[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 1 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83d467c7 by security tracker role at 2020-08-01T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-16265
+ RESERVED
+CVE-2020-16264
+ RESERVED
CVE-2020-16263
RESERVED
CVE-2020-16262
@@ -6625,7 +6629,7 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers
CVE-2020-13626
RESERVED
CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
- {DLA-2244-1}
+ {DLA-2306-1 DLA-2244-1}
- libphp-phpmailer 6.1.6-1 (bug #962827)
[buster] - libphp-phpmailer <no-dsa> (Minor issue)
NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
@@ -17272,6 +17276,7 @@ CVE-2020-9926
RESERVED
CVE-2020-9925
RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17297,6 +17302,7 @@ CVE-2020-9916
RESERVED
CVE-2020-9915
RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17342,6 +17348,7 @@ CVE-2020-9896
RESERVED
CVE-2020-9895
RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17349,6 +17356,7 @@ CVE-2020-9895
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
CVE-2020-9894
RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17356,6 +17364,7 @@ CVE-2020-9894
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
CVE-2020-9893
RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17423,6 +17432,7 @@ CVE-2020-9863
RESERVED
CVE-2020-9862
RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -19910,7 +19920,7 @@ CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain x
CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...)
NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices
CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...)
- {DLA-2116-1}
+ {DLA-2304-1 DLA-2116-1}
- libpam-radius-auth 1.4.0-3 (bug #951396)
[buster] - libpam-radius-auth 1.4.0-3~deb10u1
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
@@ -117073,7 +117083,7 @@ CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External En
CVE-2018-1000545
REJECTED
CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...)
- {DLA-1467-1}
+ {DLA-2307-1 DLA-1467-1}
- ruby-zip 1.2.2-1 (bug #902720)
NOTE: https://github.com/rubyzip/rubyzip/issues/369
NOTE: Part of fixes:
@@ -122847,7 +122857,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a
CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
NOT-FOR-US: CSP MySQL User Manager
CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
- {DLA-2218-1}
+ {DLA-2305-1 DLA-2218-1}
- transmission 3.00-1 (bug #961461)
[buster] - transmission 2.94-2+deb10u1
NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d467c7e31b19e827a6f18cc481ef7d7c3c6375
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d467c7e31b19e827a6f18cc481ef7d7c3c6375
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200801/bff0bb85/attachment.html>
More information about the debian-security-tracker-commits
mailing list