[Git][security-tracker-team/security-tracker][master] mongodb removed from unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: def96603 by Salvatore Bonaccorso at 2020-02-24T06:31:12+01:00 mongodb removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -72266,7 +72266,7 @@ CVE-2019-2391 CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...) NOT-FOR-US: Microsoft CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...) - - mongodb (low) + - mongodb (low) [stretch] - mongodb (Minor issue) [jessie] - mongodb (Minor issue) CVE-2019-2388 @@ -72274,7 +72274,7 @@ CVE-2019-2388 CVE-2019-2387 RESERVED CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...) - - mongodb (low; bug #934783) + - mongodb (low; bug #934783) [stretch] - mongodb (Minor issue) [jessie] - mongodb (Trivial workaround available) NOTE: https://jira.mongodb.org/browse/SERVER-38984 @@ -232943,7 +232943,7 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x bef CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...) - - mongodb (unimportant) + - mongodb (unimportant) NOTE: CVE for bundled version of pcre3 in mongodb NOTE: https://jira.mongodb.org/browse/SERVER-17252 NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3 @@ -232955,7 +232955,7 @@ CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and rel NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision=1498 NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4 CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g-1))*/ pattern ...) - - mongodb (unimportant) + - mongodb (unimportant) NOTE: CVE for bundled version of pcre3 in mongodb NOTE: https://jira.mongodb.org/browse/SERVER-17252 NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/def9660363b5ccca5ef91d59aa365497277911bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/def9660363b5ccca5ef91d59aa365497277911bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2019-18932/sarg
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2e39a2ee by Salvatore Bonaccorso at 2020-02-24T06:29:08+01:00 Track fixed version via unstable for CVE-2019-18932/sarg - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20240,7 +20240,7 @@ CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...) NOT-FOR-US: Zulip CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...) - - sarg (bug #951390) + - sarg 2.4.0-1 (bug #951390) [jessie] - sarg (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6 NOTE: The sarg-reports as shipped in Debian has already safe use of mktemp for View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e39a2ee88450980b508e80faef67537a38f5715 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e39a2ee88450980b508e80faef67537a38f5715 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2020-8648/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8f32cda8 by Salvatore Bonaccorso at 2020-02-24T06:24:07+01:00 Add upstream commit reference for CVE-2020-8648/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1583,6 +1583,7 @@ CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel throu - linux CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux + NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux CVE-2020-8640 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f32cda8ff0651ec3e24038faa6d31d5dbc94fcc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f32cda8ff0651ec3e24038faa6d31d5dbc94fcc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add amd64-microcode to d{l,s}a-needed.txt
Ben Hutchings pushed to branch master at Debian Security Tracker / security-tracker Commits: d3d7e7df by Ben Hutchings at 2020-02-24T03:18:47+00:00 Add amd64-microcode to d{l,s}a-needed.txt - - - - - 2 changed files: - data/dla-needed.txt - data/dsa-needed.txt Changes: = data/dla-needed.txt = @@ -9,6 +9,11 @@ To pick an issue, simply add your name behind it. To learn more about how this list is updated have a look at https://wiki.debian.org/LTS/Development#Triage_new_security_issues +-- +amd64-microcode + NOTE: 20200224: Missing IBPB feature for Spectre variant 2 mitigation. + NOTE: 20200224: (Kernel support was added in 2018.) stretch needs to + NOTE: 20200224: be updated too; check dsa-needed.txt. -- ansible NOTE: 20200219: no upstream fixes yet = data/dsa-needed.txt = @@ -11,6 +11,12 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +amd64-microcode + NOTE: 20200224: Missing IBPB feature for Spectre variant 2 mitigation + NOTE: 20200224: (stretch only). (Kernel support was added in 2018.) + NOTE: 20200224: The maintainer says version 3.20191218.1 can be + NOTE: 20200224: backported to all stable releases. -- glusterfs/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3d7e7df1e20e8b1519c85870389d885ab9dd972 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3d7e7df1e20e8b1519c85870389d885ab9dd972 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update squid3 notes
