[Git][security-tracker-team/security-tracker][master] automatic update

Sun May 24 21:10:36 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc69be23 by security tracker role at 2020-05-24T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
+	TODO: check
+CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
+	TODO: check
 CVE-2020-13428
 	RESERVED
 CVE-2020-13427
@@ -114560,6 +114564,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a
 CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
 	NOT-FOR-US: CSP MySQL User Manager
 CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
+	{DLA-2218-1}
 	- transmission <unfixed> (bug #961461)
 	NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00)
 	NOTE: https://tomrichards.net/2020/05/cve-2018-10756-transmission/
@@ -173431,7 +173436,7 @@ CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attack
 CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...)
 	NOT-FOR-US: QNAP QTS
 CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...)
-	{DLA-899-1}
+	{DLA-2219-1 DLA-899-1}
 	- feh 2.18-2 (low; bug #860367)
 	NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
 CVE-2017-7874
@@ -206373,7 +206378,7 @@ CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in app/assets/javascript
 CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
 	- foreman <itp> (bug #663101)
 CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in lib/fa ...)
-	{DLA-599-1}
+	{DLA-2220-1 DLA-599-1}
 	- cracklib2 2.9.2-2 (bug #834502)
 	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
 	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc69be235c8a4a7efaa0851cc8793b253fd32767

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc69be235c8a4a7efaa0851cc8793b253fd32767
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200524/afebd8de/attachment-0001.html>
