Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: f04fe339 by Moritz Muehlenhoff at 2020-07-04T19:05:45+02:00 one teeworlds issue is a dupe buster/stretch triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -257,6 +257,8 @@ CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain p NOT-FOR-US: IOBit Malware Fighter Pro CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...) - cakephp <unfixed> + [buster] - cakephp <no-dsa> (Minor issue) + [stretch] - cakephp <no-dsa> (Minor issue) CVE-2020-15399 RESERVED CVE-2020-15398 @@ -8468,9 +8470,8 @@ CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request w NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10) NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...) - - teeworlds <unfixed> - [jessie] - teeworlds <end-of-life> (Not supported in jessie LTS) - NOTE: https://www.teeworlds.com/forum/viewtopic.php?pid=123860 + NOTE: Duplicate of CVE-2019-10877 + TODO: reject with MITRE CVE-2020-12058 RESERVED CVE-2020-12057 @@ -177018,6 +177019,8 @@ CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who sub CVE-2017-8761 [Swift tempurl middleware reveals signatures in the logfiles] RESERVED - swift <unfixed> + [buster] - swift <no-dsa> (Minor issue) + [stretch] - swift <no-dsa> (Minor issue) [jessie] - swift <end-of-life> (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/swift/+bug/1685798 CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) ===================================== data/dsa-needed.txt ===================================== @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +curl (ghedo) -- ffmpeg (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04fe339b514b2e1a44e4138d09e4718ac985d90 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f04fe339b514b2e1a44e4138d09e4718ac985d90 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits