[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Jul 28 09:10:28 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57f35fba by security tracker role at 2020-07-28T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,273 @@
+CVE-2020-16091
+	RESERVED
+CVE-2020-16090
+	RESERVED
+CVE-2020-16089
+	RESERVED
+CVE-2020-16088
+	RESERVED
+CVE-2020-16087
+	RESERVED
+CVE-2020-16086
+	RESERVED
+CVE-2020-16085
+	RESERVED
+CVE-2020-16084
+	RESERVED
+CVE-2020-16083
+	RESERVED
+CVE-2020-16082
+	RESERVED
+CVE-2020-16081
+	RESERVED
+CVE-2020-16080
+	RESERVED
+CVE-2020-16079
+	RESERVED
+CVE-2020-16078
+	RESERVED
+CVE-2020-16077
+	RESERVED
+CVE-2020-16076
+	RESERVED
+CVE-2020-16075
+	RESERVED
+CVE-2020-16074
+	RESERVED
+CVE-2020-16073
+	RESERVED
+CVE-2020-16072
+	RESERVED
+CVE-2020-16071
+	RESERVED
+CVE-2020-16070
+	RESERVED
+CVE-2020-16069
+	RESERVED
+CVE-2020-16068
+	RESERVED
+CVE-2020-16067
+	RESERVED
+CVE-2020-16066
+	RESERVED
+CVE-2020-16065
+	RESERVED
+CVE-2020-16064
+	RESERVED
+CVE-2020-16063
+	RESERVED
+CVE-2020-16062
+	RESERVED
+CVE-2020-16061
+	RESERVED
+CVE-2020-16060
+	RESERVED
+CVE-2020-16059
+	RESERVED
+CVE-2020-16058
+	RESERVED
+CVE-2020-16057
+	RESERVED
+CVE-2020-16056
+	RESERVED
+CVE-2020-16055
+	RESERVED
+CVE-2020-16054
+	RESERVED
+CVE-2020-16053
+	RESERVED
+CVE-2020-16052
+	RESERVED
+CVE-2020-16051
+	RESERVED
+CVE-2020-16050
+	RESERVED
+CVE-2020-16049
+	RESERVED
+CVE-2020-16048
+	RESERVED
+CVE-2020-16047
+	RESERVED
+CVE-2020-16046
+	RESERVED
+CVE-2020-16045
+	RESERVED
+CVE-2020-16044
+	RESERVED
+CVE-2020-16043
+	RESERVED
+CVE-2020-16042
+	RESERVED
+CVE-2020-16041
+	RESERVED
+CVE-2020-16040
+	RESERVED
+CVE-2020-16039
+	RESERVED
+CVE-2020-16038
+	RESERVED
+CVE-2020-16037
+	RESERVED
+CVE-2020-16036
+	RESERVED
+CVE-2020-16035
+	RESERVED
+CVE-2020-16034
+	RESERVED
+CVE-2020-16033
+	RESERVED
+CVE-2020-16032
+	RESERVED
+CVE-2020-16031
+	RESERVED
+CVE-2020-16030
+	RESERVED
+CVE-2020-16029
+	RESERVED
+CVE-2020-16028
+	RESERVED
+CVE-2020-16027
+	RESERVED
+CVE-2020-16026
+	RESERVED
+CVE-2020-16025
+	RESERVED
+CVE-2020-16024
+	RESERVED
+CVE-2020-16023
+	RESERVED
+CVE-2020-16022
+	RESERVED
+CVE-2020-16021
+	RESERVED
+CVE-2020-16020
+	RESERVED
+CVE-2020-16019
+	RESERVED
+CVE-2020-16018
+	RESERVED
+CVE-2020-16017
+	RESERVED
+CVE-2020-16016
+	RESERVED
+CVE-2020-16015
+	RESERVED
+CVE-2020-16014
+	RESERVED
+CVE-2020-16013
+	RESERVED
+CVE-2020-16012
+	RESERVED
+CVE-2020-16011
+	RESERVED
+CVE-2020-16010
+	RESERVED
+CVE-2020-16009
+	RESERVED
+CVE-2020-16008
+	RESERVED
+CVE-2020-16007
+	RESERVED
+CVE-2020-16006
+	RESERVED
+CVE-2020-16005
+	RESERVED
+CVE-2020-16004
+	RESERVED
+CVE-2020-16003
+	RESERVED
+CVE-2020-16002
+	RESERVED
+CVE-2020-16001
+	RESERVED
+CVE-2020-16000
+	RESERVED
+CVE-2020-15999
+	RESERVED
+CVE-2020-15998
+	RESERVED
+CVE-2020-15997
+	RESERVED
+CVE-2020-15996
+	RESERVED
+CVE-2020-15995
+	RESERVED
+CVE-2020-15994
+	RESERVED
+CVE-2020-15993
+	RESERVED
+CVE-2020-15992
+	RESERVED
+CVE-2020-15991
+	RESERVED
+CVE-2020-15990
+	RESERVED
+CVE-2020-15989
+	RESERVED
+CVE-2020-15988
+	RESERVED
+CVE-2020-15987
+	RESERVED
+CVE-2020-15986
+	RESERVED
+CVE-2020-15985
+	RESERVED
+CVE-2020-15984
+	RESERVED
+CVE-2020-15983
+	RESERVED
+CVE-2020-15982
+	RESERVED
+CVE-2020-15981
+	RESERVED
+CVE-2020-15980
+	RESERVED
+CVE-2020-15979
+	RESERVED
+CVE-2020-15978
+	RESERVED
+CVE-2020-15977
+	RESERVED
+CVE-2020-15976
+	RESERVED
+CVE-2020-15975
+	RESERVED
+CVE-2020-15974
+	RESERVED
+CVE-2020-15973
+	RESERVED
+CVE-2020-15972
+	RESERVED
+CVE-2020-15971
+	RESERVED
+CVE-2020-15970
+	RESERVED
+CVE-2020-15969
+	RESERVED
+CVE-2020-15968
+	RESERVED
+CVE-2020-15967
+	RESERVED
+CVE-2020-15966
+	RESERVED
+CVE-2020-15965
+	RESERVED
+CVE-2020-15964
+	RESERVED
+CVE-2020-15963
+	RESERVED
+CVE-2020-15962
+	RESERVED
+CVE-2020-15961
+	RESERVED
+CVE-2020-15960
+	RESERVED
+CVE-2020-15959
+	RESERVED
+CVE-2020-15958
+	RESERVED
+CVE-2020-15957
+	RESERVED
 CVE-2020-15956
 	RESERVED
 CVE-2020-15955
@@ -7519,8 +7789,8 @@ CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG docume
 	NOT-FOR-US: Submitty
 CVE-2020-12881
 	RESERVED
-CVE-2020-12880
-	RESERVED
+CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...)
