[Git][security-tracker-team/security-tracker][master] new fossil issue

Thu Aug 20 22:53:08 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f44fd0ba by Moritz Muehlenhoff at 2020-08-20T23:52:43+02:00
new fossil issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,6 @@
+CVE-2020-XXXX [fossil RCE]
+	- fossil 1:2.12.1-1
+	NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1
 CVE-2020-24555
 	RESERVED
 CVE-2020-24554
@@ -19362,7 +19365,8 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview
 CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...)
 	NOT-FOR-US: HoRNDIS
 CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication  ...)
-	- etcd <unfixed>
+	- etcd <unfixed> (bug #968752)
+	NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q
 CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
 	NOT-FOR-US: Node save-server
 CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44fd0ba19dda1d2ee892936aa56345f42bf0513

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44fd0ba19dda1d2ee892936aa56345f42bf0513
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200820/cf842bb8/attachment.html>
