[Git][security-tracker-team/security-tracker][master] automatic update

Wed May 27 09:10:25 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
09b53a92 by security tracker role at 2020-05-27T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
+	TODO: check
+CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
+	TODO: check
+CVE-2020-13621
+	RESERVED
+CVE-2020-13620
+	RESERVED
+CVE-2020-13619
+	RESERVED
+CVE-2020-13618
+	RESERVED
+CVE-2020-13617
+	RESERVED
+CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
+	TODO: check
+CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification  ...)
+	TODO: check
+CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...)
+	TODO: check
+CVE-2020-13613
+	RESERVED
+CVE-2020-13612
+	RESERVED
+CVE-2020-13611
+	RESERVED
+CVE-2020-13610
+	RESERVED
+CVE-2020-13609
+	RESERVED
+CVE-2020-13608
+	RESERVED
+CVE-2020-13607
+	RESERVED
+CVE-2020-13606
+	RESERVED
+CVE-2020-13605
+	RESERVED
+CVE-2020-13604
+	RESERVED
+CVE-2020-13603
+	RESERVED
+CVE-2020-13602
+	RESERVED
+CVE-2020-13601
+	RESERVED
+CVE-2020-13600
+	RESERVED
+CVE-2020-13599
+	RESERVED
+CVE-2020-13598
+	RESERVED
+CVE-2020-13597
+	RESERVED
+CVE-2020-13596
+	RESERVED
+CVE-2020-13595
+	RESERVED
+CVE-2020-13594
+	RESERVED
+CVE-2020-13593
+	RESERVED
 CVE-2020-XXXX [Drupal SA 2020-003]
 	- drupal7 <removed>
 	[stretch] - drupal7 7.52-2+deb9u10
@@ -2063,10 +2125,12 @@ CVE-2020-12665
 CVE-2020-12664
 	RESERVED
 CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...)
+	{DSA-4694-1}
 	- unbound 1.10.1-1
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
 	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
 CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...)
+	{DSA-4694-1}
 	- unbound 1.10.1-1
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
 	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
@@ -7137,6 +7201,7 @@ CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS)
 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable  ...)
 	NOT-FOR-US: Moonlight iOS/tvOS
 CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
+	{DSA-4693-1}
 	- jquery <removed>
 	[jessie] - jquery <not-affected> (Vulnerable code note present)
 	- drupal7 <removed>
@@ -7144,6 +7209,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
 	NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
 	NOTE: https://www.drupal.org/sa-core-2020-002
 CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
+	{DSA-4693-1}
 	- jquery <removed>
 	[jessie] - jquery <not-affected> (Vulnerable code note present)
 	- node-jquery 3.5.0+dfsg-2
@@ -8098,8 +8164,7 @@ CVE-2020-10739
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
 	- moodle <removed>
-CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack]
-	RESERVED
+CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...)
 	- oddjob <unfixed> (bug #960089)
 	[buster] - oddjob <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
@@ -12074,8 +12139,8 @@ CVE-2020-9048
 	RESERVED
 CVE-2020-9047
 	RESERVED
-CVE-2020-9046
-	RESERVED
+CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
+	TODO: check
 CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
 	NOT-FOR-US: Software House
 CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
@@ -12088,7 +12153,7 @@ CVE-2020-9041
 	RESERVED
 CVE-2020-9040
 	RESERVED
-CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for ...)
+CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
 	NOT-FOR-US: Couchbase
 CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
 	NOT-FOR-US: Joplin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b53a92bdf62ab9ae853343eeb7f6fbc672a4f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09b53a92bdf62ab9ae853343eeb7f6fbc672a4f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200527/e2daef81/attachment.html>
