[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Aug 29 09:10:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31294e14 by security tracker role at 2020-08-29T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-25015
+	RESERVED
 CVE-2020-25014
 	RESERVED
 CVE-2020-25013
@@ -20360,18 +20362,18 @@ CVE-2020-15161
 	RESERVED
 CVE-2020-15160
 	RESERVED
-CVE-2020-15159
-	RESERVED
+CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...)
+	TODO: check
 CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message  ...)
 	NOT-FOR-US: libIEC61850
 CVE-2020-15157
 	RESERVED
 CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user  ...)
 	NOT-FOR-US: nodebb-plugin-blog-comments
-CVE-2020-15155
-	RESERVED
-CVE-2020-15154
-	RESERVED
+CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...)
+	TODO: check
+CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...)
+	TODO: check
 CVE-2020-15153
 	RESERVED
 CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
@@ -22335,37 +22337,37 @@ CVE-2020-14407
 CVE-2020-14406
 	RESERVED
 CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
 CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
 CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
 CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
 CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
 CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13.  ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
 CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13.  ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
@@ -22376,7 +22378,7 @@ CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improp
 	[jessie] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b
 CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
@@ -22893,7 +22895,7 @@ CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
 	NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
 	NOTE: Vulnerable code is introduced with the fix for CVE-2017-18922.
 CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
-	{DLA-2264-1}
+	{DLA-2347-1 DLA-2264-1}
 	- libvncserver 0.9.13+dfsg-1
 	[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
@@ -328110,8 +328112,8 @@ CVE-2012-4820 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2
 	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
 CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossa ...)
 	NOT-FOR-US: IBM InfoSphere
-CVE-2012-4818
-	RESERVED
+CVE-2012-4818 (IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remo ...)
+	TODO: check
 CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
 	NOT-FOR-US: IBM AIX, VIOS
 CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows rem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31294e141fba03eef18067f32ff5cda7ca5a9e5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31294e141fba03eef18067f32ff5cda7ca5a9e5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200829/c353317c/attachment.html>

More information about the debian-security-tracker-commits mailing list