[Git][security-tracker-team/security-tracker][master] new ruby-actionpack-page-caching issue

Moritz Muehlenhoff jmm at debian.org
Fri May 15 08:38:51 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de7acad2 by Moritz Muehlenhoff at 2020-05-15T09:37:45+02:00
new ruby-actionpack-page-caching issue
new qemu issue (unfixed upstream)
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...)
-	TODO: check
+	NOT-FOR-US: Veritas
 CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...)
-	TODO: check
+	NOT-FOR-US: Veritas
 CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...)
-	TODO: check
+	NOT-FOR-US: Veritas
 CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the  ...)
-	TODO: check
+	NOT-FOR-US: Veritas
 CVE-2020-12873
 	RESERVED
 CVE-2020-12872
@@ -98,6 +98,9 @@ CVE-2020-12830
 	RESERVED
 CVE-2020-12829
 	RESERVED
+	- qemu <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
 CVE-2020-12828
 	RESERVED
 CVE-2020-12827
@@ -223,7 +226,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authentic
 	NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86
 	NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Spark
 CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...)
 	- libexif <unfixed> (bug #960199)
 	[buster] - libexif <no-dsa> (Minor issue)
@@ -261,7 +264,7 @@ CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&
 CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...)
 	NOT-FOR-US: Gnuteca
 CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet ProView
 CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
 	- json-c <unfixed> (bug #960326)
 	NOTE: https://github.com/json-c/json-c/pull/592
@@ -370,7 +373,7 @@ CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Cons
 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...)
-	TODO: check
+	NOT-FOR-US: COVIDSafe (Australia) app
 CVE-2020-12716
 	RESERVED
 CVE-2020-12715
@@ -442,7 +445,7 @@ CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mite
 CVE-2020-12678
 	REJECTED
 CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...)
-	TODO: check
+	NOT-FOR-US: Progress MOVEit Automation Web Admin
 CVE-2020-12676
 	RESERVED
 CVE-2020-12675
@@ -6879,7 +6882,7 @@ CVE-2020-10628
 CVE-2020-10627
 	RESERVED
 CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
-	TODO: check
+	NOT-FOR-US: Fazecast jSerialComm
 CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
 	NOT-FOR-US: WebAccess/NMS
 CVE-2020-10624
@@ -12476,7 +12479,8 @@ CVE-2020-8161
 CVE-2020-8160
 	RESERVED
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
-	TODO: check
+	- ruby-actionpack-page-caching <unfixed>
+	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
 CVE-2020-8158
 	RESERVED
 CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/aed76ace/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list