[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jun 21 21:10:29 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a2574bd by security tracker role at 2020-06-21T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-14957
+	RESERVED
+CVE-2020-14956
+	RESERVED
+CVE-2020-14955
+	RESERVED
+CVE-2020-14953
+	RESERVED
+CVE-2020-14952
+	RESERVED
+CVE-2020-14951
+	RESERVED
+CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
+	TODO: check
+CVE-2020-14949
+	RESERVED
+CVE-2020-14948
+	RESERVED
+CVE-2020-14947
+	RESERVED
+CVE-2020-14946
+	RESERVED
+CVE-2020-14945
+	RESERVED
+CVE-2020-14944
+	RESERVED
+CVE-2020-14943
+	RESERVED
+CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...)
+	TODO: check
+CVE-2020-14941
+	RESERVED
+CVE-2020-14940
+	RESERVED
+CVE-2020-14939
+	RESERVED
+CVE-2020-14938
+	RESERVED
 CVE-2020-14937
 	RESERVED
 CVE-2020-14936
@@ -1275,7 +1313,8 @@ CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mai
 	NOT-FOR-US: Mattermost
 CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
 	NOT-FOR-US: Mattermost
-CVE-2020-14954 [MITM response injection attack when using STARTTLS with IMAP, POP3 and SMTP]
+CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...)
+	{DSA-4707-1}
 	- mutt 1.14.4-1
 	- neomutt 20200619+dfsg.1-1
 	NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
@@ -1939,6 +1978,7 @@ CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of ser
 CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...)
 	NOT-FOR-US: uftpd
 CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...)
+	{DLA-2252-1}
 	- ngircd <unfixed> (bug #963147)
 	[buster] - ngircd <no-dsa> (Minor issue)
 	[stretch] - ngircd <no-dsa> (Minor issue)
@@ -58224,6 +58264,7 @@ CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,
 	NOTE: https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8
 	NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1
 CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by  ...)
+	{DLA-2253-1}
 	- lynis <unfixed> (bug #963161)
 	NOTE: https://cisofy.com/security/cve/cve-2019-13033/
 	NOTE: https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a2574bdcac698cb221f783cf0f0b286020cf7a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a2574bdcac698cb221f783cf0f0b286020cf7a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200621/34faa5fb/attachment.html>
