[Git][security-tracker-team/security-tracker][master] Add more CVEs for nextcloud-server

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb9c5ec6 by Salvatore Bonaccorso at 2020-02-05T09:40:19+01:00
Add more CVEs for nextcloud-server

There seem to be two nextcloud related ITP's one naming for
src:nextcloud and one for src:nextcloud-server. Are those distinct,
which CVEs need to be re-evaluated?

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30400,13 +30400,13 @@ CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 1
 CVE-2019-15625 (A memory usage vulnerability exists in Trend Micro Password Manager 3. ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-15624 (Improper Input Validation in Nextcloud Server 15.0.7 allows group admi ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2019-15623 (Exposure of Private Information in Nextcloud Server 16.0.1 causes the  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app 3.6.0 al ...)
 	NOT-FOR-US: Nextcloud Android App
 CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1 causes sh ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the existance an ...)
 	TODO: check
 CVE-2019-15619 (Improper neutralization of file names, conversation names and board na ...)
@@ -30414,7 +30414,7 @@ CVE-2019-15619 (Improper neutralization of file names, conversation names and bo
 CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a  ...)
 	TODO: check
 CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker to set  ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS pollution w ...)
 	TODO: check
 CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0 causes a by ...)
@@ -30422,9 +30422,9 @@ CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0 cause
 CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when opening  ...)
 	NOT-FOR-US: Nextcloud iOS App
 CVE-2019-15613 (A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend t ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be c ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0 causes the ...)
 	NOT-FOR-US: Nextcloud iOS App
 CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retaining acce ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb9c5ec67fd2382020635803c509b499ee014562

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb9c5ec67fd2382020635803c509b499ee014562
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/6e96f826/attachment.html>