[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 27 08:10:20 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c6503ba by security tracker role at 2020-02-27T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -338,7 +338,7 @@ CVE-2020-9275
CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...)
TODO: check
CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
- {DLA-2115-1}
+ {DSA-4635-1 DLA-2115-1}
- proftpd-dfsg 1.3.6c-1 (bug #951800)
NOTE: https://github.com/proftpd/proftpd/issues/903
NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master)
@@ -1431,6 +1431,7 @@ CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing
- gitlab <not-affected> (Only affects EE version)
NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...)
+ {DSA-4634-1}
- opensmtpd 6.6.4p1-1 (bug #952453)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5
NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
@@ -2871,6 +2872,7 @@ CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earli
- node-yarnpkg <unfixed>
NOTE: https://hackerone.com/reports/730239
CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...)
+ {DLA-2120-1}
- rake 12.3.3-1
NOTE: https://hackerone.com/reports/651518
NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3)
@@ -13099,10 +13101,10 @@ CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign securi
NOT-FOR-US: ServiSign security plugin
CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
NOT-FOR-US: ServiSign security plugin
-CVE-2020-3924
- RESERVED
-CVE-2020-3923
- RESERVED
+CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
+ TODO: check
+CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
+ TODO: check
CVE-2020-3922
RESERVED
CVE-2020-3921
@@ -24587,8 +24589,8 @@ CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based bu
NOT-FOR-US: Fuji
CVE-2019-18239
RESERVED
-CVE-2019-18238
- RESERVED
+CVE-2019-18238 (Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Config ...)
+ TODO: check
CVE-2019-18237
RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
@@ -42498,7 +42500,7 @@ CVE-2019-12884
CVE-2019-12883
RESERVED
CVE-2019-12882
- RESERVED
+ REJECTED
CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c ...)
- linux <undetermined>
NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
@@ -75319,7 +75321,7 @@ CVE-2018-19670
CVE-2018-19669
RESERVED
CVE-2018-19668
- RESERVED
+ REJECTED
CVE-2018-19667
RESERVED
CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users to gain ...)
@@ -166618,8 +166620,8 @@ CVE-2017-6373
RESERVED
CVE-2017-6372
RESERVED
-CVE-2017-6371
- RESERVED
+CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...)
+ TODO: check
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...)
NOT-FOR-US: TYPO3
CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...)
@@ -166640,8 +166642,8 @@ CVE-2017-6365
RESERVED
CVE-2017-6364
RESERVED
-CVE-2017-6363
- RESERVED
+CVE-2017-6363 (** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, t ...)
+ TODO: check
CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 befo ...)
{DSA-3961-1 DLA-1106-1}
- libgd2 2.2.5-1
@@ -168211,7 +168213,7 @@ CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by:
CVE-2017-5862
RESERVED
CVE-2017-5861
- RESERVED
+ REJECTED
CVE-2017-5860
RESERVED
CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vu ...)
@@ -223376,8 +223378,8 @@ CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy be
NOTE: https://nodesecurity.io/advisories/10
CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote at ...)
NOT-FOR-US: Anchor CMS
-CVE-2015-5686
- RESERVED
+CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be susceptibl ...)
+ TODO: check
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstra ...)
{DLA-312-1}
- libtorrent-rasterbar 1.0.6-1 (bug #797046)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200227/bc762023/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list