Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: dbacfe80 by security tracker role at 2020-02-18T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -647,8 +647,8 @@ CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED -CVE-2020-8768 - RESERVED +CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) + TODO: check CVE-2020-8767 RESERVED CVE-2020-8766 @@ -2281,12 +2281,12 @@ CVE-2020-8014 RESERVED CVE-2020-8013 RESERVED -CVE-2020-8012 - RESERVED -CVE-2020-8011 - RESERVED -CVE-2020-8010 - RESERVED +CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) + TODO: check +CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) + TODO: check +CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) + TODO: check CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 @@ -2449,8 +2449,8 @@ CVE-2020-7961 RESERVED CVE-2020-7960 RESERVED -CVE-2020-7959 - RESERVED +CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) + TODO: check CVE-2020-7958 RESERVED CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) @@ -4420,6 +4420,7 @@ CVE-2020-7062 CVE-2020-7061 RESERVED CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) + {DSA-4626-1} - php7.4 7.4.2-7 - php7.3 <unfixed> - php7.0 <removed> @@ -4427,6 +4428,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: http://bugs.php.net/79037 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) + {DSA-4626-1} - php7.4 7.4.2-7 - php7.3 <unfixed> - php7.0 <removed> @@ -7726,8 +7728,8 @@ CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo Ap NOT-FOR-US: ilbo App CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...) NOT-FOR-US: Mitsubishi -CVE-2020-5530 - RESERVED +CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...) + TODO: check CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...) - htmlunit <removed> NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28 @@ -12349,6 +12351,7 @@ CVE-2020-3869 RESERVED CVE-2020-3868 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -12356,6 +12359,7 @@ CVE-2020-3868 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3867 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -12365,6 +12369,7 @@ CVE-2020-3866 RESERVED CVE-2020-3865 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -12372,6 +12377,7 @@ CVE-2020-3865 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3864 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -12381,6 +12387,7 @@ CVE-2020-3863 RESERVED CVE-2020-3862 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17604,8 +17611,8 @@ CVE-2020-1884 RESERVED CVE-2020-1883 RESERVED -CVE-2020-1882 - RESERVED +CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...) + TODO: check CVE-2020-1881 RESERVED CVE-2020-1880 @@ -17624,8 +17631,8 @@ CVE-2020-1874 RESERVED CVE-2020-1873 RESERVED -CVE-2020-1872 - RESERVED +CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...) + TODO: check CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...) NOT-FOR-US: Huawei CVE-2020-1870 @@ -17652,18 +17659,18 @@ CVE-2020-1860 RESERVED CVE-2020-1859 RESERVED -CVE-2020-1858 - RESERVED -CVE-2020-1857 - RESERVED -CVE-2020-1856 - RESERVED -CVE-2020-1855 - RESERVED +CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...) + TODO: check +CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...) + TODO: check +CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...) + TODO: check CVE-2020-1854 RESERVED -CVE-2020-1853 - RESERVED +CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...) + TODO: check CVE-2020-1852 RESERVED CVE-2020-1851 @@ -17682,12 +17689,12 @@ CVE-2020-1845 RESERVED CVE-2020-1844 RESERVED -CVE-2020-1843 - RESERVED -CVE-2020-1842 - RESERVED -CVE-2020-1841 - RESERVED +CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) + TODO: check +CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...) + TODO: check +CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...) + TODO: check CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) NOT-FOR-US: Huawei CVE-2020-1839 @@ -17708,14 +17715,14 @@ CVE-2020-1832 RESERVED CVE-2020-1831 RESERVED -CVE-2020-1830 - RESERVED -CVE-2020-1829 - RESERVED -CVE-2020-1828 - RESERVED -CVE-2020-1827 - RESERVED +CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...) + TODO: check +CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei CVE-2020-1825 @@ -17736,18 +17743,18 @@ CVE-2020-1818 RESERVED CVE-2020-1817 RESERVED -CVE-2020-1816 - RESERVED -CVE-2020-1815 - RESERVED -CVE-2020-1814 - RESERVED +CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check CVE-2020-1813 RESERVED -CVE-2020-1812 - RESERVED -CVE-2020-1811 - RESERVED +CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...) + TODO: check +CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) + TODO: check CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2020-1809 @@ -17786,12 +17793,12 @@ CVE-2020-1793 RESERVED CVE-2020-1792 RESERVED -CVE-2020-1791 - RESERVED -CVE-2020-1790 - RESERVED -CVE-2020-1789 - RESERVED +CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) + TODO: check +CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) + TODO: check +CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...) + TODO: check CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...) NOT-FOR-US: Huawei CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...) @@ -18272,8 +18279,7 @@ CVE-2020-1695 RESERVED CVE-2020-1694 RESERVED -CVE-2020-1693 - RESERVED +CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...) - moodle <removed> @@ -18392,8 +18398,8 @@ CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0 NOT-FOR-US: Wikibase Wikidata Query Service GUI CVE-2019-19326 RESERVED -CVE-2019-19325 - RESERVED +CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...) + TODO: check CVE-2019-19324 RESERVED CVE-2019-19323 @@ -46558,13 +46564,14 @@ CVE-2019-11052 CVE-2019-11051 RESERVED CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78793 CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...) + {DSA-4626-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> @@ -46574,21 +46581,21 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su CVE-2019-11048 RESERVED CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78910 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78878 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> @@ -47322,8 +47329,8 @@ CVE-2019-10792 RESERVED CVE-2019-10791 RESERVED -CVE-2019-10790 - RESERVED +CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...) + TODO: check CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...) NOT-FOR-US: curling.js CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...) @@ -91022,6 +91029,7 @@ CVE-2018-14555 CVE-2018-14554 RESERVED CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...) + {DLA-2106-1} - libgd2 <unfixed> (low; bug #951287) [buster] - libgd2 <no-dsa> (Minor issue) [stretch] - libgd2 <no-dsa> (Minor issue) @@ -210188,8 +210196,7 @@ CVE-2015-8763 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote CVE-2015-8762 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...) - freeradius <not-affected> (Affects 3.0 up to 3.0.8) NOTE: http://freeradius.org/security.html#eap-pwd-2015 -CVE-2015-8751 - RESERVED +CVE-2015-8751 (Integer overflow in the jas_matrix_create function in JasPer allows co ...) - jasper 1.900.1-5.1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294039 NOTE: In 1.900.1-5.1 this issue was fixed as part of the patch for CVE-2008-3520 @@ -243992,8 +243999,7 @@ CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/fi [wheezy] - linux <not-affected> (Vulnerable code not present) - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html -CVE-2014-8089 [ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte] - RESERVED +CVE-2014-8089 (SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.9+dfsg-1 NOTE: http://framework.zend.com/security/advisory/ZF2014-06 @@ -245946,8 +245952,7 @@ CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0 CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237 -CVE-2014-7236 - RESERVED +CVE-2014-7236 (Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6 ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Rec ...) @@ -251322,8 +251327,8 @@ CVE-2014-4983 RESERVED CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection ...) NOT-FOR-US: LPAR2RRD -CVE-2014-4981 - RESERVED +CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...) + TODO: check CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...) NOT-FOR-US: Tenable Web UI for Nessus CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...) @@ -259497,8 +259502,7 @@ CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 thr - glance 2013.2.2-1 (bug #738924) [wheezy] - glance <not-affected> (Only affects Havana) NOTE: https://launchpad.net/bugs/1275062 -CVE-2014-1947 [Buffer overflow vulnerability] - RESERVED +CVE-2014-1947 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...) {DSA-2898-1} - imagemagick 8:6.7.7.10+dfsg-1 (bug #740250) NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736 @@ -294939,7 +294943,7 @@ CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers wh CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...) NOT-FOR-US: Joomla template CVE-2012-2412 - RESERVED + REJECTED CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealP ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbacfe80f7e004b39679cf4e35ea786d6b4bac96 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dbacfe80f7e004b39679cf4e35ea786d6b4bac96 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits