[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 22 21:10:33 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5aded3a4 by security tracker role at 2020-08-22T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14521,11 +14521,11 @@ CVE-2020-17370
 CVE-2020-17369
 	RESERVED
 CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of  ...)
-	{DSA-4742-1}
+	{DSA-4742-1 DLA-2336-1}
 	- firejail 0.9.62-4
 	NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
 CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...)
-	{DSA-4742-1}
+	{DSA-4742-1 DLA-2336-1}
 	- firejail 0.9.62-4
 	NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
 CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1.  ...)
@@ -18088,6 +18088,7 @@ CVE-2020-15710
 	RESERVED
 CVE-2020-15709
 	RESERVED
+	{DLA-2339-1}
 	- software-properties <unfixed> (bug #968850)
 	[buster] - software-properties <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1
@@ -18165,6 +18166,7 @@ CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Lin
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
 	NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
 CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...)
+	{DLA-2337-1}
 	- python3.9 3.9.0~b5-1 (low)
 	- python3.8 3.8.5-1 (low)
 	- python3.7 <removed> (low)
@@ -68565,7 +68567,7 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0
 CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...)
 	NOT-FOR-US: D-Link
 CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)
-	{DLA-2280-1 DLA-1925-1 DLA-1924-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1925-1 DLA-1924-1}
 	- python3.8 3.8.0~b4-1
 	- python3.7 3.7.4-4
 	[buster] - python3.7 3.7.3-2+deb10u1
@@ -77771,7 +77773,7 @@ CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give
 CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...)
 	NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator
 CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
-	{DLA-2280-1 DLA-1906-1 DLA-1889-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1906-1 DLA-1889-1}
 	- python3.7 3.7.3~rc1-1
 	- python3.5 <removed>
 	- python3.4 <removed>
@@ -87995,7 +87997,7 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
 CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
 	NOT-FOR-US: Western Digital
 CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
-	{DLA-2280-1 DLA-1852-1 DLA-1834-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1852-1 DLA-1834-1}
 	- python3.7 3.7.4~rc2-2
 	[buster] - python3.7 3.7.3-2+deb10u1
 	- python3.6 <removed>
@@ -88009,7 +88011,7 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: sche
 	NOTE: https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca (2.7)
 	NOTE: https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641 (2.7)
 CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
-	{DLA-2280-1 DLA-1835-1 DLA-1834-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
 	- python3.7 3.7.4~rc2-2
 	[buster] - python3.7 3.7.3-2+deb10u1
 	- python3.6 <removed>
@@ -89559,7 +89561,7 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection
 	NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
 	NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
 CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
-	{DLA-2280-1 DLA-1835-1 DLA-1834-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
 	- python3.7 3.7.4~rc2-2
 	[buster] - python3.7 3.7.3-2+deb10u1
 	- python3.6 <removed>
@@ -89837,7 +89839,7 @@ CVE-2019-9643
 CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...)
 	- extplorer <removed>
 CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...)
-	{DLA-2280-1 DLA-1835-1 DLA-1834-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
 	- python3.7 3.7.3~rc1-1 (bug #924072)
 	- python3.6 <removed>
 	- python3.5 <removed>
@@ -102031,7 +102033,7 @@ CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the W
 CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
 	NOT-FOR-US: CleanMyMac
 CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...)
-	{DLA-2280-1 DLA-1834-1 DLA-1663-1}
+	{DLA-2337-1 DLA-2280-1 DLA-1834-1 DLA-1663-1}
 	- python3.7 3.7.2-2 (bug #921064)
 	- python3.6 <removed> (bug #921063)
 	- python3.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aded3a4c725b6a084c8513192f7c3f7679650b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aded3a4c725b6a084c8513192f7c3f7679650b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/e0528bfa/attachment.html>


More information about the debian-security-tracker-commits mailing list