[Git][security-tracker-team/security-tracker][master] automatic update

Thu Jun 25 21:18:34 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
452d074d by security tracker role at 2020-06-25T20:18:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,519 @@
+CVE-2020-15301
+	RESERVED
+CVE-2020-15300
+	RESERVED
+CVE-2020-15299
+	RESERVED
+CVE-2020-15298
+	RESERVED
+CVE-2020-15297
+	RESERVED
+CVE-2020-15296
+	RESERVED
+CVE-2020-15295
+	RESERVED
+CVE-2020-15294
+	RESERVED
+CVE-2020-15293
+	RESERVED
+CVE-2020-15292
+	RESERVED
+CVE-2020-15291
+	RESERVED
+CVE-2020-15290
+	RESERVED
+CVE-2020-15289
+	RESERVED
+CVE-2020-15288
+	RESERVED
+CVE-2020-15287
+	RESERVED
+CVE-2020-15286
+	RESERVED
+CVE-2020-15285
+	RESERVED
+CVE-2020-15284
+	RESERVED
+CVE-2020-15283
+	RESERVED
+CVE-2020-15282
+	RESERVED
+CVE-2020-15281
+	RESERVED
+CVE-2020-15280
+	RESERVED
+CVE-2020-15279
+	RESERVED
+CVE-2020-15278
+	RESERVED
+CVE-2020-15277
+	RESERVED
+CVE-2020-15276
+	RESERVED
+CVE-2020-15275
+	RESERVED
+CVE-2020-15274
+	RESERVED
+CVE-2020-15273
+	RESERVED
+CVE-2020-15272
+	RESERVED
+CVE-2020-15271
+	RESERVED
+CVE-2020-15270
+	RESERVED
+CVE-2020-15269
+	RESERVED
+CVE-2020-15268
+	RESERVED
+CVE-2020-15267
+	RESERVED
+CVE-2020-15266
+	RESERVED
+CVE-2020-15265
+	RESERVED
+CVE-2020-15264
+	RESERVED
+CVE-2020-15263
+	RESERVED
+CVE-2020-15262
+	RESERVED
+CVE-2020-15261
+	RESERVED
+CVE-2020-15260
+	RESERVED
+CVE-2020-15259
+	RESERVED
+CVE-2020-15258
+	RESERVED
+CVE-2020-15257
+	RESERVED
+CVE-2020-15256
+	RESERVED
+CVE-2020-15255
+	RESERVED
+CVE-2020-15254
+	RESERVED
+CVE-2020-15253
+	RESERVED
+CVE-2020-15252
+	RESERVED
+CVE-2020-15251
+	RESERVED
+CVE-2020-15250
+	RESERVED
+CVE-2020-15249
+	RESERVED
+CVE-2020-15248
+	RESERVED
+CVE-2020-15247
+	RESERVED
+CVE-2020-15246
+	RESERVED
+CVE-2020-15245
+	RESERVED
+CVE-2020-15244
+	RESERVED
+CVE-2020-15243
+	RESERVED
+CVE-2020-15242
+	RESERVED
+CVE-2020-15241
+	RESERVED
+CVE-2020-15240
+	RESERVED
+CVE-2020-15239
+	RESERVED
+CVE-2020-15238
+	RESERVED
+CVE-2020-15237
+	RESERVED
+CVE-2020-15236
+	RESERVED
+CVE-2020-15235
+	RESERVED
+CVE-2020-15234
+	RESERVED
+CVE-2020-15233
+	RESERVED
+CVE-2020-15232
+	RESERVED
+CVE-2020-15231
+	RESERVED
+CVE-2020-15230
+	RESERVED
+CVE-2020-15229
+	RESERVED
+CVE-2020-15228
+	RESERVED
+CVE-2020-15227
+	RESERVED
+CVE-2020-15226
+	RESERVED
+CVE-2020-15225
+	RESERVED
+CVE-2020-15224
+	RESERVED
+CVE-2020-15223
+	RESERVED
