[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 9 21:10:34 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f546f30e by security tracker role at 2020-05-09T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,28 @@
-CVE-2019-20794 [kernel hang in fuse]
+CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...)
+	TODO: check
+CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&it ...)
+	TODO: check
+CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...)
+	TODO: check
+CVE-2020-12763
+	RESERVED
+CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
+	TODO: check
+CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...)
+	TODO: check
+CVE-2020-12760
+	RESERVED
+CVE-2020-12759
+	RESERVED
+CVE-2020-12758
+	RESERVED
+CVE-2020-12757
+	RESERVED
+CVE-2020-12756
+	RESERVED
+CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...)
+	TODO: check
+CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...)
 	- linux <unfixed>
 	NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/
 CVE-2020-12754
@@ -281,8 +305,8 @@ CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevat
 	- phplist <itp> (bug #612288)
 CVE-2020-12638
 	RESERVED
-CVE-2020-12637
-	RESERVED
+CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...)
+	TODO: check
 CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2020-12636
@@ -796,7 +820,7 @@ CVE-2020-12398
 	RESERVED
 CVE-2020-12397
 	RESERVED
-	{DSA-4683-1}
+	{DSA-4683-1 DLA-2206-1}
 	- thunderbird 1:68.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397
 CVE-2020-12396
@@ -805,7 +829,7 @@ CVE-2020-12396
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396
 CVE-2020-12395
 	RESERVED
-	{DSA-4683-1 DSA-4678-1 DLA-2205-1}
+	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
 	- firefox 76.0-1
 	- firefox-esr 68.8.0esr-1
 	- thunderbird 1:68.8.0-1
@@ -826,7 +850,7 @@ CVE-2020-12393
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393
 CVE-2020-12392
 	RESERVED
-	{DSA-4683-1 DSA-4678-1 DLA-2205-1}
+	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
 	- firefox 76.0-1
 	- firefox-esr 68.8.0esr-1
 	- thunderbird 1:68.8.0-1
@@ -855,7 +879,7 @@ CVE-2020-12388
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388
 CVE-2020-12387
 	RESERVED
-	{DSA-4683-1 DSA-4678-1 DLA-2205-1}
+	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
 	- firefox 76.0-1
 	- firefox-esr 68.8.0esr-1
 	- thunderbird 1:68.8.0-1
@@ -15285,7 +15309,7 @@ CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...)
 	NOT-FOR-US: TopList
 CVE-2020-6831
 	RESERVED
-	{DSA-4683-1 DSA-4678-1 DLA-2205-1}
+	{DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
 	- firefox 76.0-1
 	- firefox-esr 68.8.0esr-1
 	- chromium <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f546f30ef06af343fcee0cf622fb338d131a25e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f546f30ef06af343fcee0cf622fb338d131a25e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200509/39b2fa57/attachment.html>
