[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 5 08:10:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7731c5eb by security tracker role at 2020-12-05T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1538,8 +1538,8 @@ CVE-2020-28952
RESERVED
CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...)
NOT-FOR-US: libuci in OpenWrt
-CVE-2020-28950
- RESERVED
+CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
+ TODO: check
CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
{DLA-2466-1 DLA-2465-1}
- drupal7 <removed>
@@ -6957,36 +6957,31 @@ CVE-2020-27777
- linux 5.9.6-1
[stretch] - linux <ignored> (Only an issue when Secure Boot is implemented)
NOTE: https://git.kernel.org/linus/bd59380c5ba4147dcbaad3e582b55ccfd120b764
-CVE-2020-27776
- RESERVED
+CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
- imagemagick <undetermined>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1736
-CVE-2020-27775
- RESERVED
+CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc
-CVE-2020-27774
- RESERVED
+CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN shift exponent warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
-CVE-2020-27773
- RESERVED
+CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h. An attack ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while package is mainly CLI)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1739
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d71aa8265ffaaf686021a6fbd54c037f71ee3a2
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/be6ffd9f283c2681d74469db8b000701665cf034
-CVE-2020-27772
- RESERVED
+CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
@@ -12863,8 +12858,8 @@ CVE-2020-25451
RESERVED
CVE-2020-25450
RESERVED
-CVE-2020-25449
- RESERVED
+CVE-2020-25449 (Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can ...)
+ TODO: check
CVE-2020-25448
RESERVED
CVE-2020-25447
@@ -15593,7 +15588,7 @@ CVE-2020-24225
RESERVED
CVE-2020-24224
RESERVED
-CVE-2020-24223 (Mara CMS 7.5 allows contact.php?theme= XSS. ...)
+CVE-2020-24223 (Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the ...)
NOT-FOR-US: Mara CMS
CVE-2020-24222
RESERVED
@@ -47000,13 +46995,13 @@ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vu
[experimental] - gitlab 12.8.8-1
- gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...)
+CVE-2020-10974 (An issue was discovered affecting a backup feature where a crafted POS ...)
NOT-FOR-US: Wavlink
CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
NOT-FOR-US: Wavlink
-CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+CVE-2020-10972 (An issue was discovered where a page is exposed that has the current a ...)
NOT-FOR-US: Wavlink
-CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...)
+CVE-2020-10971 (An issue was discovered on Wavlink Jetstream devices where a crafted P ...)
NOT-FOR-US: Wavlink
CVE-2020-10970
RESERVED
@@ -57461,7 +57456,7 @@ CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a
NOT-FOR-US: ZTE
CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
NOT-FOR-US: ZTE
-CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
+CVE-2020-6868 (There is an input validation vulnerability in a PON terminal product o ...)
NOT-FOR-US: ZTE
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
NOT-FOR-US: ZTE
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7731c5ebe10cbc40aeb6a0cc1320797ec607bba0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7731c5ebe10cbc40aeb6a0cc1320797ec607bba0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201205/0872beb5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list