[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1106{0,2}/glpi

Salvatore Bonaccorso carnil at debian.org
Wed May 13 09:59:07 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e99346fa by Salvatore Bonaccorso at 2020-05-13T10:58:33+02:00
Add CVE-2020-1106{0,2}/glpi

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5270,11 +5270,17 @@ CVE-2020-11064
 CVE-2020-11063
 	RESERVED
 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
+	NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11061
 	RESERVED
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
+	NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11059
 	RESERVED
 CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99346fad11d2f4ab513e487eb5e58249ffa1d3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e99346fad11d2f4ab513e487eb5e58249ffa1d3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200513/980206c9/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list