[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 28 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b184916 by security tracker role at 2020-06-28T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
+ TODO: check
+CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...)
+ TODO: check
+CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...)
+ TODO: check
CVE-2020-15362
RESERVED
CVE-2020-15361
@@ -64865,6 +64871,7 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su
NOTE: Fixed in PHP 7.4.1, 7.3.13
NOTE: PHP Bug: http://bugs.php.net/78943
CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...)
+ {DLA-2261-1}
- php7.4 <unfixed>
- php7.3 <removed>
- php7.0 <removed>
@@ -104219,6 +104226,7 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via t ...)
NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #910335)
[stretch] - zziplib 0.13.62-3.2~deb9u1
NOTE: https://github.com/gdraheim/zziplib/issues/58
@@ -127587,6 +127595,7 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory lea
NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 (v0.13.69)
NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary packages.
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error cause ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -127596,6 +127605,7 @@ CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error
NOTE: https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be (v0.13.69)
NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b (v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <no-dsa> (Minor issue)
@@ -130451,7 +130461,7 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 v ...)
NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a c ...)
- {DLA-1287-1}
+ {DLA-2258-1 DLA-1287-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
NOTE: https://github.com/gdraheim/zziplib/issues/22
@@ -131497,12 +131507,14 @@ CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_
NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e (v0.13.68)
NOTE: Negligible impact and unzzipcat utility not installed into binary packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #923659)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
@@ -131762,6 +131774,7 @@ CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign i
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
@@ -132004,6 +132017,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889096)
[stretch] - zziplib 0.13.62-3.2~deb9u1
[wheezy] - zziplib <ignored> (Minor issue)
@@ -170151,7 +170165,7 @@ CVE-2017-10791 (There is an Integer overflow in the hash_int function of the lib
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
NOTE: No security impact as built in Debian
CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...)
- {DSA-4106-1 DLA-1038-1}
+ {DSA-4106-1 DLA-2255-1 DLA-1038-1}
- libtasn1-6 4.12-2.1 (bug #867398)
- libtasn1-3 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
@@ -174759,7 +174773,7 @@ CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app before
CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...)
NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
- {DLA-974-1}
+ {DLA-2259-1 DLA-974-1}
- picocom 1.7-2 (bug #863671)
NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux k ...)
@@ -201669,7 +201683,7 @@ CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, a
- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
NOTE: https://kb.isc.org/article/AA-01441/0
CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which allow ...)
- {DLA-724-1}
+ {DLA-2260-1 DLA-724-1}
- mcabber 0.10.2-1.1 (bug #845258)
NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
@@ -213846,7 +213860,7 @@ CVE-2016-5738
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...)
NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...)
- {DLA-966-1}
+ {DLA-2257-1 DLA-966-1}
- pngquant 2.5.0-2 (bug #863469)
NOTE: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...)
@@ -218614,6 +218628,7 @@ CVE-2016-4430 (Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validati
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...)
+ {DLA-2256-1}
- glibc 2.22-10
[jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b184916276f93f61662a263da9e120787abbe82
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b184916276f93f61662a263da9e120787abbe82
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200628/59201602/attachment.html>
More information about the debian-security-tracker-commits
mailing list