[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Oct 25 20:10:39 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff107484 by security tracker role at 2020-10-25T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -557,6 +557,7 @@ CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injec
 CVE-2020-27614
 	RESERVED
 CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
+	{DLA-2414-1}
 	- fastd 21-1 (bug #972521)
 	[buster] - fastd <no-dsa> (Will be fixed via point release)
 	NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
@@ -1970,10 +1971,12 @@ CVE-2020-26937
 CVE-2020-26936
 	RESERVED
 CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...)
+	{DLA-2413-1}
 	- phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2
 CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...)
+	{DLA-2413-1}
 	- phpmyadmin 4:4.9.7+dfsg1-1 (bug #971999)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
@@ -24720,7 +24723,7 @@ CVE-2020-15970
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-15969
 	RESERVED
-	{DSA-4778-1 DLA-2411-1}
+	{DSA-4780-1 DSA-4778-1 DLA-2411-1}
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	- firefox 82.0-1
@@ -25502,7 +25505,7 @@ CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefo
 	- firefox 82.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
 CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...)
-	{DSA-4778-1 DLA-2411-1}
+	{DSA-4780-1 DSA-4778-1 DLA-2411-1}
 	- firefox 82.0-1
 	- firefox-esr 78.4.0esr-1
 	- thunderbird 1:78.4.0-1
@@ -27687,7 +27690,7 @@ CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise S
 CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed> (bug #972623)
 CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
@@ -27700,17 +27703,17 @@ CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <unfixed> (bug #972623)
 CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
@@ -27722,7 +27725,7 @@ CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-5.7 <unfixed> (bug #972824)
 	- mysql-8.0 <unfixed> (bug #972623)
 CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
@@ -27747,19 +27750,19 @@ CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusio
 CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
 CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware  ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DLA-2412-1}
+	{DSA-4779-1 DLA-2412-1}
 	- openjdk-15 15.0.1+9-1
 	- openjdk-11 11.0.9+11-1
 	- openjdk-8 <unfixed>
@@ -47528,8 +47531,8 @@ CVE-2020-7753
 	RESERVED
 CVE-2020-7752
 	RESERVED
-CVE-2020-7751
-	RESERVED
+CVE-2020-7751 (This affects all versions of package pathval. ...)
+	TODO: check
 CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...)
 	NOT-FOR-US: scratch-svg-renderer nodejs module
 CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...)
@@ -61580,7 +61583,7 @@ CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mis
 CVE-2019-19618
 	RESERVED
 CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
-	{DLA-2024-1}
+	{DLA-2413-1 DLA-2024-1}
 	- phpmyadmin 4:4.9.2+dfsg1-1
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff1074846042731a417532c62f4c5e56e0df9c5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff1074846042731a417532c62f4c5e56e0df9c5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201025/8682daba/attachment.html>

More information about the debian-security-tracker-commits mailing list