[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Apr 26 09:10:24 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff60f771 by security tracker role at 2020-04-26T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-12253
+	RESERVED
+CVE-2020-12252
+	RESERVED
+CVE-2020-12251
+	RESERVED
+CVE-2020-12250
+	RESERVED
+CVE-2020-12249
+	RESERVED
 CVE-2020-12248
 	RESERVED
 CVE-2020-12247
@@ -115009,6 +115019,7 @@ CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which k
 	NOTE: https://dev.gnupg.org/T3844
 	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
 CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a u ...)
+	{DLA-2186-1}
 	- ncmpc 0.33-1 (low; bug #894724)
 	[stretch] - ncmpc 0.25-0.1+deb9u1
 	[wheezy] - ncmpc <no-dsa> (Minor issue)
@@ -168717,7 +168728,7 @@ CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3
 	NOTE: https://github.com/libarchive/libarchive/issues/834
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
 CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracl ...)
-	{DLA-934-1}
+	{DLA-2187-1 DLA-934-1}
 	- radicale 1.1.1+20160115-4 (bug #861514)
 	NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x)
 	NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master)
@@ -201137,7 +201148,7 @@ CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create Catalogue
 CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search feature i ...)
 	NOT-FOR-US: SAP Hybris
 CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, a ...)
-	{DLA-605-1}
+	{DLA-2185-1 DLA-605-1}
 	- eog 3.20.4-1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143
 	NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff60f7710883b946b812ff8ed1528d3d52c2ccc8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff60f7710883b946b812ff8ed1528d3d52c2ccc8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200426/33426b02/attachment.html>

More information about the debian-security-tracker-commits mailing list