[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 26 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a891da9 by security tracker role at 2020-09-26T20:10:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -821,6 +821,7 @@ CVE-2020-25741 [fdc: null pointer dereference during r/w data transfer]
CVE-2020-25740
RESERVED
CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
+ {DLA-2380-1}
- ruby-gon <unfixed> (bug #970938)
NOTE: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
CVE-2020-25738
@@ -2629,6 +2630,7 @@ CVE-2020-24918
CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
NOT-FOR-US: osTicket
CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...)
+ {DLA-2384-1}
- yaws 2.0.8+dfsg-1
NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
@@ -3782,6 +3784,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) throu
CVE-2020-24380
RESERVED
CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...)
+ {DLA-2384-1}
- yaws 2.0.8+dfsg-1
NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
@@ -3807,6 +3810,7 @@ CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers a
NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
NOTE: https://www.lua.org/bugs.html#5.4.0-10
CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...)
+ {DLA-2381-1}
- lua5.4 <unfixed>
- lua5.3 <unfixed>
[buster] - lua5.3 <no-dsa> (Minor issue)
@@ -42126,6 +42130,7 @@ CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwi
NOT-FOR-US: Edgeswitch
CVE-2020-8231
RESERVED
+ {DLA-2382-1}
- curl 7.72.0-1 (bug #968831)
NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
NOTE: https://github.com/curl/curl/pull/5824
@@ -77599,6 +77604,7 @@ CVE-2019-14461
CVE-2019-14460
RESERVED
CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
+ {DLA-2383-1}
- nfdump 1.6.18-1 (bug #933740)
[buster] - nfdump <no-dsa> (Minor issue)
NOTE: https://github.com/phaag/nfdump/issues/171
@@ -92674,6 +92680,7 @@ CVE-2019-1010059
CVE-2019-1010058
RESERVED
CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact ...)
+ {DLA-2383-1}
- nfdump 1.6.17-1
NOTE: https://github.com/phaag/nfdump/issues/104
NOTE: https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a891da9db88ae6b1a4a83e32aa78b5036b1637e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a891da9db88ae6b1a4a83e32aa78b5036b1637e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200926/816d6beb/attachment.html>
More information about the debian-security-tracker-commits
mailing list