Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f21d3008 by Moritz Muehlenhoff at 2020-07-21T21:41:28+02:00 bugs for markdown issues bug for bareos - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13009,7 +13009,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) - - bareos <unfixed> + - bareos <unfixed> (bug #965985) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) - glpi <removed> (unimportant) @@ -19424,7 +19424,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr [stretch] - qemu <postponed> (Minor issue) - qemu-kvm <removed> - slirp <unfixed> - [buster] - slirp <no-dsa> (Minor issue) + [buster] - slirp <ignored> (Minor issue, too intrusive to backport) - slirp4netns 1.0.1-1 [buster] - slirp4netns <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 @@ -27631,11 +27631,16 @@ CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...) NOT-FOR-US: Mailu CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...) - - cmark-gfm <unfixed> - - python-cmarkgfm <unfixed> - - ruby-commonmarker <unfixed> - - haskell-cmark-gfm <unfixed> - - r-cran-commonmark <unfixed> + - cmark-gfm <unfixed> (bug #965984) + [buster] - cmark-gfm <no-dsa> (Minor issue) + - python-cmarkgfm <unfixed> (bug #965983) + [buster] - python-cmarkgfm <no-dsa> (Minor issue) + - ruby-commonmarker <unfixed>(bug #965981) + [buster] - ruby-commonmarker <no-dsa> (Minor issue) + - haskell-cmark-gfm <unfixed> (bug #965982) + [buster] - haskell-cmark-gfm <no-dsa> (Minor issue) + - r-cran-commonmark <unfixed> (bug #965980) + [buster] - r-cran-commonmark <no-dsa> (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...) @@ -30532,7 +30537,7 @@ CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...) NOT-FOR-US: phpMussel CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to ...) - - bareos <unfixed> + - bareos <unfixed> (bug #965985) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...) NOT-FOR-US: Bolt CMS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21d3008caa9bec120e6f509b7a54129b82ad581 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21d3008caa9bec120e6f509b7a54129b82ad581 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits