[Git][security-tracker-team/security-tracker][master] Track two CVEs for nextcloud-server

Salvatore Bonaccorso carnil at debian.org
Tue Nov 10 20:54:53 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c52cc49a by Salvatore Bonaccorso at 2020-11-10T21:54:33+01:00
Track two CVEs for nextcloud-server

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49823,7 +49823,7 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour
 	NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails
 	NOTE: release as it was not widely used.
 CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...)
 	NOT-FOR-US: Node logkitty
 CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...)
@@ -49859,7 +49859,7 @@ CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Re
 CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
 	NOT-FOR-US: Ghost CMS
 CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0  ...)
 	NOT-FOR-US: Node pdf-image package
 CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201110/3e902f83/attachment.html>

More information about the debian-security-tracker-commits mailing list