[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 19 08:10:31 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f753b805 by security tracker role at 2020-02-19T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-9285
+ RESERVED
+CVE-2020-9284
+ RESERVED
+CVE-2020-9283
+ RESERVED
+CVE-2020-9282
+ RESERVED
+CVE-2020-9281
+ RESERVED
+CVE-2020-9280
+ RESERVED
+CVE-2020-9279
+ RESERVED
+CVE-2020-9278
+ RESERVED
+CVE-2020-9277
+ RESERVED
+CVE-2020-9276
+ RESERVED
+CVE-2020-9275
+ RESERVED
+CVE-2020-9274
+ RESERVED
+CVE-2020-9273
+ RESERVED
+CVE-2020-9272
+ RESERVED
+CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...)
+ TODO: check
+CVE-2019-20477 (PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...)
+ TODO: check
+CVE-2019-20476
+ RESERVED
+CVE-2019-20475
+ RESERVED
+CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 1 ...)
+ TODO: check
CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...)
NOT-FOR-US: ICE Hrm
CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...)
@@ -589,7 +627,7 @@ CVE-2020-8999
RESERVED
CVE-2020-8998
REJECTED
-CVE-2020-8997 (Abbott FreeStyle Libre 14-day before February 2020 and FreeStyle Libre ...)
+CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...)
NOT-FOR-US: Abbott FreeStyle Libre
CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...)
NOT-FOR-US: AnyShare Cloud
@@ -1379,8 +1417,8 @@ CVE-2020-8635
RESERVED
CVE-2020-8634
RESERVED
-CVE-2020-8633
- RESERVED
+CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...)
+ TODO: check
CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
- cloud-init 19.4-2 (bug #951363)
[buster] - cloud-init <no-dsa> (Minor issue)
@@ -3327,8 +3365,8 @@ CVE-2020-7798
RESERVED
CVE-2020-7797
RESERVED
-CVE-2020-7796
- RESERVED
+CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...)
+ TODO: check
CVE-2020-7795
RESERVED
CVE-2020-7794
@@ -3994,6 +4032,7 @@ CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a h
[stretch] - libsolv 0.6.24-1+deb9u2
NOTE: https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)
CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...)
+ {DSA-4629-1}
- python-django 2:2.2.10-1 (bug #950581)
[jessie] - python-django <not-affected> (Vulnerable code introduced in Django ~1.9)
NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
@@ -4878,7 +4917,7 @@ CVE-2020-7062
CVE-2020-7061
RESERVED
CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...)
- {DSA-4626-1}
+ {DSA-4628-1 DSA-4626-1}
- php7.4 7.4.2-7
- php7.3 <unfixed>
- php7.0 <removed>
@@ -4886,7 +4925,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi
NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
NOTE: PHP Bug: http://bugs.php.net/79037
CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...)
- {DSA-4626-1}
+ {DSA-4628-1 DSA-4626-1}
- php7.4 7.4.2-7
- php7.3 <unfixed>
- php7.0 <removed>
@@ -47043,7 +47082,7 @@ CVE-2019-11052
CVE-2019-11051
RESERVED
CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
- {DSA-4626-1 DLA-2050-1}
+ {DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
@@ -47058,14 +47097,14 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su
CVE-2019-11048
RESERVED
CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
- {DSA-4626-1 DLA-2050-1}
+ {DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78910
CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...)
- {DSA-4626-1 DLA-2050-1}
+ {DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
@@ -47073,7 +47112,7 @@ CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0
NOTE: PHP Bug: http://bugs.php.net/78878
NOTE: http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...)
- {DSA-4626-1 DLA-2050-1}
+ {DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 <unfixed>
- php7.0 <removed>
- php5 <removed>
@@ -84978,8 +85017,8 @@ CVE-2018-16996
RESERVED
CVE-2018-16995
RESERVED
-CVE-2018-16994
- RESERVED
+CVE-2018-16994 (An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL ...)
+ TODO: check
CVE-2018-16993
RESERVED
CVE-2018-16992
@@ -238187,8 +238226,8 @@ CVE-2015-0751 (Cisco IP Phone 7861, when firmware from Cisco Unified Communicati
NOT-FOR-US: Cisco
CVE-2015-0750 (The administrative web interface in Cisco Hosted Collaboration Solutio ...)
NOT-FOR-US: Cisco
-CVE-2015-0749
- RESERVED
+CVE-2015-0749 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
+ TODO: check
CVE-2015-0748
RESERVED
CVE-2015-0747 (Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release al ...)
@@ -310459,8 +310498,7 @@ CVE-2011-2056
RESERVED
CVE-2011-2055
RESERVED
-CVE-2011-2054
- RESERVED
+CVE-2011-2054 (A vulnerability in the Cisco ASA that could allow a remote attacker to ...)
NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
CVE-2011-2053
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f753b805253f9bf88cc705f6907c0a5514759a94
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f753b805253f9bf88cc705f6907c0a5514759a94
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200219/689d520a/attachment.html>
More information about the debian-security-tracker-commits
mailing list