Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9c6503ba by security tracker role at 2020-02-27T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -338,7 +338,7 @@ CVE-2020-9275 CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) TODO: check CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) - {DLA-2115-1} + {DSA-4635-1 DLA-2115-1} - proftpd-dfsg 1.3.6c-1 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) @@ -1431,6 +1431,7 @@ CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing - gitlab <not-affected> (Only affects EE version) NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) + {DSA-4634-1} - opensmtpd 6.6.4p1-1 (bug #952453) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ @@ -2871,6 +2872,7 @@ CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earli - node-yarnpkg <unfixed> NOTE: https://hackerone.com/reports/730239 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...) + {DLA-2120-1} - rake 12.3.3-1 NOTE: https://hackerone.com/reports/651518 NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) @@ -13099,10 +13101,10 @@ CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign securi NOT-FOR-US: ServiSign security plugin CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...) NOT-FOR-US: ServiSign security plugin -CVE-2020-3924 - RESERVED -CVE-2020-3923 - RESERVED +CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) + TODO: check +CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) + TODO: check CVE-2020-3922 RESERVED CVE-2020-3921 @@ -24587,8 +24589,8 @@ CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based bu NOT-FOR-US: Fuji CVE-2019-18239 RESERVED -CVE-2019-18238 - RESERVED +CVE-2019-18238 (Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Config ...) + TODO: check CVE-2019-18237 RESERVED CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...) @@ -42498,7 +42500,7 @@ CVE-2019-12884 CVE-2019-12883 RESERVED CVE-2019-12882 - RESERVED + REJECTED CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c ...) - linux <undetermined> NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520 @@ -75319,7 +75321,7 @@ CVE-2018-19670 CVE-2018-19669 RESERVED CVE-2018-19668 - RESERVED + REJECTED CVE-2018-19667 RESERVED CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users to gain ...) @@ -166618,8 +166620,8 @@ CVE-2017-6373 RESERVED CVE-2017-6372 RESERVED -CVE-2017-6371 - RESERVED +CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...) + TODO: check CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...) NOT-FOR-US: TYPO3 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...) @@ -166640,8 +166642,8 @@ CVE-2017-6365 RESERVED CVE-2017-6364 RESERVED -CVE-2017-6363 - RESERVED +CVE-2017-6363 (** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, t ...) + TODO: check CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 befo ...) {DSA-3961-1 DLA-1106-1} - libgd2 2.2.5-1 @@ -168211,7 +168213,7 @@ CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: CVE-2017-5862 RESERVED CVE-2017-5861 - RESERVED + REJECTED CVE-2017-5860 RESERVED CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vu ...) @@ -223376,8 +223378,8 @@ CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy be NOTE: https://nodesecurity.io/advisories/10 CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote at ...) NOT-FOR-US: Anchor CMS -CVE-2015-5686 - RESERVED +CVE-2015-5686 (Parts of the Puppet Enterprise Console 3.x were found to be susceptibl ...) + TODO: check CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstra ...) {DLA-312-1} - libtorrent-rasterbar 1.0.6-1 (bug #797046) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits