[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Nov 26 20:10:33 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7e008b6 by security tracker role at 2020-11-26T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...)
+	TODO: check
+CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...)
+	TODO: check
 CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...)
 	TODO: check
 CVE-2020-29127
@@ -126,7 +130,7 @@ CVE-2020-29067
 CVE-2020-29066
 	RESERVED
 CVE-2020-29065
-	RESERVED
+	REJECTED
 CVE-2020-29064
 	RESERVED
 CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
@@ -173,10 +177,10 @@ CVE-2020-29045
 	RESERVED
 CVE-2020-29044
 	RESERVED
-CVE-2020-29043
-	RESERVED
-CVE-2020-29042
-	RESERVED
+CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When at attac ...)
+	TODO: check
+CVE-2020-29042 (An issue was discovered in BigBlueButton through 2.2.29. A brute-force ...)
+	TODO: check
 CVE-2020-29041
 	RESERVED
 CVE-2020-29040 (An issue was discovered in Xen through 4.14.x allowing x86 HVM guest O ...)
@@ -5728,6 +5732,7 @@ CVE-2020-27784
 	RESERVED
 CVE-2020-27783
 	RESERVED
+	{DLA-2467-1}
 	- lxml 4.6.1-1
 	NOTE: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1)
 CVE-2020-27782
@@ -6544,10 +6549,10 @@ CVE-2020-27665 (In Strapi before 3.2.5, there is no admin::hasPermissions restri
 	NOT-FOR-US: Strapi
 CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in Strapi befo ...)
 	NOT-FOR-US: Strapi
-CVE-2020-27663
-	RESERVED
-CVE-2020-27662
-	RESERVED
+CVE-2020-27663 (In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct ...)
+	TODO: check
+CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object  ...)
+	TODO: check
 CVE-2020-27661 [divide by zero in dwc2_handle_packet() in hw/usb/hcd-dwc2.c]
 	RESERVED
 	- qemu <unfixed> (bug #972864)
@@ -7517,8 +7522,8 @@ CVE-2020-27209
 	RESERVED
 CVE-2020-27208
 	RESERVED
-CVE-2020-27207
-	RESERVED
+CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...)
+	TODO: check
 CVE-2020-27206
 	RESERVED
 CVE-2020-27205
@@ -8174,8 +8179,8 @@ CVE-2020-26938
 	RESERVED
 CVE-2020-26937
 	RESERVED
-CVE-2020-26936
-	RESERVED
+CVE-2020-26936 (Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF at ...)
+	TODO: check
 CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...)
 	{DLA-2413-1}
 	- phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000)
@@ -36942,8 +36947,8 @@ CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module
 	- libcrypt-perl-perl <itp> (bug #907353)
 	NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
 	NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2
-CVE-2020-13886
-	RESERVED
+CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 6 ...)
+	TODO: check
 CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...)
 	NOT-FOR-US: Citrix
 CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...)
@@ -54082,10 +54087,10 @@ CVE-2020-7781
 	RESERVED
 CVE-2020-7780
 	RESERVED
-CVE-2020-7779
-	RESERVED
-CVE-2020-7778
-	RESERVED
+CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...)
+	TODO: check
+CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...)
+	TODO: check
 CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control  ...)
 	NOT-FOR-US: Node jsen
 CVE-2020-7776
@@ -127075,7 +127080,7 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a u
 	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
 	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126
 CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...)
-	{DLA-1604-1}
+	{DLA-2467-1 DLA-1604-1}
 	- lxml 4.2.5-1
 	NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5)
 CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e008b611072d89465ee34495212e46a46c4425

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e008b611072d89465ee34495212e46a46c4425
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201126/658e0fe5/attachment.html>

More information about the debian-security-tracker-commits mailing list