[Git][security-tracker-team/security-tracker][master] More refs for MediaWiki Score/LilyPond/firejail vulnerabilities
Paul Wise (@pabs)
pabs at debian.org
Tue Aug 24 01:57:09 BST 2021
Paul Wise pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5848bb16 by Paul Wise at 2021-08-24T08:56:13+08:00
More refs for MediaWiki Score/LilyPond/firejail vulnerabilities
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53030,6 +53030,8 @@ CVE-2020-29007
RESERVED
NOT-FOR-US: Score MediaWiki extension
NOTE: https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...)
NOT-FOR-US: MISP
CVE-2020-29005 (The API in the Push extension for MediaWiki through 1.35 used cleartex ...)
@@ -82225,11 +82227,17 @@ CVE-2020-17369
CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...)
{DSA-4767-1 DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
+ NOTE: https://phabricator.wikimedia.org/T258763
NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...)
{DSA-4767-1 DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
+ NOTE: https://phabricator.wikimedia.org/T258763
NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...)
- routinator <itp> (bug #929024)
NOTE: https://github.com/NLnetLabs/routinator/issues/319
@@ -82257,10 +82265,16 @@ CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before
NOT-FOR-US: Arista
CVE-2020-17354
RESERVED
+ NOTE: https://phabricator.wikimedia.org/T259210
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...)
{DSA-4756-1}
- lilypond 2.20.0-2 (bug #968993)
+ NOTE: https://phabricator.wikimedia.org/T258547
NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos ...)
NOT-FOR-US: Sophos
CVE-2020-17351
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5848bb16c40287dd9bb577f0533fc30b6080d7de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5848bb16c40287dd9bb577f0533fc30b6080d7de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210824/21af43f7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list