+CVE-2020-15222
+	RESERVED
+CVE-2020-15221
+	RESERVED
+CVE-2020-15220
+	RESERVED
+CVE-2020-15219
+	RESERVED
+CVE-2020-15218
+	RESERVED
+CVE-2020-15217
+	RESERVED
+CVE-2020-15216
+	RESERVED
+CVE-2020-15215
+	RESERVED
+CVE-2020-15214
+	RESERVED
+CVE-2020-15213
+	RESERVED
+CVE-2020-15212
+	RESERVED
+CVE-2020-15211
+	RESERVED
+CVE-2020-15210
+	RESERVED
+CVE-2020-15209
+	RESERVED
+CVE-2020-15208
+	RESERVED
+CVE-2020-15207
+	RESERVED
+CVE-2020-15206
+	RESERVED
+CVE-2020-15205
+	RESERVED
+CVE-2020-15204
+	RESERVED
+CVE-2020-15203
+	RESERVED
+CVE-2020-15202
+	RESERVED
+CVE-2020-15201
+	RESERVED
+CVE-2020-15200
+	RESERVED
+CVE-2020-15199
+	RESERVED
+CVE-2020-15198
+	RESERVED
+CVE-2020-15197
+	RESERVED
+CVE-2020-15196
+	RESERVED
+CVE-2020-15195
+	RESERVED
+CVE-2020-15194
+	RESERVED
+CVE-2020-15193
+	RESERVED
+CVE-2020-15192
+	RESERVED
+CVE-2020-15191
+	RESERVED
+CVE-2020-15190
+	RESERVED
+CVE-2020-15189
+	RESERVED
+CVE-2020-15188
+	RESERVED
+CVE-2020-15187
+	RESERVED
+CVE-2020-15186
+	RESERVED
+CVE-2020-15185
+	RESERVED
+CVE-2020-15184
+	RESERVED
+CVE-2020-15183
+	RESERVED
+CVE-2020-15182
+	RESERVED
+CVE-2020-15181
+	RESERVED
+CVE-2020-15180
+	RESERVED
+CVE-2020-15179
+	RESERVED
+CVE-2020-15178
+	RESERVED
+CVE-2020-15177
+	RESERVED
+CVE-2020-15176
+	RESERVED
+CVE-2020-15175
+	RESERVED
+CVE-2020-15174
+	RESERVED
+CVE-2020-15173
+	RESERVED
+CVE-2020-15172
+	RESERVED
+CVE-2020-15171
+	RESERVED
+CVE-2020-15170
+	RESERVED
+CVE-2020-15169
+	RESERVED
+CVE-2020-15168
+	RESERVED
+CVE-2020-15167
+	RESERVED
+CVE-2020-15166
+	RESERVED
+CVE-2020-15165
+	RESERVED
+CVE-2020-15164
+	RESERVED
+CVE-2020-15163
+	RESERVED
+CVE-2020-15162
+	RESERVED
+CVE-2020-15161
+	RESERVED
+CVE-2020-15160
+	RESERVED
+CVE-2020-15159
+	RESERVED
+CVE-2020-15158
+	RESERVED
+CVE-2020-15157
+	RESERVED
+CVE-2020-15156
+	RESERVED
+CVE-2020-15155
+	RESERVED
+CVE-2020-15154
+	RESERVED
+CVE-2020-15153
+	RESERVED
+CVE-2020-15152
+	RESERVED
+CVE-2020-15151
+	RESERVED
+CVE-2020-15150
+	RESERVED
+CVE-2020-15149
+	RESERVED
+CVE-2020-15148
+	RESERVED
+CVE-2020-15147
+	RESERVED
+CVE-2020-15146
+	RESERVED
+CVE-2020-15145
+	RESERVED
+CVE-2020-15144
+	RESERVED
+CVE-2020-15143
+	RESERVED
+CVE-2020-15142
+	RESERVED
+CVE-2020-15141
+	RESERVED
+CVE-2020-15140
+	RESERVED
+CVE-2020-15139
+	RESERVED
+CVE-2020-15138
+	RESERVED
+CVE-2020-15137
+	RESERVED
+CVE-2020-15136
+	RESERVED
+CVE-2020-15135
+	RESERVED
+CVE-2020-15134
