[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu May 14 09:10:28 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e22c95f7 by security tracker role at 2020-05-14T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-12844
+	RESERVED
+CVE-2020-12843
+	RESERVED
+CVE-2020-12842
+	RESERVED
+CVE-2020-12841
+	RESERVED
+CVE-2020-12840
+	RESERVED
+CVE-2020-12839
+	RESERVED
+CVE-2020-12838
+	RESERVED
+CVE-2020-12837
+	RESERVED
+CVE-2020-12836
+	RESERVED
+CVE-2020-12835
+	RESERVED
+CVE-2020-12834
+	RESERVED
 CVE-2020-12833
 	RESERVED
 CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
@@ -281,8 +303,8 @@ CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Cons
 	NOT-FOR-US: WSO2
 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...)
 	NOT-FOR-US: PHP-Fusion
-CVE-2020-12717
-	RESERVED
+CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...)
+	TODO: check
 CVE-2020-12716
 	RESERVED
 CVE-2020-12715
@@ -5276,20 +5298,20 @@ CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerabi
 	TODO: check
 CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...)
 	TODO: check
-CVE-2020-11069
-	RESERVED
+CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
+	TODO: check
 CVE-2020-11068
 	RESERVED
-CVE-2020-11067
-	RESERVED
-CVE-2020-11066
-	RESERVED
-CVE-2020-11065
-	RESERVED
-CVE-2020-11064
-	RESERVED
-CVE-2020-11063
-	RESERVED
+CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
+	TODO: check
+CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
+	TODO: check
+CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...)
+	TODO: check
+CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
+	TODO: check
+CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...)
+	TODO: check
 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...)
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
@@ -18447,14 +18469,14 @@ CVE-2020-5579
 	RESERVED
 CVE-2020-5578
 	RESERVED
-CVE-2020-5577
-	RESERVED
-CVE-2020-5576
-	RESERVED
-CVE-2020-5575
-	RESERVED
-CVE-2020-5574
-	RESERVED
+CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...)
+	TODO: check
+CVE-2020-5576 (Cross-site request forgery (CSRF) vulnerability in Movable Type series ...)
+	TODO: check
+CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
+	TODO: check
+CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...)
+	TODO: check
 CVE-2020-5573
 	RESERVED
 CVE-2020-5572
@@ -18842,8 +18864,8 @@ CVE-2020-5411
 	RESERVED
 CVE-2020-5410
 	RESERVED
-CVE-2020-5409
-	RESERVED
+CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
+	TODO: check
 CVE-2020-5408
 	RESERVED
 CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
@@ -23519,6 +23541,7 @@ CVE-2020-3811
 	RESERVED
 CVE-2020-3810 [apt out-of-bounds read in .ar/.tar implemations]
 	RESERVED
+	{DSA-4685-1}
 	- apt 2.1.2
 	NOTE: https://github.com/Debian/apt/issues/111
 	NOTE: https://bugs.launchpad.net/bugs/1878177



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e22c95f7a442d1e7f7929a61943a67d5e166026f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e22c95f7a442d1e7f7929a61943a67d5e166026f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200514/cadcdb0a/attachment.html>

More information about the debian-security-tracker-commits mailing list