[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Aug 16 21:10:23 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0434659 by security tracker role at 2020-08-16T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-24363
+	RESERVED
+CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
+	TODO: check
 CVE-2020-24362
 	RESERVED
 CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
@@ -16955,6 +16959,7 @@ CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 commu
 	NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2
 	NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6
 CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other  ...)
+	{DLA-2329-1}
 	- libetpan <unfixed> (bug #966647)
 	NOTE: https://github.com/dinhvh/libetpan/issues/386
 	NOTE: https://github.com/dinhvh/libetpan/pull/387
@@ -67375,7 +67380,7 @@ CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via
 CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
-	{DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+	{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -67383,7 +67388,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
 	NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
 	NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
 CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
-	{DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+	{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -67574,7 +67579,7 @@ CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expo
 CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
 	NOT-FOR-US: MISP
 CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
-	{DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+	{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
 	- ruby2.5 2.5.7-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -93029,7 +93034,7 @@ CVE-2019-8327
 CVE-2019-8326
 	RESERVED
 CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
-	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
+	{DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -93039,7 +93044,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...)
-	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
+	{DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -93049,7 +93054,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...)
-	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
+	{DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -93059,7 +93064,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...)
-	{DSA-4433-1 DLA-1796-1 DLA-1735-1}
+	{DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -93069,7 +93074,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
-	{DSA-4433-1 DLA-1796-1}
+	{DSA-4433-1 DLA-2330-1 DLA-1796-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -93080,7 +93085,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
 	NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
 	NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
 CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...)
-	{DSA-4433-1 DLA-1735-1}
+	{DSA-4433-1 DLA-2330-1 DLA-1735-1}
 	- ruby2.5 2.5.5-1
 	- ruby2.3 <removed>
 	- ruby2.1 <removed>
@@ -160323,7 +160328,7 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
 CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
 	NOT-FOR-US: UCOPIA Wireless Appliance
 CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
-	{DSA-4259-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+	{DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
 	- jruby <unfixed>
 	- ruby2.5 2.5.1-1
 	- ruby2.3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a04346590b810aaed2855d28287c73b24c879b0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a04346590b810aaed2855d28287c73b24c879b0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200816/a23de12b/attachment.html>

More information about the debian-security-tracker-commits mailing list