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: d6f86ada by Markus Koschany at 2020-02-24T03:57:25+01:00 dla-needed.txt: Update squid3 notes - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -91,6 +91,7 @@ squid3 (Markus Koschany) NOTE: 20200120: CVE-2019-18676 however is more complicated to locate. Potentially the // skipping NOTE: 20200120: or the absolute function is the issue but it is hard to tell without more NOTE: 20200120: details on the intention. (Ola) + NOTE: 20200224: Ongoing work. (apo) -- tomcat8 (Abhijith PA) NOTE: 20200106: Almost done. Working on failing testcase. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6f86ada67ff7550b750dcdc8a52763b8ab9dced -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6f86ada67ff7550b750dcdc8a52763b8ab9dced You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: add note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: d6cb71ec by Thorsten Alteholz at 2020-02-23T22:22:55+01:00 add note - - - - - 22e67324 by Thorsten Alteholz at 2020-02-23T22:26:15+01:00 add cacti - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,6 +13,9 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues ansible NOTE: 20200219: no upstream fixes yet -- +cacti + NOTE: 20200223: no patch found yet, but looks worth fixing +-- collabtive (Thorsten Alteholz) -- libapache2-mod-auth-openidc (Thorsten Alteholz) @@ -50,6 +53,7 @@ otrs2 (Sylvain Beucler) NOTE: issue already fixed in drupal7 and jquery -- php5 (Thorsten Alteholz) + NOTE: 20200223: testing package -- phppgadmin NOTE: 20200218: no fix yet; wide usage View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b82662804c263ad4f4b6119a3984fa64b2c3bf8...22e67324405c72efb5f2af9c86739264662e2149 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b82662804c263ad4f4b6119a3984fa64b2c3bf8...22e67324405c72efb5f2af9c86739264662e2149 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for tomcat8 in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b826628 by Abhijith PA at 2020-02-24T01:30:39+05:30 Add note for tomcat8 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -91,6 +91,7 @@ squid3 (Markus Koschany) tomcat8 (Abhijith PA) NOTE: 20200106: Almost done. Working on failing testcase. NOTE: 20200210: TestFormAuthenticator failing with CVE-2019-17563. backporting upstream tests (abhijith) + NOTE: 20200224: Guess embedding latest branch of 8.5.x in debian package is the way to go (abhijith) -- weechat (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b82662804c263ad4f4b6119a3984fa64b2c3bf8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b82662804c263ad4f4b6119a3984fa64b2c3bf8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: a7b53845 by Adrian Bunk at 2020-02-23T20:15:55+02:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,7 +29,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200210: work is ongoing + NOTE: 20200223: work is ongoing -- linux (Ben Hutchings) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7b53845db223a9d7c37afe2914fa6eb120e0399 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7b53845db223a9d7c37afe2914fa6eb120e0399 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes for claimed packages
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: c4ceceb3 by Utkarsh Gupta at 2020-02-23T23:40:37+05:30 Add notes for claimed packages - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -58,7 +58,7 @@ python-pysaml2 (Abhijith PA) NOTE: 2020203: test fails already for the one in archive (abhijith) -- qemu (Utkarsh Gupta) - NOTE: 20200210: WIP. + NOTE: 20200223: WIP. -- qtbase-opensource-src (Mike Gabriel) -- @@ -68,6 +68,7 @@ ruby-rack NOTE: 20200216: Discussion ongoing on -lts list. (lamby) -- slirp (Utkarsh Gupta) + NOTE: 20200223: WIP. -- slurm-llnl NOTE: 20191125: up for testing https://people.debian.org/~abhijith/upload/slurm-llnl_14.03.9-5+deb8u5.dsc View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4ceceb3659220115c61c9a469364a438e40ad3e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4ceceb3659220115c61c9a469364a438e40ad3e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix space/tab issue in last commit
Scott Kitterman pushed to branch master at Debian Security Tracker / security-tracker Commits: e1248cc1 by Scott Kitterman at 2020-02-23T08:42:13-05:00 Fix space/tab issue in last commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44,8 +44,8 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard - Set NOT-FOR-US: fauzantrif eLection CVE-2020- [mutation XSS vulnerability] - python-bleach 3.1.1-1 (bug #951907) -[stretch] - python-bleach (Vulnerable code introduced later) -[jessie] - python-bleach (Vulnerable code introduced later) + [stretch] - python-bleach (Vulnerable code introduced later) + [jessie] - python-bleach (Vulnerable code introduced later) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r CVE-2020-9335 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1248cc15da576f0b6b41d524d7aac497f7091b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e1248cc15da576f0b6b41d524d7aac497f7091b3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update python-bleach TEMP-0951907-7D0FFB (#951907) to indicate jessie/stretch not affected
Scott Kitterman pushed to branch master at Debian Security Tracker / security-tracker Commits: b2007687 by Scott Kitterman at 2020-02-23T08:22:05-05:00 Update python-bleach TEMP-0951907-7D0FFB (#951907) to indicate jessie/stretch not affected - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44,6 +44,8 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard - Set NOT-FOR-US: fauzantrif eLection CVE-2020- [mutation XSS vulnerability] - python-bleach 3.1.1-1 (bug #951907) +[stretch] - python-bleach (Vulnerable code introduced later) +[jessie] - python-bleach (Vulnerable code introduced later) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r CVE-2020-9335 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2007687dcd7a17c62cfb47af81b08e99add8f08 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2007687dcd7a17c62cfb47af81b08e99add8f08 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2019-20388 and CVE-2020-7995 for libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: db8098e0 by Salvatore Bonaccorso at 2020-02-23T11:23:16+01:00 Track fixed version for CVE-2019-20388 and CVE-2020-7995 for libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3954,7 +3954,7 @@ CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to e CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...) NOT-FOR-US: Codecov npm module CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...) - - libxml2 (bug #949582) + - libxml2 2.9.10+dfsg-2.1 (bug #949582) [buster] - libxml2 (Minor issue) [stretch] - libxml2 (Minor issue) [jessie] - libxml2 (Minor issue) @@ -4210,7 +4210,7 @@ CVE-2019-20390 CVE-2019-20389 RESERVED CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...) - - libxml2 (bug #949583) + - libxml2 2.9.10+dfsg-2.1 (bug #949583) [buster] - libxml2 (Minor issue) [stretch] - libxml2 (Minor issue) [jessie] - libxml2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db8098e0e5403bf67b00a0542b94c9accc0a9d6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/db8098e0e5403bf67b00a0542b94c9accc0a9d6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f4e7caa1 by Salvatore Bonaccorso at 2020-02-23T09:53:08+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,15 +5,15 @@ CVE-2020-9357 CVE-2020-9356 RESERVED CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) - TODO: check + NOT-FOR-US: SmartClient CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) - TODO: check + NOT-FOR-US: SmartClient CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) - TODO: check + NOT-FOR-US: SmartClient CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) - TODO: check + NOT-FOR-US: SmartClient CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) - TODO: check + NOT-FOR-US: Graph Builder in SAS Visual Analytics CVE-2020-9349 RESERVED CVE-2020-9348 @@ -29,19 +29,19 @@ CVE-2020-9344 CVE-2020-9343 RESERVED CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) - TODO: check + NOT-FOR-US: F-Secure AV parsing engine CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) - TODO: check + NOT-FOR-US: CandidATS CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) - TODO: check + NOT-FOR-US: fauzantrif eLection CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-9337 RESERVED CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard - Settings ...) - TODO: check + NOT-FOR-US: fauzantrif eLection CVE-2020- [mutation XSS vulnerability] - python-bleach 3.1.1-1 (bug #951907) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4e7caa1ffd36e5977ebc97a1593aeecb810edf9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4e7caa1ffd36e5977ebc97a1593aeecb810edf9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFU
Henri Salo pushed to branch master at Debian Security Tracker / security-tracker Commits: d7246ebf by Henri Salo at 2020-02-23T10:39:38+02:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18098,6 +18098,7 @@ CVE-2020-1938 RESERVED CVE-2020-1937 RESERVED + NOT-FOR-US: Apache Kylin CVE-2020-1936 RESERVED CVE-2020-1935 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7246ebfd8c32f303f846538bca9a18a57bc4bdc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7246ebfd8c32f303f846538bca9a18a57bc4bdc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4072d214 by security tracker role at 2020-02-23T08:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,47 @@ +CVE-2020-9358 + RESERVED +CVE-2020-9357 + RESERVED +CVE-2020-9356 + RESERVED +CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) + TODO: check +CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) + TODO: check +CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) + TODO: check +CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) + TODO: check +CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) + TODO: check +CVE-2020-9349 + RESERVED +CVE-2020-9348 + RESERVED +CVE-2020-9347 + RESERVED +CVE-2020-9346 + RESERVED +CVE-2020-9345 + RESERVED +CVE-2020-9344 + RESERVED +CVE-2020-9343 + RESERVED +CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) + TODO: check +CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) + TODO: check +CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) + TODO: check +CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...) + TODO: check +CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...) + TODO: check +CVE-2020-9337 + RESERVED +CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard - Settings ...) + TODO: check CVE-2020- [mutation XSS vulnerability] - python-bleach 3.1.1-1 (bug #951907) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) @@ -644,7 +688,7 @@ CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus NOT-FOR-US: Zoho ManageEngine Remote Access Plus CVE-2016-11019 RESERVED -CVE-2020-9355 [privilege escalation vulnerablility] +CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4072d214cbb9451e5617e870a1d6b9438cb015ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4072d214cbb9451e5617e870a1d6b9438cb015ee You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference to advisory for python-bleach issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b939ccc by Salvatore Bonaccorso at 2020-02-23T09:00:30+01:00 Add reference to advisory for python-bleach issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,6 +1,7 @@ CVE-2020- [mutation XSS vulnerability] - python-bleach 3.1.1-1 (bug #951907) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) + NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r CVE-2020-9335 RESERVED CVE-2020-9334 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b939ccc05753cf37b617f228afb52a2cb486494 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b939ccc05753cf37b617f228afb52a2cb486494 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits