[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 26 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1fddf6f by security tracker role at 2020-04-26T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-12266
+ RESERVED
+CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)
+ TODO: check
+CVE-2020-12264
+ RESERVED
+CVE-2020-12263
+ RESERVED
+CVE-2020-12262
+ RESERVED
+CVE-2020-12261
+ RESERVED
+CVE-2020-12260
+ RESERVED
+CVE-2020-12259
+ RESERVED
+CVE-2020-12258
+ RESERVED
+CVE-2020-12257
+ RESERVED
+CVE-2020-12256
+ RESERVED
+CVE-2020-12255
+ RESERVED
+CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...)
+ TODO: check
+CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
+ TODO: check
CVE-2020-12253
RESERVED
CVE-2020-12252
@@ -13212,6 +13240,7 @@ CVE-2020-7068
RESERVED
CVE-2020-7067 [OOB Read in urldecode()]
RESERVED
+ {DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
- php7.0 <removed>
@@ -13219,6 +13248,7 @@ CVE-2020-7067 [OOB Read in urldecode()]
NOTE: Fixed in PHP 7.4.5, 7.3.17
NOTE: PHP Bug: https://bugs.php.net/79465
CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...)
+ {DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
- php7.0 <removed>
@@ -13233,6 +13263,7 @@ CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while
NOTE: Fixed in PHP 7.4.4, 7.3.16
NOTE: PHP Bug: https://bugs.php.net/79371
CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...)
+ {DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
- php7.0 <removed>
@@ -168597,7 +168628,7 @@ CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows rem
NOTE: https://github.com/erikd/libsndfile/issues/230
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...)
- {DLA-955-1}
+ {DLA-2189-1 DLA-955-1}
- rzip 2.1-4.1 (bug #861614)
NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fddf6fe87f6e91d22f4e4a85515dd3fe0071bd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1fddf6fe87f6e91d22f4e4a85515dd3fe0071bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200426/25457063/attachment.html>
More information about the debian-security-tracker-commits
mailing list