[Git][security-tracker-team/security-tracker][master] Add CVE-2020-36193/php-pear

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93ed9655 by Salvatore Bonaccorso at 2021-01-19T06:55:41+01:00
Add CVE-2020-36193/php-pear

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16816,6 +16816,9 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc
 	NOT-FOR-US: libuci in OpenWrt
 CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
 	NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
+CVE-2020-36193 [Disallow symlinks to out-of-path filenames]
+	- php-pear <unfixed> (bug #980428)
+	NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
 CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
 	{DSA-4817-1 DLA-2466-1 DLA-2465-1}
 	- drupal7 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93ed96551726e2d470426f17c19e145e8a8d3d15

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93ed96551726e2d470426f17c19e145e8a8d3d15
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210119/4705ca36/attachment.html>