[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fcdf4059 by security tracker role at 2020-02-04T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...)
+	TODO: check
+CVE-2020-8596
+	RESERVED
+CVE-2020-8595
+	RESERVED
+CVE-2020-8594
+	RESERVED
+CVE-2020-8593
+	RESERVED
+CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...)
+	TODO: check
+CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...)
+	TODO: check
 CVE-2020-8590
 	RESERVED
 CVE-2020-8589
@@ -7252,10 +7266,10 @@ CVE-2020-5238
 	RESERVED
 CVE-2020-5237
 	RESERVED
-CVE-2020-5236
-	RESERVED
-CVE-2020-5235
-	RESERVED
+CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
+	TODO: check
+CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...)
+	TODO: check
 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...)
 	TODO: check
 CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
@@ -10956,12 +10970,12 @@ CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() functi
 	[stretch] - lout <no-dsa> (Minor issue)
 	[jessie] - lout <ignored> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html
-CVE-2020-3939
-	RESERVED
-CVE-2020-3938
-	RESERVED
-CVE-2020-3937
-	RESERVED
+CVE-2020-3939 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...)
+	TODO: check
+CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...)
+	TODO: check
+CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, a ...)
+	TODO: check
 CVE-2020-3936
 	RESERVED
 CVE-2020-3935
@@ -21315,7 +21329,7 @@ CVE-2020-0570
 	NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html
 CVE-2020-0569
 	RESERVED
-	{DLA-2092-1}
+	{DSA-4617-1 DLA-2092-1}
 	- qtbase-opensource-src 5.12.5+dfsg-8
 	NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
 	NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
@@ -49904,7 +49918,7 @@ CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html
 	NOT-FOR-US: YzmCMS
 CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static codes in th ...)
 	NOT-FOR-US: Chuango
-CVE-2019-10782
+CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...)
 	- checkstyle <unfixed>
 	[buster] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
 	[stretch] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
@@ -50491,10 +50505,10 @@ CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a4
 	{DSA-4465-1 DLA-1824-1 DLA-1799-1}
 	- linux 4.19.37-4
 	NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
-CVE-2019-9502
-	RESERVED
-CVE-2019-9501
-	RESERVED
+CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. I ...)
+	TODO: check
+CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. B ...)
+	TODO: check
 CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...)
 	{DSA-4465-1 DLA-1824-1}
 	- linux 4.19.37-4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcdf4059af005cd62ac546ea38b86a3dcdee74b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fcdf4059af005cd62ac546ea38b86a3dcdee74b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200204/1a412777/attachment.html>