[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2020-12272/opendmarc

Salvatore Bonaccorso carnil at debian.org
Wed Apr 29 08:14:26 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cbf8a1a7 by Salvatore Bonaccorso at 2020-04-29T09:13:28+02:00
Add CVE-2020-12272/opendmarc

- - - - -
f62bac2a by Salvatore Bonaccorso at 2020-04-29T09:13:56+02:00
Add CVE-2019-20790/opendmarc

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -362,7 +362,9 @@ CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url
 CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
 	NOT-FOR-US: TestLink
 CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
-	TODO: check
+	- opendmarc <unfixed>
+	NOTE: https://sourceforge.net/p/opendmarc/tickets/237/
+	NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
 CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
 	NOT-FOR-US: SFOS
 CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alpha ...)
@@ -376,7 +378,10 @@ CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before
 CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...)
 	TODO: check
 CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...)
-	TODO: check
+	- opendmarc <unfixed>
+	NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
+	NOTE: https://sourceforge.net/p/opendmarc/tickets/235/
+	NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
 CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...)
 	NOT-FOR-US: WAVLINK
 CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70a20b215efa3b2d5445ebdfd301444ea33f8b60...f62bac2a95224d01cae33e86bc2b6f8655c07f4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/70a20b215efa3b2d5445ebdfd301444ea33f8b60...f62bac2a95224d01cae33e86bc2b6f8655c07f4a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200429/e77e7192/attachment.html>

More information about the debian-security-tracker-commits mailing list