[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 10 21:10:35 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7691e477 by security tracker role at 2020-10-10T20:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-26941
+	RESERVED
+CVE-2020-26940
+	RESERVED
+CVE-2020-26939
+	RESERVED
+CVE-2020-26938
+	RESERVED
+CVE-2020-26937
+	RESERVED
+CVE-2020-26936
+	RESERVED
+CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...)
+	TODO: check
+CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...)
+	TODO: check
+CVE-2020-26933
+	RESERVED
 CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
 	NOT-FOR-US: Netgear
 CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...)
@@ -28099,6 +28117,7 @@ CVE-2020-13957
 	RESERVED
 CVE-2020-13956 [incorrect handling of malformed authority component in request URIs]
 	RESERVED
+	{DLA-2405-1}
 	- httpcomponents-client 4.5.13-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
 	NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)
@@ -37171,7 +37190,8 @@ CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
 	NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch
 	NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
 	NOTE: https://github.com/sympa-community/sympa/issues/943
-CVE-2020-26932
+CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...)
+	{DLA-2401-1}
 	- sympa 6.2.40~dfsg-7 (bug #971904)
 	NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions
 	NOTE: (already suid root and word-executable) allowing to gain root privileges



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7691e4775838ae8c967bfe7733b46e6da4ac4532

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7691e4775838ae8c967bfe7733b46e6da4ac4532
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201010/382148cb/attachment.html>
