[Git][security-tracker-team/security-tracker][master] 2 commits: Add three CVEs for zulip-server, itp'ed
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 21 10:25:04 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1ba6582 by Salvatore Bonaccorso at 2020-04-21T11:22:56+02:00
Add three CVEs for zulip-server, itp'ed
- - - - -
fd41f8b3 by Salvatore Bonaccorso at 2020-04-21T11:24:18+02:00
Associate two NFU entries with zulip-server (itp'ed)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3485,7 +3485,7 @@ CVE-2020-10937
CVE-2020-10936
RESERVED
CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...)
NOT-FOR-US: Acyba AcyMailing
CVE-2020-10933
@@ -7072,9 +7072,9 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to
NOTE: https://bugreports.qt.io/browse/QTBUG-70693
NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...)
NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server)
CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...)
@@ -21747,7 +21747,7 @@ CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel
CVE-2019-19776
RESERVED
CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to befor ...)
- NOT-FOR-US: Zulip
+ - zulip-server <itp> (bug #800052)
CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...)
NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...)
@@ -28302,7 +28302,7 @@ CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec
NOTE: Debian binary packages not built with --enable-ipsecmod
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...)
- NOT-FOR-US: Zulip
+ - zulip-server <itp> (bug #800052)
CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...)
- sarg 2.4.0-1 (unimportant; bug #951390)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/343ffb3433747876009000a74a220e20b8d6b967...fd41f8b32c2a39672ba3e83d8150bdf33f0b91e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/343ffb3433747876009000a74a220e20b8d6b967...fd41f8b32c2a39672ba3e83d8150bdf33f0b91e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200421/ca4c6cdf/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list