[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Nov 1 08:10:23 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4a4bd8dd by security tracker role at 2020-11-01T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature verification unless ...)
+	TODO: check
+CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 ...)
+	TODO: check
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...)
 	- wordpress <unfixed>
 	NOTE: https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
@@ -54231,8 +54235,8 @@ CVE-2020-5427
 	RESERVED
 CVE-2020-5426
 	RESERVED
-CVE-2020-5425
-	RESERVED
+CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...)
+	TODO: check
 CVE-2020-5424
 	RESERVED
 CVE-2020-5423
@@ -90297,6 +90301,7 @@ CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 an
 CVE-2019-12296
 	RESERVED
 CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the  ...)
+	{DLA-2423-1}
 	- wireshark 2.6.8-1.1 (low; bug #929446)
 	[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
@@ -94295,7 +94300,7 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi
 	NOTE: https://issues.roundup-tracker.org/issue2551035
 	NOTE: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
 CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...)
-	{DLA-1802-1}
+	{DLA-2423-1 DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
@@ -94308,7 +94313,7 @@ CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was ad
 	NOTE: bug was never in Debian apart experimental released versions:
 	NOTE: Dissector introduced in 3.0.0 and CVE fixed in 3.0.1
 CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
-	{DLA-1802-1}
+	{DLA-2423-1 DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
@@ -94319,7 +94324,7 @@ CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=26eee01f57f0a86fb375892c7937eac24ede4610
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-13.html
 CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...)
-	{DLA-1802-1}
+	{DLA-2423-1 DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb
@@ -94335,13 +94340,14 @@ CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an i
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-11.html
 CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF disse ...)
+	{DLA-2423-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
 	[jessie] - wireshark <not-affected> (vulnerable code is not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-15.html
 CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...)
-	{DLA-1802-1}
+	{DLA-2423-1 DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb
@@ -94350,7 +94356,7 @@ CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the Net
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-09.html
 CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...)
-	{DLA-1802-1}
+	{DLA-2423-1 DLA-1802-1}
 	- wireshark 2.6.8-1 (low; bug #926718)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
@@ -121193,7 +121199,7 @@ CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF ima
 	NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
 	NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
 CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...)
-	{DLA-2377-1 DLA-1786-1}
+	{DLA-2422-1 DLA-2377-1 DLA-1786-1}
 	[experimental] - qtsvg-opensource-src 5.11.3-1
 	- qtsvg-opensource-src 5.11.3-2 (low)
 	[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a4bd8ddb8ece97901c96d78d5b8e554b88fb0bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a4bd8ddb8ece97901c96d78d5b8e554b88fb0bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201101/9fef105f/attachment.html>

More information about the debian-security-tracker-commits mailing list