[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jul 11 09:10:22 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3006724f by security tracker role at 2020-07-11T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1270,8 +1270,8 @@ CVE-2020-15107
 	RESERVED
 CVE-2020-15106
 	RESERVED
-CVE-2020-15105
-	RESERVED
+CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
+	TODO: check
 CVE-2020-15104
 	RESERVED
 CVE-2020-15103
@@ -12467,8 +12467,8 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
 	NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
 	NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11061
-	RESERVED
+CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and  ...)
+	TODO: check
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
@@ -29888,8 +29888,8 @@ CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by
 	NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
 CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
 	NOT-FOR-US: phpMussel
-CVE-2020-4042
-	RESERVED
+CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to  ...)
+	TODO: check
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3006724f86a6703a375e1e467e42e5b5173d2d2f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3006724f86a6703a375e1e467e42e5b5173d2d2f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200711/b9d8bf4b/attachment.html>

More information about the debian-security-tracker-commits mailing list