[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 27 09:10:25 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09b53a92 by security tracker role at 2020-05-27T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
+ TODO: check
+CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
+ TODO: check
+CVE-2020-13621
+ RESERVED
+CVE-2020-13620
+ RESERVED
+CVE-2020-13619
+ RESERVED
+CVE-2020-13618
+ RESERVED
+CVE-2020-13617
+ RESERVED
+CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
+ TODO: check
+CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...)
+ TODO: check
+CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...)
+ TODO: check
+CVE-2020-13613
+ RESERVED
+CVE-2020-13612
+ RESERVED
+CVE-2020-13611
+ RESERVED
+CVE-2020-13610
+ RESERVED
+CVE-2020-13609
+ RESERVED
+CVE-2020-13608
+ RESERVED
+CVE-2020-13607
+ RESERVED
+CVE-2020-13606
+ RESERVED
+CVE-2020-13605
+ RESERVED
+CVE-2020-13604
+ RESERVED
+CVE-2020-13603
+ RESERVED
+CVE-2020-13602
+ RESERVED
+CVE-2020-13601
+ RESERVED
+CVE-2020-13600
+ RESERVED
+CVE-2020-13599
+ RESERVED
+CVE-2020-13598
+ RESERVED
+CVE-2020-13597
+ RESERVED
+CVE-2020-13596
+ RESERVED
+CVE-2020-13595
+ RESERVED
+CVE-2020-13594
+ RESERVED
+CVE-2020-13593
+ RESERVED
CVE-2020-XXXX [Drupal SA 2020-003]
- drupal7 <removed>
[stretch] - drupal7 7.52-2+deb9u10
@@ -2063,10 +2125,12 @@ CVE-2020-12665
CVE-2020-12664
RESERVED
CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...)
+ {DSA-4694-1}
- unbound 1.10.1-1
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...)
+ {DSA-4694-1}
- unbound 1.10.1-1
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
@@ -7137,6 +7201,7 @@ CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS)
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...)
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
+ {DSA-4693-1}
- jquery <removed>
[jessie] - jquery <not-affected> (Vulnerable code note present)
- drupal7 <removed>
@@ -7144,6 +7209,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
NOTE: https://www.drupal.org/sa-core-2020-002
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
+ {DSA-4693-1}
- jquery <removed>
[jessie] - jquery <not-affected> (Vulnerable code note present)
- node-jquery 3.5.0+dfsg-2
@@ -8098,8 +8164,7 @@ CVE-2020-10739
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
- moodle <removed>
-CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack]
- RESERVED
+CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...)
- oddjob <unfixed> (bug #960089)
[buster] - oddjob <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
@@ -12074,8 +12139,8 @@ CVE-2020-9048
RESERVED
CVE-2020-9047
RESERVED
-CVE-2020-9046
- RESERVED
+CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
+ TODO: check
CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
NOT-FOR-US: Software House
CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
@@ -12088,7 +12153,7 @@ CVE-2020-9041
RESERVED
CVE-2020-9040
RESERVED
-CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for ...)
+CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
NOT-FOR-US: Couchbase
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
NOT-FOR-US: Joplin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b53a92bdf62ab9ae853343eeb7f6fbc672a4f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b53a92bdf62ab9ae853343eeb7f6fbc672a4f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200527/e2daef81/attachment.html>
More information about the debian-security-tracker-commits
mailing list