[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jun 20 09:10:22 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df4f88e1 by security tracker role at 2020-06-20T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...)
+	TODO: check
+CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...)
+	TODO: check
+CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
+	TODO: check
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)
 	- alpine <unfixed> (bug #963179)
 	NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
@@ -1103,24 +1109,24 @@ CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mi
 	NOT-FOR-US: Mattermost
 CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...)
 	NOT-FOR-US: Mattermost
-CVE-2017-18921
-	RESERVED
-CVE-2017-18920
-	RESERVED
-CVE-2017-18919
-	RESERVED
-CVE-2017-18918
-	RESERVED
-CVE-2017-18917
-	RESERVED
-CVE-2017-18916
-	RESERVED
-CVE-2017-18915
-	RESERVED
-CVE-2017-18914
-	RESERVED
-CVE-2017-18913
-	RESERVED
+CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...)
+	TODO: check
+CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...)
+	TODO: check
+CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...)
+	TODO: check
+CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...)
+	TODO: check
+CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
 CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
 	NOT-FOR-US: Mattermost
 CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
@@ -1129,14 +1135,14 @@ CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5
 	NOT-FOR-US: Mattermost
 CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...)
 	NOT-FOR-US: Mattermost
-CVE-2017-18908
-	RESERVED
-CVE-2017-18907
-	RESERVED
-CVE-2017-18906
-	RESERVED
-CVE-2017-18905
-	RESERVED
+CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
+CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
+CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
+CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
 CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
 	NOT-FOR-US: Mattermost
 CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
@@ -1207,54 +1213,54 @@ CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5
 	NOT-FOR-US: Mattermost
 CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and  ...)
 	NOT-FOR-US: Mattermost
-CVE-2016-11084
-	RESERVED
-CVE-2016-11083
-	RESERVED
-CVE-2016-11082
-	RESERVED
-CVE-2016-11081
-	RESERVED
-CVE-2016-11080
-	RESERVED
-CVE-2016-11079
-	RESERVED
-CVE-2016-11078
-	RESERVED
-CVE-2016-11077
-	RESERVED
-CVE-2016-11076
-	RESERVED
-CVE-2016-11075
-	RESERVED
-CVE-2016-11074
-	RESERVED
-CVE-2016-11073
-	RESERVED
-CVE-2016-11072
-	RESERVED
-CVE-2016-11071
-	RESERVED
-CVE-2016-11070
-	RESERVED
-CVE-2016-11069
-	RESERVED
-CVE-2016-11068
-	RESERVED
-CVE-2016-11067
-	RESERVED
-CVE-2016-11066
-	RESERVED
-CVE-2016-11065
-	RESERVED
-CVE-2016-11064
-	RESERVED
-CVE-2016-11063
-	RESERVED
-CVE-2016-11062
-	RESERVED
-CVE-2015-9548
-	RESERVED
+CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
+	TODO: check
+CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
+	TODO: check
+CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
+	TODO: check
+CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...)
+	TODO: check
+CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...)
+	TODO: check
+CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
+	TODO: check
+CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...)
+	TODO: check
+CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...)
+	TODO: check
+CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...)
+	TODO: check
+CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...)
+	TODO: check
+CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...)
+	TODO: check
+CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
+	TODO: check
+CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...)
+	TODO: check
+CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
+	TODO: check
+CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
+	TODO: check
+CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...)
+	TODO: check
+CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...)
+	TODO: check
+CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed  ...)
+	TODO: check
+CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...)
+	TODO: check
+CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...)
+	TODO: check
+CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...)
+	TODO: check
+CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...)
+	TODO: check
+CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...)
+	TODO: check
+CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
+	TODO: check
 CVE-2020-XXXX [MITM response injection attack when using STARTTLS with IMAP, POP3 and SMTP]
 	- mutt 1.14.4-1
 	[stretch] - mutt 1.7.2-1+deb9u3
@@ -2056,6 +2062,7 @@ CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10
 	NOTE: https://github.com/isaacs/chownr/issues/14
 	NOTE: https://snyk.io/vuln/npm:chownr:20180731
 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...)
+	{DSA-4707-1}
 	- mutt 1.14.3-1 (bug #962897)
 	- neomutt 20200619+dfsg.1-1
 	NOTE: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
@@ -4048,16 +4055,16 @@ CVE-2020-13278
 	RESERVED
 CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
 	TODO: check
-CVE-2020-13276
-	RESERVED
-CVE-2020-13275
-	RESERVED
-CVE-2020-13274
-	RESERVED
-CVE-2020-13273
-	RESERVED
-CVE-2020-13272
-	RESERVED
+CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...)
+	TODO: check
+CVE-2020-13275 (A user with an unverified email address could request an access to dom ...)
+	TODO: check
+CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...)
+	TODO: check
+CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...)
+	TODO: check
+CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...)
+	TODO: check
 CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...)
 	- gitlab <unfixed>
 CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...)
@@ -4070,16 +4077,16 @@ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the executio
 	- gitlab <unfixed>
 CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
 	- gitlab <unfixed>
-CVE-2020-13265
-	RESERVED
-CVE-2020-13264
-	RESERVED
-CVE-2020-13263
-	RESERVED
-CVE-2020-13262
-	RESERVED
-CVE-2020-13261
-	RESERVED
+CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through  ...)
+	TODO: check
+CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...)
+	TODO: check
+CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...)
+	TODO: check
+CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...)
+	TODO: check
+CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...)
+	TODO: check
 CVE-2020-13260
 	RESERVED
 CVE-2020-13259
@@ -11757,8 +11764,8 @@ CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implement
 	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
-CVE-2020-10750
-	RESERVED
+CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...)
+	TODO: check
 CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...)
 	- golang-github-containernetworking-plugins <unfixed>
 	NOTE: https://github.com/containernetworking/plugins/pull/484



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4f88e15798f88fe4e97a247f1fed4e74587145

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df4f88e15798f88fe4e97a247f1fed4e74587145
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200620/ac8fee8f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list