[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26164/kdeconnect
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d6220cbb by Salvatore Bonaccorso at 2020-10-05T22:42:40+02:00 Add CVE-2020-26164/kdeconnect - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -799,8 +799,20 @@ CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file NOT-FOR-US: qdPM CVE-2020-26165 RESERVED -CVE-2020-26164 - RESERVED +CVE-2020-26164 [packet manipulation can be exploited in a Denial of Service attack] + RESERVED + - kdeconnect + NOTE: https://kde.org/info/security/advisory-20201002-1.txt + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163 + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/d35b88c1b25fe13715f9170f18674d476ca9acdc + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b496e66899e5bc9547b6537a7f44ab44dd0aaf38 + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/5310eae85dbdf92fba30375238a2481f2e34943e + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/721ba9faafb79aac73973410ee1dd3624ded97a5 + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/ae58b9dec49c809b85b5404cee17946116f8a706 + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/66c768aa9e7fba30b119c8b801efd49ed1270b0a + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/85b691e40f525e22ca5cc4ebe79c361d71d7dc05 + NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306 CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Ori ...) NOT-FOR-US: BigBlueButton Greenlight CVE-2020-26162 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6220cbb716c0e993a6406e68d75e9040b52e184 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6220cbb716c0e993a6406e68d75e9040b52e184 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-8223/nextcloud-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5c5e2ca8 by Salvatore Bonaccorso at 2020-10-05T22:36:38+02:00 Add CVE-2020-8223/nextcloud-server - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43200,7 +43200,7 @@ CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to loa NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 NOTE: https://hackerone.com/reports/622170 CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...) - TODO: check + - nextcloud-server (bug #941708) CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure 9.1R ...) NOT-FOR-US: Pulse CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure 9.1R ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5e2ca8677aa21b37af880a27df3ad98f6bf8df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c5e2ca8677aa21b37af880a27df3ad98f6bf8df You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c08965ca by Salvatore Bonaccorso at 2020-10-05T22:36:01+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -796,7 +796,7 @@ CVE-2020-26168 CVE-2020-26167 RESERVED CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...) - TODO: check + NOT-FOR-US: qdPM CVE-2020-26165 RESERVED CVE-2020-26164 @@ -1056,7 +1056,7 @@ CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/ra [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041 CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...) - TODO: check + NOT-FOR-US: ClickStudios Passwordstate Password Reset Portal CVE-2020-26060 RESERVED CVE-2020-26059 @@ -1083,7 +1083,7 @@ CVE-2020-26050 CVE-2020-26049 RESERVED CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...) - TODO: check + NOT-FOR-US: CuppaCMS CVE-2020-26047 RESERVED CVE-2020-26046 @@ -5121,7 +5121,7 @@ CVE-2020-24233 CVE-2020-24232 RESERVED CVE-2020-24231 (Symmetric DS 3.12.0 uses mx4j to provide access to JMX over HTTP. ...) - TODO: check + NOT-FOR-US: Symmetric DS CVE-2020-24230 RESERVED CVE-2020-24229 @@ -21278,7 +21278,7 @@ CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) NOT-FOR-US: Delta Electronics CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) NOT-FOR-US: Delta Electronics CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) @@ -31517,7 +31517,7 @@ CVE-2020-12304 CVE-2020-12303 RESERVED CVE-2020-12302 (Improper permissions in the Intel(R) Driver Support Assistant be ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) NOT-FOR-US: Intel CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...) @@ -42105,7 +42105,7 @@ CVE-2020-8673 CVE-2020-8672 RESERVED CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8670 RESERVED CVE-2020-8669 @@ -43161,7 +43161,7 @@ CVE-2020-8237 (Prototype pollution in json-bigint npm package 1.0.0 may lea CVE-2020-8236 RESERVED CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...) - TODO: check + NOT-FOR-US: Nextcloud Deck CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware v1.9.1 w ...) NOT-FOR-US: EdgeMax EdgeSwitch firmware CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware v1 ...) @@ -43183,7 +43183,7 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop NOTE: Windows-specific code in shell_integration/windows/OCUtil NOTE: https://hackerone.com/reports/588562 CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...) - TODO: check + NOT-FOR-US: Preferred Providers app CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) @@ -43296,7 +43296,7 @@ CVE-2020-8184 (A reliance on cookies without validation/integrity check security CVE-2020-8183 RESERVED CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...) - TODO: check + NOT-FOR-US: Nextcloud Deck CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...) @@ -52676,7 +52676,7 @@ CVE-2020-4495 CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...) NOT-FOR-US: IBM CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...) NOT-FOR-US: IBM CVE-2020-4491 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08965ca0ad0624c6dd3a0c1e90ae1334d32229b
