[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Mar 4 08:10:26 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b2e95e6 by security tracker role at 2020-03-04T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9934,10 +9934,10 @@ CVE-2020-5538
 	RESERVED
 CVE-2020-5537
 	RESERVED
-CVE-2020-5536
-	RESERVED
-CVE-2020-5535
-	RESERVED
+CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
+	TODO: check
+CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
+	TODO: check
 CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated a ...)
 	NOT-FOR-US: Aterm WG2600HS firmware
 CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 ...)
@@ -20465,8 +20465,7 @@ CVE-2020-1735 [path injection on dest parameter in fetch module]
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
 	NOTE: https://github.com/ansible/ansible/issues/67793
-CVE-2020-1734 [shell enabled by default in a pipe lookup plugin subprocess]
-	RESERVED
+CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804
 	NOTE: https://github.com/ansible/ansible/issues/6550
@@ -21888,6 +21887,7 @@ CVE-2019-18902 (A Use After Free vulnerability in wicked of SUSE Linux Enterpris
 CVE-2019-18901 (A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-sy ...)
 	NOT-FOR-US: SuSE-specific mysqld-systemd-helper
 CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS  ...)
+	{DLA-2132-1}
 	- libzypp <unfixed>
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158763
 	NOTE: https://github.com/openSUSE/libzypp/pull/196



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b2e95e66c655f12fa97451dc2ca4eebb67e3eb3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b2e95e66c655f12fa97451dc2ca4eebb67e3eb3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200304/0f50ff8f/attachment.html>

More information about the debian-security-tracker-commits mailing list