[Git][security-tracker-team/security-tracker][master] new libreoffice issue
Moritz Muehlenhoff
jmm at debian.org
Tue May 19 09:49:25 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
16a1d8bd by Moritz Muehlenhoff at 2020-05-19T10:49:05+02:00
new libreoffice issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2020-13156
CVE-2020-13155
RESERVED
CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2020-13152
RESERVED
CVE-2020-13151
@@ -25,17 +25,17 @@ CVE-2020-13151
CVE-2020-13150
RESERVED
CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
- TODO: check
+ NOT-FOR-US: Dragon Center
CVE-2020-13148
RESERVED
CVE-2020-13147
RESERVED
CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...)
- TODO: check
+ NOT-FOR-US: Studio in Open edX Ironwood
CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...)
- TODO: check
+ NOT-FOR-US: Studio in Open edX Ironwood
CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...)
- TODO: check
+ NOT-FOR-US: Studio in Open edX Ironwood
CVE-2020-13142
RESERVED
CVE-2020-13141
@@ -119,7 +119,7 @@ CVE-2020-13112
CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
NOT-FOR-US: NaviServer
CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...)
- TODO: check
+ NOT-FOR-US: Node kerberos
CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...)
NOT-FOR-US: Morita Shogi
CVE-2020-13108
@@ -151,7 +151,7 @@ CVE-2020-13096
CVE-2020-13095
RESERVED
CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
- TODO: check
+ - dolibarr <removed>
CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
NOT-FOR-US: iSpyConnect.com Agent DVR
CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...)
@@ -756,7 +756,8 @@ CVE-2020-12803
CVE-2020-12802
RESERVED
CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
- TODO: check
+ - libreoffice 1:6.4.3-1 (low)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
CVE-2020-12800
RESERVED
CVE-2020-12799
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a1d8bd00723cb3bd16582ad563e556fff4bdbe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a1d8bd00723cb3bd16582ad563e556fff4bdbe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200519/f4187797/attachment.html>
More information about the debian-security-tracker-commits
mailing list