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6682b38f by security tracker role at 2020-10-05T20:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,5 @@ +CVE-2020-26562 + RESERVED CVE-2020-26561 RESERVED CVE-2020-26560 @@ -793,8 +795,8 @@ CVE-2020-26168 RESERVED CVE-2020-26167 RESERVED -CVE-2020-26166 - RESERVED +CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...) + TODO: check CVE-2020-26165 RESERVED CVE-2020-26164 @@ -1053,8 +1055,8 @@ CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/ra - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041 -CVE-2020-26061 - RESERVED +CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...) + TODO: check CVE-2020-26060 RESERVED CVE-2020-26059 @@ -1080,8 +1082,8 @@ CVE-2020-26050 RESERVED CVE-2020-26049 RESERVED -CVE-2020-26048 - RESERVED +CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...) + TODO: check CVE-2020-26047 RESERVED CVE-2020-26046 @@ -1998,12 +2000,10 @@ CVE-2020-25637 [double free in qemuAgentGetInterfaces() in qemu_agent.c] NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0) -CVE-2020-25636 - RESERVED +CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...) - ansible (Vulnerable connection/aws_ssm plugin not included) NOTE: https://github.com/ansible-collections/community.aws/issues/221 -CVE-2020-25635 - RESERVED +CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...) - ansible (Vulnerable connection/aws_ssm plugin not included) NOTE: https://github.com/ansible-collections/community.aws/issues/222 CVE-2020-25634 @@ -5120,8 +5120,8 @@ CVE-2020-24233 RESERVED CVE-2020-24232 RESERVED -CVE-2020-24231 - RESERVED +CVE-2020-24231 (Symmetric DS 3.12.0 uses mx4j to provide access to JMX over HTTP. ...) + TODO: check CVE-2020-24230 RESERVED CVE-2020-24229 @@ -21277,8 +21277,8 @@ CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, NOT-FOR-US: Philips CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) NOT-FOR-US: Delta Electronics -CVE-2020-16226 - RESERVED +CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...) + TODO: check CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) NOT-FOR-US: Delta Electronics CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) @@ -23748,12 +23748,12 @@ CVE-2020-15239 RESERVED CVE-2020-15238 RESERVED -CVE-2020-15237 - RESERVED -CVE-2020-15236 - RESERVED -CVE-2020-15235 - RESERVED +CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...) + TODO: check +CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...) + TODO: check +CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...) + TODO: check CVE-2020-15234 (ORY Fosite is a security first OAuth2 OpenID Connect framework f ...) NOT-FOR-US: ORY Fosite CVE-2020-15233 (ORY Fosite is a security first OAuth2 OpenID Connect framework f ...) @@ -31516,8 +31516,8 @@ CVE-2020-12304 RESERVED CVE-2020-12303 RESERVED -CVE-2020-12302 - RESERVED +CVE-2020-12302 (Improper permissions in the Intel(R) Driver Support Assistant be ...) + TODO: check CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) NOT-FOR-US: Intel CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...) @@ -42104,8 +42104,8 @@ CVE-2020-8673 RESERVED CVE-2020-8672 RESERVED -CVE-2020-8671 - RESERVED +CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...) + TODO: check CVE-2020-8670 RESERVED CVE-2020-8669 @@ -43160,8 +43160,8 @@ CVE-2020-8237 (Prototype pollution in json-bigint npm package 1.0.0 may lea NOT-FOR-US: Node
[Git][security-tracker-team/security-tracker][master] netbeans fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f067e2d by Moritz Muehlenhoff at 2020-10-05T11:20:49+02:00
netbeans fixed
mark three sqlite issues as ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -28175,6 +28175,7 @@ CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite
before 3.32.0 has a NULL point
NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to
the name ...)
- sqlite3 3.32.0-1
+ [buster] - sqlite3 (Minor issue, too intrusive to backport)
[stretch] - sqlite3 (Vulnerable code not present)
[jessie] - sqlite3 (Too intrusive to backport)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -58415,7 +58416,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1
mishandles NOT NULL in an inte
NOTE:
https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger
infinite ...)
