[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Sep 10 09:10:29 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72c2c690 by security tracker role at 2020-09-10T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...)
+	TODO: check
+CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...)
+	TODO: check
+CVE-2020-25218
+	RESERVED
+CVE-2020-25217
+	RESERVED
+CVE-2020-25216
+	RESERVED
+CVE-2020-25215
+	RESERVED
+CVE-2020-25214
+	RESERVED
 CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
 	NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
 CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
@@ -509,6 +523,7 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712
 	NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...)
+	{DLA-2369-1}
 	- libxml2 <unfixed> (bug #969529)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
@@ -1177,8 +1192,8 @@ CVE-2020-24657
 	RESERVED
 CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
 	NOT-FOR-US: Maltego
-CVE-2020-24655
-	RESERVED
+CVE-2020-24655 (A race condition in the Twilio Authy 2-Factor Authentication applicati ...)
+	TODO: check
 CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...)
 	{DSA-4759-1}
 	- ark 4:20.08.1-1 (bug #969437)
@@ -18969,8 +18984,8 @@ CVE-2020-15905
 	RESERVED
 CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...)
 	NOT-FOR-US: bsdiff4 (different from src:bsdiff)
-CVE-2020-15903
-	RESERVED
+CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...)
+	TODO: check
 CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...)
 	NOT-FOR-US: Nagios XI
 CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated  ...)
@@ -20813,8 +20828,8 @@ CVE-2020-15175
 	RESERVED
 CVE-2020-15174
 	RESERVED
-CVE-2020-15173
-	RESERVED
+CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...)
+	TODO: check
 CVE-2020-15172
 	RESERVED
 CVE-2020-15171
@@ -41701,6 +41716,7 @@ CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to e
 CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
 	NOT-FOR-US: Codecov npm module
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
+	{DLA-2369-1}
 	- libxml2 2.9.10+dfsg-2.1 (bug #949582)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
@@ -41956,6 +41972,7 @@ CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered
 CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
+	{DLA-2369-1}
 	- libxml2 2.9.10+dfsg-2.1 (bug #949583)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
@@ -51204,7 +51221,7 @@ CVE-2019-19958 (In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in comm
 CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_ac ...)
 	NOT-FOR-US: libIEC61850
 CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...)
-	{DLA-2048-1}
+	{DLA-2369-1 DLA-2048-1}
 	[experimental] - libxml2 2.9.10+dfsg-1
 	- libxml2 2.9.10+dfsg-2
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -131212,7 +131229,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
 	NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
 	NOTE: https://redmine.openinfosecfoundation.org/issues/2501
 CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
-	{DLA-1524-1}
+	{DLA-2369-1 DLA-1524-1}
 	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
 	- libxml2 2.9.10+dfsg-2
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -131706,7 +131723,7 @@ CVE-2018-14406
 CVE-2018-14405
 	RESERVED
 CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...)
-	{DLA-1524-1}
+	{DLA-2369-1 DLA-1524-1}
 	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
 	- libxml2 2.9.10+dfsg-2 (low; bug #901817)
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -145520,7 +145537,7 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm
 	NOTE: Thus CVE-2018-9251 is only affecting libxml2 if e2a9122b8dde53d320750451e9907a7dcb2ca8bb
 	NOTE: is applied.
 CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote  ...)
-	{DLA-1524-1}
+	{DLA-2369-1 DLA-1524-1}
 	[experimental] - libxml2 2.9.7+dfsg-1
 	- libxml2 2.9.10+dfsg-2 (low; bug #895245)
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -197740,6 +197757,7 @@ CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mau
 CVE-2017-8873
 	RESERVED
 CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...)
+	{DLA-2369-1}
 	- libxml2 2.9.4+dfsg1-6.1 (bug #862450)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
 	[wheezy] - libxml2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c2c690d143b6218c7dc1e3f11c4ae9fb4ec00d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72c2c690d143b6218c7dc1e3f11c4ae9fb4ec00d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200910/493db19d/attachment.html>

More information about the debian-security-tracker-commits mailing list