[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 27 08:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52d07022 by security tracker role at 2020-01-27T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...)
+ TODO: check
+CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
+ TODO: check
+CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...)
+ TODO: check
+CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...)
+ TODO: check
+CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...)
+ TODO: check
+CVE-2020-7998
+ RESERVED
+CVE-2020-7997
+ RESERVED
+CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...)
+ TODO: check
+CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...)
+ TODO: check
+CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...)
+ TODO: check
+CVE-2020-7993
+ RESERVED
+CVE-2020-7992
+ RESERVED
+CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...)
+ TODO: check
+CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
+ TODO: check
+CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
+ TODO: check
+CVE-2020-7988
+ RESERVED
+CVE-2020-7987
+ RESERVED
+CVE-2020-7986
+ RESERVED
+CVE-2020-7985
+ RESERVED
+CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...)
+ TODO: check
+CVE-2020-7983
+ RESERVED
+CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...)
+ TODO: check
+CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...)
+ TODO: check
+CVE-2019-20430 (In the Lustre file system before 2.12.3, the mdt module has an LBUG pa ...)
+ TODO: check
+CVE-2019-20429 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
+ TODO: check
+CVE-2019-20428 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
+ TODO: check
+CVE-2019-20427 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...)
+ TODO: check
+CVE-2019-20426 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
+ TODO: check
+CVE-2019-20425 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...)
+ TODO: check
+CVE-2019-20424 (In the Lustre file system before 2.12.3, mdt_object_remote in the mdt ...)
+ TODO: check
+CVE-2019-20423 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...)
+ TODO: check
+CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib ...)
+ TODO: check
+CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...)
+ TODO: check
CVE-2020-7982
RESERVED
CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...)
@@ -2037,6 +2103,7 @@ CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/stor
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1
CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
+ {DLA-2076-1}
- libslirp 4.1.0-2 (bug #949084)
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -15322,12 +15389,14 @@ CVE-2020-1769
CVE-2020-1768
RESERVED
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...)
+ {DLA-2079-1}
- otrs2 6.0.25-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
+ {DLA-2079-1}
- otrs2 6.0.25-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -15335,6 +15404,7 @@ CVE-2020-1766 (Due to improper handling of uploaded images it is possible in ver
NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5)
CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...)
+ {DLA-2079-1}
- otrs2 6.0.25-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -23239,6 +23309,7 @@ CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable
NOTE: should upgrade to Log4j 2.x.
NOTE: Fixed by https://src.fedoraproject.org/rpms/log4j12/c/d4c817c458d69dcc629a7271999d178b0dcb7c74?branch=master
CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.parser ...)
+ {DLA-2078-1}
- libxmlrpc3-java <unfixed> (bug #949089)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
@@ -23256,7 +23327,7 @@ CVE-2019-17565
CVE-2019-17564
RESERVED
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...)
- {DSA-4596-1}
+ {DSA-4596-1 DLA-2077-1}
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -39672,7 +39743,7 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in
CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...)
NOT-FOR-US: Apache CFX
CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...)
- {DSA-4596-1}
+ {DSA-4596-1 DLA-2077-1}
- tomcat9 <unfixed>
- tomcat8 <removed>
- tomcat7 <removed>
@@ -216746,6 +216817,7 @@ CVE-2015-6739
CVE-2015-6738
RESERVED
CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. ...)
+ {DLA-2075-1}
- jsoup 1.8.3-1 (bug #797275)
[wheezy] - jsoup <no-dsa> (Minor issue)
NOTE: https://github.com/jhy/jsoup/pull/582
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d0702218d4186f541a6eb17bbd94c9f5be8613
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d0702218d4186f541a6eb17bbd94c9f5be8613
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200127/056f15d5/attachment.html>
More information about the debian-security-tracker-commits
mailing list