+	RESERVED
+CVE-2020-15133
+	RESERVED
+CVE-2020-15132
+	RESERVED
+CVE-2020-15131
+	RESERVED
+CVE-2020-15130
+	RESERVED
+CVE-2020-15129
+	RESERVED
+CVE-2020-15128
+	RESERVED
+CVE-2020-15127
+	RESERVED
+CVE-2020-15126
+	RESERVED
+CVE-2020-15125
+	RESERVED
+CVE-2020-15124
+	RESERVED
+CVE-2020-15123
+	RESERVED
+CVE-2020-15122
+	RESERVED
+CVE-2020-15121
+	RESERVED
+CVE-2020-15120
+	RESERVED
+CVE-2020-15119
+	RESERVED
+CVE-2020-15118
+	RESERVED
+CVE-2020-15117
+	RESERVED
+CVE-2020-15116
+	RESERVED
+CVE-2020-15115
+	RESERVED
+CVE-2020-15114
+	RESERVED
+CVE-2020-15113
+	RESERVED
+CVE-2020-15112
+	RESERVED
+CVE-2020-15111
+	RESERVED
+CVE-2020-15110
+	RESERVED
+CVE-2020-15109
+	RESERVED
+CVE-2020-15108
+	RESERVED
+CVE-2020-15107
+	RESERVED
+CVE-2020-15106
+	RESERVED
+CVE-2020-15105
+	RESERVED
+CVE-2020-15104
+	RESERVED
+CVE-2020-15103
+	RESERVED
+CVE-2020-15102
+	RESERVED
+CVE-2020-15101
+	RESERVED
+CVE-2020-15100
+	RESERVED
+CVE-2020-15099
+	RESERVED
+CVE-2020-15098
+	RESERVED
+CVE-2020-15097
+	RESERVED
+CVE-2020-15096
+	RESERVED
+CVE-2020-15095
+	RESERVED
+CVE-2020-15094
+	RESERVED
+CVE-2020-15093
+	RESERVED
+CVE-2020-15092
+	RESERVED
+CVE-2020-15091
+	RESERVED
+CVE-2020-15090
+	RESERVED
+CVE-2020-15089
+	RESERVED
+CVE-2020-15088
+	RESERVED
+CVE-2020-15087
+	RESERVED
+CVE-2020-15086
+	RESERVED
+CVE-2020-15085
+	RESERVED
+CVE-2020-15084
+	RESERVED
+CVE-2020-15083
+	RESERVED
+CVE-2020-15082
+	RESERVED
+CVE-2020-15081
+	RESERVED
+CVE-2020-15080
+	RESERVED
+CVE-2020-15079
+	RESERVED
+CVE-2020-15078
+	RESERVED
+CVE-2020-15077
+	RESERVED
+CVE-2020-15076
+	RESERVED
+CVE-2020-15075
+	RESERVED
+CVE-2020-15074
+	RESERVED
+CVE-2020-15073
+	RESERVED
+CVE-2020-15072
+	RESERVED
+CVE-2020-15071
+	RESERVED
+CVE-2020-15070
+	RESERVED
+CVE-2020-15069
+	RESERVED
+CVE-2020-15068
+	RESERVED
+CVE-2020-15067
+	RESERVED
+CVE-2020-15066
+	RESERVED
+CVE-2020-15065
+	RESERVED
+CVE-2020-15064
+	RESERVED
+CVE-2020-15063
+	RESERVED
+CVE-2020-15062
+	RESERVED
+CVE-2020-15061
+	RESERVED
+CVE-2020-15060
+	RESERVED
+CVE-2020-15059
+	RESERVED
+CVE-2020-15058
+	RESERVED
+CVE-2020-15057
+	RESERVED
+CVE-2020-15056
+	RESERVED
+CVE-2020-15055
+	RESERVED
+CVE-2020-15054
+	RESERVED
+CVE-2020-15053
+	RESERVED
+CVE-2020-15052
+	RESERVED
+CVE-2020-15051
+	RESERVED
+CVE-2020-15050
+	RESERVED
+CVE-2020-15049
+	RESERVED
+CVE-2020-15048
+	RESERVED
+CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...)
