413-1}
- phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000)
@@ -36942,8 +36947,8 @@ CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl
(aka p5-Crypt-Perl) module
- libcrypt-perl-perl <itp> (bug #907353)
NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
NOTE:
https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2
-CVE-2020-13886
- RESERVED
+CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and
TIP 300 6 ...)
+ TODO: check
CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure
Permissions w ...)
NOT-FOR-US: Citrix
CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure
Permissions a ...)
@@ -54082,10 +54087,10 @@ CVE-2020-7781
RESERVED
CVE-2020-7780
RESERVED
-CVE-2020-7779
- RESERVED
-CVE-2020-7778
- RESERVED
+CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular
Expressi ...)
+ TODO: check
+CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The
attacker ...)
+ TODO: check
CVE-2020-7777 (This affects all versions of package jsen. If an attacker can
control ...)
NOT-FOR-US: Node jsen
CVE-2020-7776
@@ -127075,7 +127080,7 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka
polkit) 0.115 that allows a u
NOTE:
https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
NOTE:
https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126
CVE-2018-19787 (An issue was discovered in lxml before 4.2.5.
lxml/html/clean.py in th ...)
- {DLA-1604-1}
+ {DLA-2467-1 DLA-1604-1}
- lxml 4.2.5-1
NOTE: Fixed by:
https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109
(lxml-4.2.5)
CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the
server log i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e008b611072d89465ee34495212e46a46c4425
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e008b611072d89465ee34495212e46a46c4425
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
