[Git][security-tracker-team/security-tracker][master] automatic update

Sun Mar 22 20:11:01 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a18431ed by security tracker role at 2020-03-22T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-10816
+	RESERVED
+CVE-2020-10815
+	RESERVED
+CVE-2020-10814
+	RESERVED
+CVE-2020-10813
+	RESERVED
+CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
+	TODO: check
+CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
+	TODO: check
+CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
+	TODO: check
+CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
+	TODO: check
+CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...)
+	TODO: check
+CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...)
+	TODO: check
+CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...)
+	TODO: check
+CVE-2020-10805
+	RESERVED
+CVE-2016-11022
+	RESERVED
 CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
 	- phpmyadmin <unfixed> (bug #954667)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -7,11 +33,13 @@ CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injec
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80
 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
+	{DLA-2154-1}
 	- phpmyadmin <unfixed> (bug #954666)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a
 CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
+	{DLA-2154-1}
 	- phpmyadmin <unfixed> (bug #954665)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe
@@ -271,11 +299,13 @@ CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows at
 	- golang-github-buger-jsonparser <unfixed> (bug #954373)
 	NOTE: https://github.com/buger/jsonparser/issues/188
 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	{DLA-2153-1}
 	- jackson-databind <unfixed>
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
 CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
+	{DLA-2153-1}
 	- jackson-databind <unfixed>
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18431edf37c804f69211b5fb78de7c1200b319f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18431edf37c804f69211b5fb78de7c1200b319f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200322/fff9d42a/attachment-0001.html>
