[Git][security-tracker-team/security-tracker][master] new roundcube issues
Moritz Muehlenhoff
jmm at debian.org
Tue May 5 22:36:35 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5aafde78 by Moritz Muehlenhoff at 2020-05-05T23:36:16+02:00
new roundcube issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56,9 +56,13 @@ CVE-2020-12643
CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...)
NOT-FOR-US: Report Portal
CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...)
- TODO: check
+ - roundcube 1.4.4+dfsg.1-1
+ NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
+ NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...)
- TODO: check
+ - roundcube 1.4.4+dfsg.1-1
+ NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794
+ NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...)
- phplist <itp> (bug #612288)
CVE-2020-12638
@@ -86,9 +90,9 @@ CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via t
CVE-2020-12628
RESERVED
CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...)
- TODO: check
+ NOT-FOR-US: Calibre-Web
CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...)
- NOT-FOR-US: Leage
+ NOT-FOR-US: League
CVE-2020-12623
RESERVED
CVE-2020-12622
@@ -3044,7 +3048,7 @@ CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS
CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...)
NOT-FOR-US: Snap Creek Duplicator plugin for WordPress
CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2020-11735
RESERVED
CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
@@ -3205,7 +3209,7 @@ CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for
CVE-2020-11672
RESERVED
CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...)
- TODO: check
+ - teampass <itp> (bug #730180)
CVE-2020-11670
RESERVED
CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aafde78827823296c934d8a6e42afc5d829abac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aafde78827823296c934d8a6e42afc5d829abac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200505/1d16b825/attachment.html>
More information about the debian-security-tracker-commits
mailing list