+	TODO: check
 CVE-2020-12879
 	RESERVED
 CVE-2020-12878
@@ -7639,8 +7909,8 @@ CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative conso
 	NOT-FOR-US: Pydio Cells
 CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...)
 	NOT-FOR-US: Zimbra
-CVE-2020-12845
-	RESERVED
+CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a ...)
+	TODO: check
 CVE-2020-12844
 	RESERVED
 CVE-2020-12843
@@ -8618,8 +8888,8 @@ CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF
 	NOT-FOR-US: ninja-forms plugin for WordPress
 CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
 	NOT-FOR-US: PHP-Fusion
-CVE-2020-12460
-	RESERVED
+CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...)
+	TODO: check
 CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...)
 	NOT-FOR-US: Grafana as shipped in Red Hat
 CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...)
@@ -14934,8 +15204,8 @@ CVE-2020-10645
 	RESERVED
 CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...)
 	NOT-FOR-US: Inductive Automation Ignition
-CVE-2020-10643
-	RESERVED
+CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...)
+	TODO: check
 CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
 	NOT-FOR-US: Rockwell
 CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)
@@ -15020,7 +15290,7 @@ CVE-2020-10602 (In OSIsoft PI System multiple products and versions, an authenti
 	NOT-FOR-US: OSIsoft PI System
 CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow  ...)
 	NOT-FOR-US: VISAM VBASE Editor
-CVE-2020-10600 (In OSIsoft PI System multiple products and versions, an authenticated  ...)
+CVE-2020-10600 (An authenticated remote attacker could crash PI Archive Subsystem when ...)
 	NOT-FOR-US: OSIsoft PI System
 CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
 	NOT-FOR-US: VISAM VBASE Editor
@@ -19804,8 +20074,7 @@ CVE-2020-8560
 CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...)
 	- kubernetes 1.18.5-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6
-CVE-2020-8558
-	RESERVED
+CVE-2020-8558 (The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17. ...)
 	- kubernetes 1.18.5-1
 	NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259
 	NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569
@@ -86240,7 +86509,7 @@ CVE-2019-3904
 CVE-2019-3903
 	RESERVED
 CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use symli ...)
-	{DLA-1764-1}
+	{DLA-2293-1 DLA-1764-1}
 	- mercurial 4.9-1 (bug #927674)
 	[buster] - mercurial 4.8.2-1+deb10u1
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
@@ -118103,12 +118372,12 @@ CVE-2018-12051 (Arbitrary File Upload and Remote Code Execution exist in PHP Scr
 CVE-2018-12050
 	RESERVED
 CVE-2018-13346 (The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorr ...)
-	{DLA-1414-1}
+	{DLA-2293-1 DLA-1414-1}
 	- mercurial 4.6.1-1 (bug #901050)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635
 CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition and sub ...)
-	{DLA-1414-1}
+	{DLA-2293-1 DLA-1414-1}
 	- mercurial 4.6.1-1 (bug #901050)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
@@ -118117,7 +118386,7 @@ CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition a
 	NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined behavior
 	NOTE: cases which the 6 patches fix
 CVE-2018-13348 (The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 misha ...)
-	{DLA-1414-1}
+	{DLA-2293-1 DLA-1414-1}
 	- mercurial 4.6.1-1 (bug #901050)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
@@ -128506,7 +128775,7 @@ CVE-2018-8111 (A remote code execution vulnerability exists when Microsoft Edge
 CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
 	NOT-FOR-US: Microsoft
 CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control  ...)
-	{DLA-1414-1 DLA-1331-1}
+	{DLA-2293-1 DLA-1414-1 DLA-1331-1}
 	- mercurial 4.5.2-1 (bug #892964)
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
@@ -148932,7 +149201,7 @@ CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protoco
 	[wheezy] - fossil <no-dsa> (Minor issue)
 	NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
 CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed r ...)
-	{DLA-1414-2 DLA-1414-1 DLA-1224-1}
+	{DLA-2293-1 DLA-1414-2 DLA-1414-1 DLA-1224-1}
 	- mercurial 4.4.1-1
 	NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
 	NOTE: https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f35fba031b5d1994dc8ab1be233f037665ba7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f35fba031b5d1994dc8ab1be233f037665ba7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200728/f1cf7fcb/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list