[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Feb 29 20:10:30 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b385c0d by security tracker role at 2020-02-29T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -508,6 +508,7 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mo
 	NOTE: Debian does not build mod_cap and does not use the embedded libcap.
 	NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap.
 CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
+	{DLA-2130-1}
 	- libapache2-mod-auth-openidc 2.4.1-1
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
@@ -16421,7 +16422,7 @@ CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <unfixed> (bug #949994)
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
 CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4621-1}
+	{DSA-4621-1 DLA-2128-1}
 	- openjdk-8 8u242-b08-1
 	- openjdk-7 <removed>
 CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
@@ -16435,7 +16436,7 @@ CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
-	{DSA-4621-1 DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -16540,7 +16541,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of
 CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4621-1 DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -16550,7 +16551,7 @@ CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Bus
 CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4621-1 DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -16570,7 +16571,7 @@ CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of
 CVE-2020-2594
 	RESERVED
 CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4621-1 DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -16580,7 +16581,7 @@ CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chai
 CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4621-1 DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -16603,7 +16604,7 @@ CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <unfixed> (bug #949994)
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
 CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4621-1 DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1 DLA-2128-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -48561,6 +48562,7 @@ CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbit
 CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...)
 	NOT-FOR-US: network-manager node module
 CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...)
+	{DLA-2127-1}
 	- dojo 1.15.2+dfsg1-1 (bug #952771)
 	[buster] - dojo <no-dsa> (Minor issue)
 	NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
@@ -150730,7 +150732,7 @@ CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary
 CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...)
 	NOT-FOR-US: Wanscam's HW0021 network camera
 CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...)
-	{DLA-1374-1}
+	{DLA-2129-1 DLA-1374-1}
 	- firebird3.0 3.0.3.32900.ds4-3
 	[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
 	- firebird2.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b385c0d559b117963de62636bc2e29f17b9088a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b385c0d559b117963de62636bc2e29f17b9088a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200229/c3742123/attachment.html>


More information about the debian-security-tracker-commits mailing list