+	TODO: check
+CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
+	TODO: check
+CVE-2018-21267
+	RESERVED
+CVE-2018-21266
+	RESERVED
 CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a  ...)
 	NOT-FOR-US: Supermicro
 CVE-2020-15045
@@ -262,7 +778,7 @@ CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information G
 	NOT-FOR-US: DMitry
 CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...)
 	NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464
-CVE-2019-20892
+CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...)
 	- net-snmp <unfixed>
 	NOTE: Introduced by: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4
@@ -2199,7 +2715,8 @@ CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jme
 	- libjpeg-turbo <unfixed> (low)
 	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
 	TODO: report to libjpeg-turbo upstream
-CVE-2020-14151 (In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cj ...)
+CVE-2020-14151
+	REJECTED
 	NOTE: Duplicate of CVE-2018-11813, should be rejected
 CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)
 	- bison 2:3.6.1+dfsg-1
@@ -8995,8 +9512,8 @@ CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (an
 	NOT-FOR-US: Snap Creek Duplicator plugin for WordPress
 CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...)
 	NOT-FOR-US: Zimbra
-CVE-2020-11735
-	RESERVED
+CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...)
+	TODO: check
 CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
 	{DLA-2180-1}
 	- file-roller 3.36.2-1 (bug #956638)
@@ -9791,8 +10308,8 @@ CVE-2020-11540
 	RESERVED
 CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It  ...)
 	NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices
-CVE-2020-11538
-	RESERVED
+CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...)
+	TODO: check
 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...)
 	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
@@ -11189,8 +11706,8 @@ CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not
 	[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
-CVE-2020-10994
-	RESERVED
+CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multipl ...)
+	TODO: check
 CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...)
 	NOT-FOR-US: Osmand
 CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...)
@@ -13085,10 +13602,10 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
 	[jessie] - rmysql <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32
 	NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
-CVE-2020-10379
-	RESERVED
-CVE-2020-10378
-	RESERVED
+CVE-2020-10379 (In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Over ...)
+	TODO: check
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, ...)
+	TODO: check
 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...)
 	NOT-FOR-US: Mitel
 CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
@@ -13550,8 +14067,8 @@ CVE-2020-10179
 	RESERVED
 CVE-2020-10178
 	REJECTED
-CVE-2020-10177
-	RESERVED
+CVE-2020-10177 (Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds re ...)
+	TODO: check
 CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...)
 	NOT-FOR-US: ASSA ABLOY Yale WIPC-301W
 CVE-2020-10175
@@ -20150,10 +20667,10 @@ CVE-2020-7357
 	RESERVED
 CVE-2020-7356
 	RESERVED
-CVE-2020-7355
-	RESERVED
-CVE-2020-7354
-	RESERVED
+CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...)
+	TODO: check
+CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...)
+	TODO: check
 CVE-2020-7353
 	RESERVED
 CVE-2020-7352
@@ -28289,24 +28806,24 @@ CVE-2020-3973
 	RESERVED
 CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
 	NOT-FOR-US: VMware
-CVE-2020-3971
-	RESERVED
-CVE-2020-3970
-	RESERVED
+CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
+	TODO: check
+CVE-2020-3970 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
 CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
 	NOT-FOR-US: VMware
-CVE-2020-3968
-	RESERVED
-CVE-2020-3967
-	RESERVED
-CVE-2020-3966
-	RESERVED
-CVE-2020-3965
-	RESERVED
-CVE-2020-3964
-	RESERVED
-CVE-2020-3963
-	RESERVED
+CVE-2020-3968 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
+CVE-2020-3967 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
+CVE-2020-3966 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
+CVE-2020-3965 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
+CVE-2020-3964 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
+CVE-2020-3963 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+	TODO: check
 CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
 	NOT-FOR-US: VMware
 CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452d074d77f78ab31dee42e343fe5bb32aa1a392

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/452d074d77f78ab31dee42e343fe5bb32aa1a392
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200625/98d35657/attachment-0001.html>
