[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Feb 27 08:10:20 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c6503ba by security tracker role at 2020-02-27T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -338,7 +338,7 @@ CVE-2020-9275
 CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer  ...)
 	TODO: check
 CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
-	{DLA-2115-1}
+	{DSA-4635-1 DLA-2115-1}
 	- proftpd-dfsg 1.3.6c-1 (bug #951800)
 	NOTE: https://github.com/proftpd/proftpd/issues/903
 	NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master)
@@ -1431,6 +1431,7 @@ CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing
 	- gitlab <not-affected> (Only affects EE version)
 	NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/
 CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...)
+	{DSA-4634-1}
 	- opensmtpd 6.6.4p1-1 (bug #952453)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5
 	NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
@@ -2871,6 +2872,7 @@ CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earli
 	- node-yarnpkg <unfixed>
 	NOTE: https://hackerone.com/reports/730239
 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...)
+	{DLA-2120-1}
 	- rake 12.3.3-1
 	NOTE: https://hackerone.com/reports/651518
 	NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3)
@@ -13099,10 +13101,10 @@ CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign securi
 	NOT-FOR-US: ServiSign security plugin
 CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
 	NOT-FOR-US: ServiSign security plugin
-CVE-2020-3924
-	RESERVED
-CVE-2020-3923
-	RESERVED
+CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
+	TODO: check
+CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
+	TODO: check
 CVE-2020-3922
 	RESERVED
 CVE-2020-3921
@@ -24587,8 +24589,8 @@ CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based bu
 	NOT-FOR-US: Fuji
 CVE-2019-18239
 	RESERVED
-CVE-2019-18238
-	RESERVED
+CVE-2019-18238 (Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Config ...)
+	TODO: check
 CVE-2019-18237
 	RESERVED
 CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
@@ -42498,7 +42500,7 @@ CVE-2019-12884
 CVE-2019-12883
 	RESERVED
 CVE-2019-12882
-	RESERVED
+	REJECTED
 CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c  ...)
 	- linux <undetermined>
 	NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
@@ -75319,7 +75321,7 @@ CVE-2018-19670
 CVE-2018-19669
 	RESERVED
 CVE-2018-19668
-	RESERVED
+	REJECTED
 CVE-2018-19667
 	RESERVED
 CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users to gain ...)
@@ -166618,8 +166620,8 @@ CVE-2017-6373
 	RESERVED
 CVE-2017-6372
 	RESERVED
-CVE-2017-6371
-	RESERVED
+CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...)
+	TODO: check
 CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...)
 	NOT-FOR-US: TYPO3
 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...)
@@ -166640,8 +166642,8 @@ CVE-2017-6365
 	RESERVED
 CVE-2017-6364
 	RESERVED
-CVE-2017-6363
-	RESERVED
+CVE-2017-6363 (** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, t ...)
+	TODO: check
 CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 befo ...)
 	{DSA-3961-1 DLA-1106-1}
 	- libgd2 2.2.5-1
@@ -168211,7 +168213,7 @@ CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by:
 CVE-2017-5862
 	RESERVED
 CVE-2017-5861
-	RESERVED
+	REJECTED
 CVE-2017-5860
 	RESERVED
 CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vu ...)
@@ -223376,8 +223378,8 @@ CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy be
 	NOTE: https://nodesecurity.io/advisories/10
 CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote at ...)
 	NOT-FOR-US: Anchor CMS
-CVE-2015-5686
-	RESERVED
+CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be susceptibl ...)
+	TODO: check
 CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstra ...)
 	{DLA-312-1}
 	- libtorrent-rasterbar 1.0.6-1 (bug #797046)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200227/bc762023/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list