[Git][security-tracker-team/security-tracker][master] new consul, gitlab issues
Moritz Muehlenhoff
jmm at debian.org
Fri Jun 12 15:33:46 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b5aba7e4 by Moritz Muehlenhoff at 2020-06-12T16:33:21+02:00
new consul, gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1846,15 +1846,15 @@ CVE-2020-13273
CVE-2020-13272
RESERVED
CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
- gitlab <unfixed>
CVE-2020-13265
@@ -1899,7 +1899,10 @@ CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbi
CVE-2020-13251
RESERVED
CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...)
- TODO: check
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/8023
CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...)
- mariadb-10.3 <unfixed>
- mariadb-10.1 <not-affected> (Vulnerable code introduced later)
@@ -2065,7 +2068,10 @@ CVE-2020-13172
CVE-2020-13171
RESERVED
CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...)
- TODO: check
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/8068
CVE-2020-13169
RESERVED
CVE-2020-13168
@@ -2931,7 +2937,10 @@ CVE-2020-12799
CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
NOT-FOR-US: Cellebrite UFED
CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...)
- TODO: check
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/8047
CVE-2020-12796
RESERVED
CVE-2020-12795
@@ -3054,7 +3063,10 @@ CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Me
CVE-2020-12759
RESERVED
CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
- TODO: check
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/7783
CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-12756
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5aba7e4bcc6abd21fcc412d35bd159cece4b231
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5aba7e4bcc6abd21fcc412d35bd159cece4b231
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200612/ab828043/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list