Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7731c5eb by security tracker role at 2020-12-05T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1538,8 +1538,8 @@ CVE-2020-28952
RESERVED
CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may
encounter ...)
NOT-FOR-US: libuci in OpenWrt
-CVE-2020-28950
- RESERVED
+CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior
to KART 4 ...)
+ TODO: check
CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only
to addre ...)
{DLA-2466-1 DLA-2465-1}
- drupal7 <removed>
@@ -6957,36 +6957,31 @@ CVE-2020-27777
- linux 5.9.6-1
[stretch] - linux <ignored> (Only an issue when Secure Boot is
implemented)
NOTE:
https://git.kernel.org/linus/bd59380c5ba4147dcbaad3e582b55ccfd120b764
-CVE-2020-27776
- RESERVED
+CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An
attacker ...)
- imagemagick <undetermined>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1736
-CVE-2020-27775
- RESERVED
+CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An
attacker w ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc
-CVE-2020-27774
- RESERVED
+CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An
attacker ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN shift exponent
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
-CVE-2020-27773
- RESERVED
+CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h.
An attack ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while
package is mainly CLI)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1739
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/3d71aa8265ffaaf686021a6fbd54c037f71ee3a2
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/be6ffd9f283c2681d74469db8b000701665cf034
-CVE-2020-27772
- RESERVED
+CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker
who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
@@ -12863,8 +12858,8 @@ CVE-2020-25451
RESERVED
CVE-2020-25450
RESERVED
-CVE-2020-25449
- RESERVED
+CVE-2020-25449 (Cross Site Scripting (XSS) vulnerability in Arachnys Cabot
0.11.12 can ...)
+ TODO: check
CVE-2020-25448
RESERVED
CVE-2020-25447
@@ -15593,7 +15588,7 @@ CVE-2020-24225
RESERVED
CVE-2020-24224
RESERVED
-CVE-2020-24223 (Mara CMS 7.5 allows contact.php?theme= XSS. ...)
+CVE-2020-24223 (Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php
via the ...)
NOT-FOR-US: Mara CMS
CVE-2020-24222
RESERVED
@@ -47000,13 +46995,13 @@ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking
metadata and comments on vu
[experimental] - gitlab 12.8.8-1
- gitlab 13.2.3-2
NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 -
M79X3.V5030.180719 and ...)
+CVE-2020-10974 (An issue was discovered affecting a backup feature where a
crafted POS ...)
NOT-FOR-US: Wavlink
CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4
M30HG4.V5030.191116 dev ...)
NOT-FOR-US: Wavlink
-CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4
M30HG4.V5030.191116 dev ...)
+CVE-2020-10972 (An issue was discovered where a page is exposed that has the
current a ...)
NOT-FOR-US: Wavlink
-CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3
M79X3.V5030.180719, WL-W ...)
+CVE-2020-10971 (An issue was discovered on Wavlink Jetstream devices where a
crafted P ...)
NOT-FOR-US: Wavlink
CVE-2020-10970
RESERVED
@@ -57461,7 +57456,7 @@ CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20
product is impacted by a
NOT-FOR-US: ZTE
CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an
informati ...)
NOT-FOR-US: ZTE
-CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control
vulnerabi ...)
+CVE-2020-6868 (There is an input validation vulnerability in a PON terminal
product o ...)
NOT-FOR-US: ZTE
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management
error vul ...)
NOT-FOR-US: ZTE
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7731c5ebe10cbc40aeb6a0cc1320797ec607bba0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7731c5ebe10cbc40aeb6a0cc1320797ec607bba0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
