[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 26 08:10:27 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9405438 by security tracker role at 2020-11-26T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,112 @@
-CVE-2020-29074 [creates shared memory segments world-writable]
+CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...)
+ TODO: check
+CVE-2020-29127
+ RESERVED
+CVE-2020-29126
+ RESERVED
+CVE-2020-29125
+ RESERVED
+CVE-2020-29124
+ RESERVED
+CVE-2020-29123
+ RESERVED
+CVE-2020-29122
+ RESERVED
+CVE-2020-29121
+ RESERVED
+CVE-2020-29120
+ RESERVED
+CVE-2020-29119
+ RESERVED
+CVE-2020-29118
+ RESERVED
+CVE-2020-29117
+ RESERVED
+CVE-2020-29116
+ RESERVED
+CVE-2020-29115
+ RESERVED
+CVE-2020-29114
+ RESERVED
+CVE-2020-29113
+ RESERVED
+CVE-2020-29112
+ RESERVED
+CVE-2020-29111
+ RESERVED
+CVE-2020-29110
+ RESERVED
+CVE-2020-29109
+ RESERVED
+CVE-2020-29108
+ RESERVED
+CVE-2020-29107
+ RESERVED
+CVE-2020-29106
+ RESERVED
+CVE-2020-29105
+ RESERVED
+CVE-2020-29104
+ RESERVED
+CVE-2020-29103
+ RESERVED
+CVE-2020-29102
+ RESERVED
+CVE-2020-29101
+ RESERVED
+CVE-2020-29100
+ RESERVED
+CVE-2020-29099
+ RESERVED
+CVE-2020-29098
+ RESERVED
+CVE-2020-29097
+ RESERVED
+CVE-2020-29096
+ RESERVED
+CVE-2020-29095
+ RESERVED
+CVE-2020-29094
+ RESERVED
+CVE-2020-29093
+ RESERVED
+CVE-2020-29092
+ RESERVED
+CVE-2020-29091
+ RESERVED
+CVE-2020-29090
+ RESERVED
+CVE-2020-29089
+ RESERVED
+CVE-2020-29088
+ RESERVED
+CVE-2020-29087
+ RESERVED
+CVE-2020-29086
+ RESERVED
+CVE-2020-29085
+ RESERVED
+CVE-2020-29084
+ RESERVED
+CVE-2020-29083
+ RESERVED
+CVE-2020-29082
+ RESERVED
+CVE-2020-29081
+ RESERVED
+CVE-2020-29080
+ RESERVED
+CVE-2020-29079
+ RESERVED
+CVE-2020-29078
+ RESERVED
+CVE-2020-29077
+ RESERVED
+CVE-2020-29076
+ RESERVED
+CVE-2020-29075
+ RESERVED
+CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...)
- x11vnc <unfixed> (bug #975875)
NOTE: https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
CVE-2020-29073
@@ -269,14 +377,14 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc
CVE-2020-28950
RESERVED
CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
- {DLA-2465-1}
+ {DLA-2466-1 DLA-2465-1}
- drupal7 <removed>
- php-pear <unfixed>
NOTE: https://github.com/pear/Archive_Tar/issues/33
NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
NOTE: https://www.drupal.org/sa-core-2020-013
CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack because ph ...)
- {DLA-2465-1}
+ {DLA-2466-1 DLA-2465-1}
- drupal7 <removed>
- php-pear <unfixed>
NOTE: https://github.com/pear/Archive_Tar/issues/33
@@ -7293,16 +7401,16 @@ CVE-2020-27257
RESERVED
CVE-2020-27256
RESERVED
-CVE-2020-27255
- RESERVED
+CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
+ TODO: check
CVE-2020-27254
RESERVED
-CVE-2020-27253
- RESERVED
+CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
+ TODO: check
CVE-2020-27252
RESERVED
-CVE-2020-27251
- RESERVED
+CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
+ TODO: check
CVE-2020-27250
RESERVED
CVE-2020-27249
@@ -10993,20 +11101,17 @@ CVE-2020-25654 (An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and
- pacemaker 2.0.5~rc2-1 (bug #973254)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
-CVE-2020-25653 [UNIX Doman Socket Peer PID Retrieved via SO_PEERCRED is Subject to Race Condition]
- RESERVED
+CVE-2020-25653 (A race condition vulnerability was found in the way the spice-vdagentd ...)
- spice-vdagent <unfixed> (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/51c415df82a52e9ec033225783c77df95f387891
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/5c50131797e985d0a5654c1fd7000ae945ed29a7
-CVE-2020-25652 [Possibility to Exhaust File Descriptors in vdagentd]
- RESERVED
+CVE-2020-25652 (A flaw was found in the spice-vdagentd daemon, where it did not proper ...)
- spice-vdagent <unfixed> (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/91caa9223857708475d29df1768208fed1675340
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/812ca777469a377c84b9861d7d326bfc72563304
-CVE-2020-25651 [Possible File Transfer DoS and Information Leak via active_xfers Hash Map]
- RESERVED
+CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File data from t ...)
- spice-vdagent <unfixed> (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
@@ -35980,10 +36085,10 @@ CVE-2020-14193
RESERVED
CVE-2020-14192
RESERVED
-CVE-2020-14191
- RESERVED
-CVE-2020-14190
- RESERVED
+CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
+ TODO: check
+CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
+ TODO: check
CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...)
NOT-FOR-US: Atlassian
CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94054389f5c213c6fa61f61ec61d09ca082ecab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94054389f5c213c6fa61f61ec61d09ca082ecab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201126/be7f4f1c/attachment.html>
More information about the debian-security-tracker-commits
mailing list