[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jun 6 21:10:29 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f16f6a15 by security tracker role at 2020-06-06T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,34 @@
-CVE-2020-13871 [use-after-free in resetAccumulator]
+CVE-2020-13886
+	RESERVED
+CVE-2020-13885
+	RESERVED
+CVE-2020-13884
+	RESERVED
+CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
+	TODO: check
+CVE-2020-13882
+	RESERVED
+CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
+	TODO: check
+CVE-2020-13880
+	RESERVED
+CVE-2020-13879
+	RESERVED
+CVE-2020-13878
+	RESERVED
+CVE-2020-13877
+	RESERVED
+CVE-2020-13876
+	RESERVED
+CVE-2020-13875
+	RESERVED
+CVE-2020-13874
+	RESERVED
+CVE-2020-13873
+	RESERVED
+CVE-2020-13872
+	RESERVED
+CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...)
 	- sqlite3 3.32.2-2
 	NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4
 	NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529
@@ -293,6 +323,7 @@ CVE-2020-13779
 CVE-2020-13778
 	RESERVED
 CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting  ...)
+	{DSA-4697-1}
 	- gnutls28 3.6.14-1 (bug #962289)
 	[stretch] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
 	[jessie] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
@@ -7834,6 +7865,7 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al
 CVE-2020-11081
 	RESERVED
 CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
+	{DSA-4696-1}
 	- nodejs 10.21.0~dfsg-1 (bug #962145)
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
@@ -15083,6 +15115,7 @@ CVE-2020-8175
 	RESERVED
 CVE-2020-8174 [napi_get_value_string_*() allows various kinds of memory corruption]
 	RESERVED
+	{DSA-4696-1}
 	- nodejs 10.21.0~dfsg-1 (bug #962145)
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16f6a1529d41bae87c401bfb615f2f55c16e78c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16f6a1529d41bae87c401bfb615f2f55c16e78c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200606/cbf8a5d6/attachment.html>
