[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Apr 26 21:10:28 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1fddf6f by security tracker role at 2020-04-26T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-12266
+	RESERVED
+CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)
+	TODO: check
+CVE-2020-12264
+	RESERVED
+CVE-2020-12263
+	RESERVED
+CVE-2020-12262
+	RESERVED
+CVE-2020-12261
+	RESERVED
+CVE-2020-12260
+	RESERVED
+CVE-2020-12259
+	RESERVED
+CVE-2020-12258
+	RESERVED
+CVE-2020-12257
+	RESERVED
+CVE-2020-12256
+	RESERVED
+CVE-2020-12255
+	RESERVED
+CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...)
+	TODO: check
+CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
+	TODO: check
 CVE-2020-12253
 	RESERVED
 CVE-2020-12252
@@ -13212,6 +13240,7 @@ CVE-2020-7068
 	RESERVED
 CVE-2020-7067 [OOB Read in urldecode()]
 	RESERVED
+	{DLA-2188-1}
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
 	- php7.0 <removed>
@@ -13219,6 +13248,7 @@ CVE-2020-7067 [OOB Read in urldecode()]
 	NOTE: Fixed in PHP 7.4.5, 7.3.17
 	NOTE: PHP Bug: https://bugs.php.net/79465
 CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below  ...)
+	{DLA-2188-1}
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
 	- php7.0 <removed>
@@ -13233,6 +13263,7 @@ CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while
 	NOTE: Fixed in PHP 7.4.4, 7.3.16
 	NOTE: PHP Bug: https://bugs.php.net/79371
 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below  ...)
+	{DLA-2188-1}
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
 	- php7.0 <removed>
@@ -168597,7 +168628,7 @@ CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows rem
 	NOTE: https://github.com/erikd/libsndfile/issues/230
 	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
 CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers  ...)
-	{DLA-955-1}
+	{DLA-2189-1 DLA-955-1}
 	- rzip 2.1-4.1 (bug #861614)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
 	NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fddf6fe87f6e91d22f4e4a85515dd3fe0071bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fddf6fe87f6e91d22f4e4a85515dd3fe0071bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200426/25457063/attachment.html>


More information about the debian-security-tracker-commits mailing list