[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jul 3 09:10:25 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80ee8e8a by security tracker role at 2020-07-03T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-15511
+	RESERVED
+CVE-2020-15510
+	RESERVED
 CVE-2020-15509
 	RESERVED
 CVE-2020-15508
@@ -89,8 +93,7 @@ CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a
 	NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
 CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
 	NOT-FOR-US: ffjpeg
-CVE-2020-15469
-	RESERVED
+CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
 	- qemu <unfixed> (low)
 	[buster] - qemu <postponed> (Minor issue, fix along in next DSA)
 	[stretch] - qemu <postponed> (Minor issue, fix along in next DSA)
@@ -3167,10 +3170,10 @@ CVE-2020-14175
 	RESERVED
 CVE-2020-14174
 	RESERVED
-CVE-2020-14173
-	RESERVED
-CVE-2020-14172
-	RESERVED
+CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...)
+	TODO: check
+CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+	TODO: check
 CVE-2020-14171
 	RESERVED
 CVE-2020-14170
@@ -20030,10 +20033,10 @@ CVE-2020-7921 (Improper serialization of internal state in the authorization sub
 	[stretch] - mongodb <no-dsa> (Minor issue)
 	[jessie] - mongodb <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/SERVER-45472
-CVE-2019-20419
-	RESERVED
-CVE-2019-20418
-	RESERVED
+CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+	TODO: check
+CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+	TODO: check
 CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -58799,6 +58802,7 @@ CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses th
 CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
 	NOT-FOR-US: MindPalette NateMail
 CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
+	{DSA-4712-1}
 	- imagemagick <unfixed> (low; bug #931633)
 	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ee8e8a4655495d10c5ed2fdd19e07d85641e3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ee8e8a4655495d10c5ed2fdd19e07d85641e3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200703/c35af8df/attachment.html>


More information about the debian-security-tracker-commits mailing list