[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 10 21:10:25 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b3d521a by security tracker role at 2020-07-10T20:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2020-15686
+ RESERVED
+CVE-2020-15685
+ RESERVED
+CVE-2020-15684
+ RESERVED
+CVE-2020-15683
+ RESERVED
+CVE-2020-15682
+ RESERVED
+CVE-2020-15681
+ RESERVED
+CVE-2020-15680
+ RESERVED
+CVE-2020-15679
+ RESERVED
+CVE-2020-15678
+ RESERVED
+CVE-2020-15677
+ RESERVED
+CVE-2020-15676
+ RESERVED
+CVE-2020-15675
+ RESERVED
+CVE-2020-15674
+ RESERVED
+CVE-2020-15673
+ RESERVED
+CVE-2020-15672
+ RESERVED
+CVE-2020-15671
+ RESERVED
+CVE-2020-15670
+ RESERVED
+CVE-2020-15669
+ RESERVED
+CVE-2020-15668
+ RESERVED
+CVE-2020-15667
+ RESERVED
+CVE-2020-15666
+ RESERVED
+CVE-2020-15665
+ RESERVED
+CVE-2020-15664
+ RESERVED
+CVE-2020-15663
+ RESERVED
+CVE-2020-15662
+ RESERVED
+CVE-2020-15661
+ RESERVED
+CVE-2020-15660
+ RESERVED
+CVE-2020-15659
+ RESERVED
+CVE-2020-15658
+ RESERVED
+CVE-2020-15657
+ RESERVED
+CVE-2020-15656
+ RESERVED
+CVE-2020-15655
+ RESERVED
+CVE-2020-15654
+ RESERVED
+CVE-2020-15653
+ RESERVED
+CVE-2020-15652
+ RESERVED
+CVE-2020-15651
+ RESERVED
+CVE-2020-15650
+ RESERVED
+CVE-2020-15649
+ RESERVED
+CVE-2020-15648
+ RESERVED
+CVE-2020-15647
+ RESERVED
+CVE-2020-15646
+ RESERVED
CVE-2020-15645
RESERVED
CVE-2020-15644
@@ -326,8 +408,8 @@ CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Co
NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15504
- RESERVED
+CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...)
+ TODO: check
CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...)
- libraw <unfixed> (bug #964747)
[buster] - libraw <no-dsa> (Minor issue)
@@ -602,6 +684,7 @@ CVE-2020-15391
CVE-2020-15390
RESERVED
CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
+ {DLA-2277-1}
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1261
NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0
@@ -1395,7 +1478,7 @@ CVE-2020-15013
CVE-2020-15012
RESERVED
CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
- {DLA-2265-1}
+ {DLA-2276-1 DLA-2265-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
CVE-2020-15010
@@ -4044,7 +4127,7 @@ CVE-2020-13985
CVE-2020-13984
RESERVED
CVE-2020-13983
- RESERVED
+ REJECTED
CVE-2020-13982
RESERVED
CVE-2020-13981
@@ -8659,7 +8742,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
NOT-FOR-US: TP-Link
CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
- {DLA-2204-1}
+ {DLA-2276-1 DLA-2204-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
CVE-2020-12107
@@ -9049,7 +9132,7 @@ CVE-2020-11947
CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.11-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
@@ -11269,7 +11352,7 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul
NOT-FOR-US: Project Worlds Official Car Rental System 1
CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
NOT-FOR-US: Project Worlds Official Car Rental System 1
-CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...)
+CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...)
NOT-FOR-US: OpsRamp Gateway
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
@@ -12327,8 +12410,8 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
-CVE-2020-11081
- RESERVED
+CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation vulnerabi ...)
+ TODO: check
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
{DSA-4696-1}
- nodejs 10.21.0~dfsg-1 (bug #962145)
@@ -14598,7 +14681,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
NOTE: Fixed in 6.2.3 and 7.1.0
-CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.1.0, an out-of-bou ...)
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...)
- pillow <unfixed>
[buster] - pillow <no-dsa> (Minor issue)
[jessie] - pillow <no-dsa> (Minor issue)
@@ -15746,7 +15829,6 @@ CVE-2020-9852 (An integer overflow was addressed through improved input validati
CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...)
