[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 3 09:10:25 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80ee8e8a by security tracker role at 2020-07-03T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-15511
+ RESERVED
+CVE-2020-15510
+ RESERVED
CVE-2020-15509
RESERVED
CVE-2020-15508
@@ -89,8 +93,7 @@ CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a
NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
NOT-FOR-US: ffjpeg
-CVE-2020-15469
- RESERVED
+CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
- qemu <unfixed> (low)
[buster] - qemu <postponed> (Minor issue, fix along in next DSA)
[stretch] - qemu <postponed> (Minor issue, fix along in next DSA)
@@ -3167,10 +3170,10 @@ CVE-2020-14175
RESERVED
CVE-2020-14174
RESERVED
-CVE-2020-14173
- RESERVED
-CVE-2020-14172
- RESERVED
+CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...)
+ TODO: check
+CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2020-14171
RESERVED
CVE-2020-14170
@@ -20030,10 +20033,10 @@ CVE-2020-7921 (Improper serialization of internal state in the authorization sub
[stretch] - mongodb <no-dsa> (Minor issue)
[jessie] - mongodb <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/SERVER-45472
-CVE-2019-20419
- RESERVED
-CVE-2019-20418
- RESERVED
+CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
+CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -58799,6 +58802,7 @@ CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses th
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
+ {DSA-4712-1}
- imagemagick <unfixed> (low; bug #931633)
[stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ee8e8a4655495d10c5ed2fdd19e07d85641e3d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ee8e8a4655495d10c5ed2fdd19e07d85641e3d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200703/c35af8df/attachment.html>
More information about the debian-security-tracker-commits
mailing list