[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon May 18 09:10:21 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff76cbc1 by security tracker role at 2020-05-18T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-13130
+	RESERVED
+CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS. T ...)
+	TODO: check
+CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...)
+	TODO: check
+CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 6.9.7 for  ...)
+	TODO: check
+CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 6.9.7 for  ...)
+	TODO: check
+CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an out-of-bo ...)
+	TODO: check
+CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors may be  ...)
+	TODO: check
+CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...)
+	TODO: check
+CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer  ...)
+	TODO: check
 CVE-2020-13127
 	RESERVED
 CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...)
@@ -533,16 +551,16 @@ CVE-2020-12862
 	RESERVED
 CVE-2020-12861
 	RESERVED
-CVE-2020-12860
-	RESERVED
-CVE-2020-12859
-	RESERVED
-CVE-2020-12858
-	RESERVED
-CVE-2020-12857
-	RESERVED
-CVE-2020-12856
-	RESERVED
+CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...)
+	TODO: check
+CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...)
+	TODO: check
+CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...)
+	TODO: check
+CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...)
+	TODO: check
+CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...)
+	TODO: check
 CVE-2020-12855
 	RESERVED
 CVE-2020-12854
@@ -731,6 +749,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authentic
 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...)
 	NOT-FOR-US: Ignite Realtime Spark
 CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...)
+	{DLA-2214-1}
 	- libexif 0.6.21-7 (bug #960199)
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
@@ -36542,6 +36561,7 @@ CVE-2020-0095
 CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...)
 	TODO: check
 CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...)
+	{DLA-2214-1}
 	- libexif <unfixed>
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
@@ -83696,6 +83716,7 @@ CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in
 CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion  ...)
 	NOT-FOR-US: FlexNet Publisher
 CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
+	{DLA-2214-1}
 	- libexif 0.6.21-5.1 (bug #918730)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
@@ -173982,6 +174003,7 @@ CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.
 CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 perform ...)
 	NOT-FOR-US: jbpm-designer / jBPM
 CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...)
+	{DLA-2214-1}
 	- libexif 0.6.21-2.1 (bug #876466)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	[wheezy] - libexif <no-dsa> (Minor issue)
@@ -205510,6 +205532,7 @@ CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for re
 	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
 	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
 CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...)
+	{DLA-2214-1}
 	- libexif 0.6.21-2.1 (bug #873022)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	[wheezy] - libexif <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff76cbc15856268b212737b59ef20d7baf007f46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff76cbc15856268b212737b59ef20d7baf007f46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200518/9fe3e4be/attachment.html>

More information about the debian-security-tracker-commits mailing list