NOT-FOR-US: Apple
CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -15765,7 +15847,6 @@ CVE-2020-9845
CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -15842,21 +15923,18 @@ CVE-2020-9809 (An information disclosure issue was addressed with improved state
CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -15865,14 +15943,12 @@ CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issu
CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...)
- RESERVED
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -17253,12 +17329,12 @@ CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3)
NOT-FOR-US: HUAWEI
CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
NOT-FOR-US: HUAWEI
-CVE-2020-9260
- RESERVED
+CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...)
+ TODO: check
CVE-2020-9259
RESERVED
-CVE-2020-9258
- RESERVED
+CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...)
+ TODO: check
CVE-2020-9257
RESERVED
CVE-2020-9256
@@ -19143,7 +19219,7 @@ CVE-2020-8452
CVE-2020-8451
RESERVED
CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950802)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -19151,7 +19227,7 @@ CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect bu
NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)
CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950802)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -19680,47 +19756,48 @@ CVE-2020-8201
RESERVED
CVE-2020-8200
RESERVED
-CVE-2020-8199
- RESERVED
-CVE-2020-8198
- RESERVED
-CVE-2020-8197
- RESERVED
-CVE-2020-8196
- RESERVED
-CVE-2020-8195
- RESERVED
-CVE-2020-8194
- RESERVED
-CVE-2020-8193
- RESERVED
+CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)
+ TODO: check
+CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ TODO: check
+CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...)
+ TODO: check
+CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
+ TODO: check
+CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ TODO: check
+CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...)
+ TODO: check
+CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
+ TODO: check
CVE-2020-8192
RESERVED
-CVE-2020-8191
- RESERVED
-CVE-2020-8190
- RESERVED
+CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ TODO: check
+CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
+ TODO: check
CVE-2020-8189
RESERVED
CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
NOT-FOR-US: UniFi Protect
-CVE-2020-8187
- RESERVED
-CVE-2020-8186
- RESERVED
+CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ TODO: check
+CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...)
+ TODO: check
CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that all ...)
[experimental] - rails 6.0.3.2+dfsg-1 (bug #964081)
- rails <not-affected> (Introduced in rails 6.x)
NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
+ {DLA-2275-1}
- ruby-rack <unfixed> (bug #963477)
NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
CVE-2020-8183
RESERVED
CVE-2020-8182
RESERVED
-CVE-2020-8181
- RESERVED
+CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
+ TODO: check
CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
NOT-FOR-US: Nextcloud Talk
CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...)
@@ -19805,7 +19882,7 @@ CVE-2020-8162 (A client side enforcement of server side security vulnerability e
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be
CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...)
- {DLA-2216-1}
+ {DLA-2275-1 DLA-2216-1}
- ruby-rack 2.1.1-5
[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
@@ -19932,7 +20009,7 @@ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control
- gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
- {DLA-2089-1}
+ {DLA-2277-1 DLA-2089-1}
- openjpeg2 <unfixed> (bug #950184)
[buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1231
@@ -20751,10 +20828,10 @@ CVE-2020-7817
RESERVED
CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
NOT-FOR-US: DaView
-CVE-2020-7815
- RESERVED
-CVE-2020-7814
- RESERVED
+CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...)
+ TODO: check
+CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...)
+ TODO: check
CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
NOT-FOR-US: Kaoni
CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
@@ -22917,7 +22994,7 @@ CVE-2020-6853
CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...)
NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...)
- {DLA-2081-1}
+ {DLA-2277-1 DLA-2081-1}
- openjpeg2 <unfixed> (bug #950000)
[buster] - openjpeg2 <no-dsa> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1228
@@ -24894,8 +24971,8 @@ CVE-2020-6116
RESERVED
CVE-2020-6115
RESERVED
-CVE-2020-6114
- RESERVED
+CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...)
+ TODO: check
CVE-2020-6113
RESERVED
CVE-2020-6112
@@ -29961,8 +30038,8 @@ CVE-2020-3976
RESERVED
CVE-2020-3975
RESERVED
-CVE-2020-3974
- RESERVED
+CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
+ TODO: check
CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...)
