[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 25 21:10:33 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b01252c1 by security tracker role at 2020-04-25T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35371,7 +35371,7 @@ CVE-2019-17628
CVE-2019-17627 (The Yale Bluetooth Key application for mobile devices allows unauthori ...)
NOT-FOR-US: Yale Bluetooth Key application for mobile devices
CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of toCol ...)
- {DLA-2112-1}
+ {DSA-4663-1 DLA-2112-1}
- python-reportlab 3.5.34-1 (bug #942763)
NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
NOTE: Minimal patch in https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code#comment-55887892
@@ -184808,7 +184808,7 @@ CVE-2016-9890
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...)
NOT-FOR-US: Tiki Wiki
CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...)
- {DLA-740-1}
+ {DLA-2183-1 DLA-740-1}
- libgsf 1.14.41-1
NOTE: Fixed by: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
CVE-2016-9887
@@ -205134,7 +205134,7 @@ CVE-2015-8936 (Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squ
NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5
NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2
CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on Wind ...)
- {DLA-611-1}
+ {DLA-2184-1 DLA-611-1}
- jsch 0.1.54-1 (low)
NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01252c1d98aca76a7c1063d876e7dcc2b873a5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b01252c1d98aca76a7c1063d876e7dcc2b873a5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200425/5cf20abe/attachment.html>
More information about the debian-security-tracker-commits
mailing list