[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Nov 1 20:10:36 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b436b08 by security tracker role at 2020-11-01T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-28046 (An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker ...)
+	TODO: check
+CVE-2020-28045 (An unsigned-library issue was discovered in ProlinOS through 2.4.161.8 ...)
+	TODO: check
+CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device with Pr ...)
+	TODO: check
+CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the use_full_p ...)
+	TODO: check
 CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature verification unless ...)
 	TODO: check
 CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 ...)
@@ -5235,8 +5243,8 @@ CVE-2020-25851
 	RESERVED
 CVE-2020-25850
 	RESERVED
-CVE-2020-25849
-	RESERVED
+CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw, which ...)
+	TODO: check
 CVE-2020-25848
 	RESERVED
 CVE-2020-25847
@@ -27614,6 +27622,7 @@ CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT r
 CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
 	NOT-FOR-US: Channelmgnt plug-in for Sopel
 CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...)
+	{DLA-2426-1}
 	- junit4 <unfixed> (bug #972231)
 	NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
 	NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
@@ -30084,7 +30093,7 @@ CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 sub
 	[buster] - linux 4.19.146-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
 CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image  ...)
-	{DSA-4771-1}
+	{DSA-4771-1 DLA-2428-1 DLA-2427-1}
 	- spice 0.14.3-2 (bug #971750)
 	- spice-gtk <unfixed> (bug #971751)
 	[buster] - spice-gtk <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b436b08d0b7eb04a5a6f7cda14b42bb4099d14f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b436b08d0b7eb04a5a6f7cda14b42bb4099d14f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201101/3cfded50/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list