Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f21d3008 by Moritz Muehlenhoff at 2020-07-21T21:41:28+02:00
bugs for markdown issues
bug for bareos
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13009,7 +13009,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6,
multiple reflexive XSS oc
NOTE:
https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9,
18.2.8, and ...)
- - bareos <unfixed>
+ - bareos <unfixed> (bug #965985)
NOTE:
https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands
by abusi ...)
- glpi <removed> (unimportant)
@@ -19424,7 +19424,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU
4.2.0, tcp_subr.c misuses snpr
[stretch] - qemu <postponed> (Minor issue)
- qemu-kvm <removed>
- slirp <unfixed>
- [buster] - slirp <no-dsa> (Minor issue)
+ [buster] - slirp <ignored> (Minor issue, too intrusive to backport)
- slirp4netns 1.0.1-1
[buster] - slirp4netns <no-dsa> (Minor issue)
NOTE:
https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
@@ -27631,11 +27631,16 @@ CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user
with access to the CMS can
CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit
a vulne ...)
NOT-FOR-US: Mailu
CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version
0.29.0. ...)
- - cmark-gfm <unfixed>
- - python-cmarkgfm <unfixed>
- - ruby-commonmarker <unfixed>
- - haskell-cmark-gfm <unfixed>
- - r-cran-commonmark <unfixed>
+ - cmark-gfm <unfixed> (bug #965984)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
+ - python-cmarkgfm <unfixed> (bug #965983)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
+ - ruby-commonmarker <unfixed>(bug #965981)
+ [buster] - ruby-commonmarker <no-dsa> (Minor issue)
+ - haskell-cmark-gfm <unfixed> (bug #965982)
+ [buster] - haskell-cmark-gfm <no-dsa> (Minor issue)
+ - r-cran-commonmark <unfixed> (bug #965980)
+ [buster] - r-cran-commonmark <no-dsa> (Minor issue)
NOTE:
https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
NOTE:
https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4
CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the
oneup/uploader ...)
@@ -30532,7 +30537,7 @@ CVE-2020-4044 (The xrdp-sesman service before version
0.9.13.1 can be crashed by
CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an
unserializati ...)
NOT-FOR-US: phpMussel
CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious
client to ...)
- - bareos <unfixed>
+ - bareos <unfixed> (bug #965985)
NOTE:
https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded
files was v ...)
NOT-FOR-US: Bolt CMS
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21d3008caa9bec120e6f509b7a54129b82ad581
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21d3008caa9bec120e6f509b7a54129b82ad581
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
