[Git][security-tracker-team/security-tracker][master] new ruby-actionpack-page-caching issue
Moritz Muehlenhoff
jmm at debian.org
Fri May 15 08:38:51 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
de7acad2 by Moritz Muehlenhoff at 2020-05-15T09:37:45+02:00
new ruby-actionpack-page-caching issue
new qemu issue (unfixed upstream)
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...)
- TODO: check
+ NOT-FOR-US: Veritas
CVE-2020-12873
RESERVED
CVE-2020-12872
@@ -98,6 +98,9 @@ CVE-2020-12830
RESERVED
CVE-2020-12829
RESERVED
+ - qemu <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
CVE-2020-12828
RESERVED
CVE-2020-12827
@@ -223,7 +226,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authentic
NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86
NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Spark
CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...)
- libexif <unfixed> (bug #960199)
[buster] - libexif <no-dsa> (Minor issue)
@@ -261,7 +264,7 @@ CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&
CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...)
NOT-FOR-US: Gnuteca
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
- json-c <unfixed> (bug #960326)
NOTE: https://github.com/json-c/json-c/pull/592
@@ -370,7 +373,7 @@ CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Cons
CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: COVIDSafe (Australia) app
CVE-2020-12716
RESERVED
CVE-2020-12715
@@ -442,7 +445,7 @@ CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mite
CVE-2020-12678
REJECTED
CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...)
- TODO: check
+ NOT-FOR-US: Progress MOVEit Automation Web Admin
CVE-2020-12676
RESERVED
CVE-2020-12675
@@ -6879,7 +6882,7 @@ CVE-2020-10628
CVE-2020-10627
RESERVED
CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
- TODO: check
+ NOT-FOR-US: Fazecast jSerialComm
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10624
@@ -12476,7 +12479,8 @@ CVE-2020-8161
CVE-2020-8160
RESERVED
CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
- TODO: check
+ - ruby-actionpack-page-caching <unfixed>
+ NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
CVE-2020-8158
RESERVED
CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/aed76ace/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list