[Git][security-tracker-team/security-tracker][master] one teeworlds issue is a dupe

Moritz Muehlenhoff jmm at debian.org
Sat Jul 4 18:06:23 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f04fe339 by Moritz Muehlenhoff at 2020-07-04T19:05:45+02:00
one teeworlds issue is a dupe
buster/stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -257,6 +257,8 @@ CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain p
 	NOT-FOR-US: IOBit Malware Fighter Pro
 CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...)
 	- cakephp <unfixed>
+	[buster] - cakephp <no-dsa> (Minor issue)
+	[stretch] - cakephp <no-dsa> (Minor issue)
 CVE-2020-15399
 	RESERVED
 CVE-2020-15398
@@ -8468,9 +8470,8 @@ CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request w
 	NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10)
 	NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing.
 CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
-	- teeworlds <unfixed>
-	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
-	NOTE: https://www.teeworlds.com/forum/viewtopic.php?pid=123860
+	NOTE: Duplicate of CVE-2019-10877
+	TODO: reject with MITRE
 CVE-2020-12058
 	RESERVED
 CVE-2020-12057
@@ -177018,6 +177019,8 @@ CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who sub
 CVE-2017-8761 [Swift tempurl middleware reveals signatures in the logfiles]
 	RESERVED
 	- swift <unfixed>
+	[buster] - swift <no-dsa> (Minor issue)
+	[stretch] - swift <no-dsa> (Minor issue)
 	[jessie] - swift <end-of-life> (Not supported in Jessie LTS)
 	NOTE: https://bugs.launchpad.net/swift/+bug/1685798
 CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180.  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+curl (ghedo)
 --
 ffmpeg (jmm)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04fe339b514b2e1a44e4138d09e4718ac985d90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04fe339b514b2e1a44e4138d09e4718ac985d90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200704/b52c8a08/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list