[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 29 20:10:30 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b385c0d by security tracker role at 2020-02-29T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -508,6 +508,7 @@ CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mo
NOTE: Debian does not build mod_cap and does not use the embedded libcap.
NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap.
CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
+ {DLA-2130-1}
- libapache2-mod-auth-openidc 2.4.1-1
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
@@ -16421,7 +16422,7 @@ CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4621-1}
+ {DSA-4621-1 DLA-2128-1}
- openjdk-8 8u242-b08-1
- openjdk-7 <removed>
CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
@@ -16435,7 +16436,7 @@ CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
- {DSA-4621-1 DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1 DLA-2128-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -16540,7 +16541,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of
CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4621-1 DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1 DLA-2128-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -16550,7 +16551,7 @@ CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Bus
CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4621-1 DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1 DLA-2128-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -16570,7 +16571,7 @@ CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of
CVE-2020-2594
RESERVED
CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4621-1 DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1 DLA-2128-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -16580,7 +16581,7 @@ CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chai
CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
NOT-FOR-US: Oracle
CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4621-1 DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1 DLA-2128-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -16603,7 +16604,7 @@ CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- {DSA-4621-1 DSA-4605-1}
+ {DSA-4621-1 DSA-4605-1 DLA-2128-1}
- openjdk-13 13.0.2+8-1
- openjdk-11 11.0.6+10-1
- openjdk-8 8u242-b08-1
@@ -48561,6 +48562,7 @@ CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbit
CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...)
NOT-FOR-US: network-manager node module
CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...)
+ {DLA-2127-1}
- dojo 1.15.2+dfsg1-1 (bug #952771)
[buster] - dojo <no-dsa> (Minor issue)
NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
@@ -150730,7 +150732,7 @@ CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary
CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...)
NOT-FOR-US: Wanscam's HW0021 network camera
CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...)
- {DLA-1374-1}
+ {DLA-2129-1 DLA-1374-1}
- firebird3.0 3.0.3.32900.ds4-3
[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
- firebird2.5 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b385c0d559b117963de62636bc2e29f17b9088a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b385c0d559b117963de62636bc2e29f17b9088a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200229/c3742123/attachment.html>
More information about the debian-security-tracker-commits
mailing list