[Git][security-tracker-team/security-tracker][master] bugs for markdown issues

Moritz Muehlenhoff jmm at debian.org
Tue Jul 21 20:41:50 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f21d3008 by Moritz Muehlenhoff at 2020-07-21T21:41:28+02:00
bugs for markdown issues
bug for bareos

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13009,7 +13009,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
 	NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and  ...)
-	- bareos <unfixed>
+	- bareos <unfixed> (bug #965985)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
 	- glpi <removed> (unimportant)
@@ -19424,7 +19424,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr
 	[stretch] - qemu <postponed> (Minor issue)
 	- qemu-kvm <removed>
 	- slirp <unfixed>
-	[buster] - slirp <no-dsa> (Minor issue)
+	[buster] - slirp <ignored> (Minor issue, too intrusive to backport)
 	- slirp4netns 1.0.1-1
 	[buster] - slirp4netns <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
@@ -27631,11 +27631,16 @@ CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can
 CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
 	NOT-FOR-US: Mailu
 CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...)
-	- cmark-gfm <unfixed>
-	- python-cmarkgfm <unfixed>
-	- ruby-commonmarker <unfixed>
-	- haskell-cmark-gfm <unfixed>
-	- r-cran-commonmark <unfixed>
+	- cmark-gfm <unfixed> (bug #965984)
+	[buster] - cmark-gfm <no-dsa> (Minor issue)
+	- python-cmarkgfm <unfixed> (bug #965983)
+	[buster] - python-cmarkgfm <no-dsa> (Minor issue)
+	- ruby-commonmarker <unfixed>(bug #965981)
+	[buster] - ruby-commonmarker <no-dsa> (Minor issue)
+	- haskell-cmark-gfm <unfixed> (bug #965982)
+	[buster] - haskell-cmark-gfm <no-dsa> (Minor issue)
+	- r-cran-commonmark <unfixed> (bug #965980)
+	[buster] - r-cran-commonmark <no-dsa> (Minor issue)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
 	NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 
 CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...)
@@ -30532,7 +30537,7 @@ CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by
 CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
 	NOT-FOR-US: phpMussel
 CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to  ...)
-	- bareos <unfixed>
+	- bareos <unfixed> (bug #965985)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
 	NOT-FOR-US: Bolt CMS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21d3008caa9bec120e6f509b7a54129b82ad581

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f21d3008caa9bec120e6f509b7a54129b82ad581
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200721/cbef5ac4/attachment.html>

More information about the debian-security-tracker-commits mailing list