TODO: check
CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
@@ -38681,6 +38758,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
CVE-2019-18861
RESERVED
CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...)
+ {DLA-2278-1}
- squid 4.9-1 (low)
[buster] - squid <no-dsa> (Minor issue)
- squid3 <removed>
@@ -41330,26 +41408,26 @@ CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195
- linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2019/9/18/337
CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.9-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -59361,7 +59439,7 @@ CVE-2019-13347 (An issue was discovered in the SAML Single Sign On (SSO) plugin
CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
NOT-FOR-US: MyT
CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
- {DSA-4507-1 DLA-1847-1}
+ {DSA-4507-1 DLA-2278-1 DLA-1847-1}
- squid 4.8-1 (bug #931478)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
@@ -60462,6 +60540,7 @@ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in cod
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
+ {DLA-2277-1}
- openjpeg2 <unfixed> (bug #931292)
[buster] - openjpeg2 <no-dsa> (Minor issue)
[jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
@@ -61582,13 +61661,13 @@ CVE-2019-12531
CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
NOT-FOR-US: Dashboard plugin for GLPI
CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...)
- {DSA-4507-1 DLA-1858-1}
+ {DSA-4507-1 DLA-2278-1 DLA-1858-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950925)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
@@ -61604,26 +61683,26 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki
NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded
NOTE: without regard for the size of the target buffer.
CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...)
- {DSA-4507-1 DLA-1858-1}
+ {DSA-4507-1 DLA-2278-1 DLA-1858-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-409956536647b3a05ee1e367424a24ae6b8f13fd.patch
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch
CVE-2019-12524 (An issue was discovered in Squid through 4.7. When handling requests f ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.9-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -61631,19 +61710,19 @@ CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN
CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run as roo ...)
TODO: check
CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.11-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch
CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.11-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
@@ -99090,7 +99169,7 @@ CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO S
CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...)
- bitcoin 0.15.1~dfsg-1
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
- {DLA-1596-1}
+ {DLA-2278-1 DLA-1596-1}
- squid 4.4-1 (low; bug #912294)
- squid3 <removed> (low)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
@@ -298986,7 +299065,7 @@ CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode functi
- iceweasel <not-affected> (Only affects Firefox > 17)
- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1703
- RESERVED
+ REJECTED
CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox > 17)
- icedove <not-affected> (Only affects Firefox > 17)
@@ -301551,7 +301630,7 @@ CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Rub
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-0802
- RESERVED
+ REJECTED
CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
@@ -301942,45 +302021,45 @@ CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerab
CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...)
NOT-FOR-US: Rapid7 Nexpose Security Console
CVE-2012-6492
- RESERVED
+ REJECTED
CVE-2012-6491
- RESERVED
+ REJECTED
CVE-2012-6490
- RESERVED
+ REJECTED
CVE-2012-6489
- RESERVED
+ REJECTED
CVE-2012-6488
- RESERVED
+ REJECTED
CVE-2012-6487
- RESERVED
+ REJECTED
CVE-2012-6486
- RESERVED
+ REJECTED
CVE-2012-6485
- RESERVED
+ REJECTED
CVE-2012-6484
- RESERVED
+ REJECTED
CVE-2012-6483
- RESERVED
+ REJECTED
CVE-2012-6482
- RESERVED
+ REJECTED
CVE-2012-6481
- RESERVED
+ REJECTED
CVE-2012-6480
- RESERVED
+ REJECTED
CVE-2012-6479
- RESERVED
+ REJECTED
CVE-2012-6478
- RESERVED
+ REJECTED
CVE-2012-6477
- RESERVED
+ REJECTED
CVE-2012-6476
- RESERVED
+ REJECTED
CVE-2012-6475
- RESERVED
+ REJECTED
CVE-2012-6474
- RESERVED
+ REJECTED
CVE-2012-6473
- RESERVED
+ REJECTED
CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allo ...)
NOT-FOR-US: WordPress plugin
CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3d521a21d84686f64eda1a266a84f05e951bee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3d521a21d84686f64eda1a266a84f05e951bee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200710/2586da07/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list