- sqlite3 3.30.1+fossil191229-1 (bug #946612)
- [buster] - sqlite3 (Minor issue)
+ [buster] - sqlite3 (Minor issue, too intrusive to backport)
[stretch] - sqlite3 (Vulnerable code introduced later)
[jessie] - sqlite3 (Minor issue)
NOTE:
https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
@@ -58546,7 +58547,7 @@ CVE-2019-19604 (Arbitrary command execution is possible
in Git before 2.20.2, 2.
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a
nonexistent ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 (Minor issue)
+ [buster] - sqlite3 (Minor issue, too intrusive to backport)
[stretch] - sqlite3 (vulnerable code not present)
[jessie] - sqlite3 (Minor issue)
NOTE:
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
@@ -69089,11 +69090,11 @@ CVE-2019-17563 (When using FORM authentication with
Apache Tomcat 9.0.0.M1 to 9.
CVE-2019-17562 (A buffer overflow vulnerability has been found in the
baremetal compon ...)
NOT-FOR-US: Apache CloudStack
CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully
validate code s ...)
- - netbeans (unimportant)
- NOTE: Debian packages updated via apt
+ - netbeans 12.1-1 (unimportant)
+ NOTE: Debian packages updated via apt, starting with 12.1 only some
classes are shipped
CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL
certific ...)
- - netbeans (unimportant)
- NOTE: Debian packages updated via apt
+ - netbeans 12.1-1 (unimportant)
+ NOTE: Debian packages updated via apt, starting with 12.1 only some
classes are shipped
CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to
6.2.3, 7.0. ...)
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f067e2d1428e7e3e5979f8fca414f859120a32b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f067e2d1428e7e3e5979f8fca414f859120a32b
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fec4b81b by Thorsten Alteholz at 2020-10-05T11:11:16+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,10 +46,11 @@ ceph NOTE: 20200928: Packages prepared and available at http://apt.inguza.net/stretch-lts/ceph/ NOTE: 20200928: If someone know how to test the packages please take this build and upload (after testing it). -- -cimg +cimg (Thorsten Alteholz) NOTE: 20200709: Upstream patch is against a newer "load_network_external" NOTE: 20200709: method (vs "load_network") but is still missing the argument NOTE: 20200709: sanitisation. (lamby) + NOTE: 20201005: checking whether reverse dependencies still build/work -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec4b81be32384b1ed0e7670f06cb217f7b5309b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec4b81be32384b1ed0e7670f06cb217f7b5309b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: c128705d by Holger Levsen at 2020-10-05T10:35:47+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen hol...@layer-acht.org - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -46,7 +46,7 @@ ceph NOTE: 20200928: Packages prepared and available at http://apt.inguza.net/stretch-lts/ceph/ NOTE: 20200928: If someone know how to test the packages please take this build and upload (after testing it). -- -cimg (Thorsten Alteholz) +cimg NOTE: 20200709: Upstream patch is against a newer "load_network_external" NOTE: 20200709: method (vs "load_network") but is still missing the argument NOTE: 20200709: sanitisation. (lamby) @@ -118,7 +118,7 @@ packagekit -- php7.0 (Roberto C. Sánchez) -- -php-horde-trean (Mike Gabriel) +php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c128705d8187ba8d877e5dce2331f4c7e6dd3998 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c128705d8187ba8d877e5dce2331f4c7e6dd3998 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67930c1a by security tracker role at 2020-10-05T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2020-26561 + RESERVED +CVE-2020-26560 + RESERVED +CVE-2020-26559 + RESERVED +CVE-2020-26558 + RESERVED +CVE-2020-26557 + RESERVED +CVE-2020-26556 + RESERVED +CVE-2020-26555 + RESERVED +CVE-2020-26554 + RESERVED CVE-2020-26553 RESERVED CVE-2020-26552 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67930c1a078961fb46da240434cc7c1da69593c0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67930c1a078961fb46da240434cc7c1da69593c0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark xchat as removed from unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08aabf25 by Salvatore Bonaccorso at 2020-10-05T09:34:38+02:00 Mark xchat as removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -332367,7 +332367,7 @@ CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...) NOT-FOR-US: Family Connections CMS CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...) - - xchat (unimportant; bug #686454) + - xchat (unimportant; bug #686454) CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...) NOT-FOR-US: Adminimize plugin for Wordpress CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08aabf250a7bc2d02a9f6ef4f2e8c4afaba535a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08aabf250a7bc2d02a9f6ef4f2e8c4afaba535a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
