Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 651df17f by Moritz Muehlenhoff at 2020-05-15T09:22:36+02:00 new ansible issue new pip non issue new issue in ITPd kibana NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6459,8 +6459,11 @@ CVE-2020-10745 RESERVED CVE-2020-10744 RESERVED + - ansible <unfixed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566 CVE-2020-10743 RESERVED + - kibana <itp> (bug #700337) CVE-2020-10742 RESERVED - linux <undetermined> @@ -32410,6 +32413,7 @@ CVE-2020-1162 RESERVED CVE-2020-1161 RESERVED + NOT-FOR-US: Microsoft .NET CVE-2020-1160 RESERVED CVE-2020-1159 @@ -32516,6 +32520,7 @@ CVE-2020-1109 RESERVED CVE-2020-1108 RESERVED + NOT-FOR-US: Microsoft .NET CVE-2020-1107 RESERVED CVE-2020-1106 @@ -80309,7 +80314,9 @@ CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...) NOT-FOR-US: THEHIVE CVE-2018-20225 (An issue was discovered in pip (all versions) because it installs the ...) - TODO: check + - python-pip <unfixed> (unimportant) + NOTE: https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html + NOTE: pip is inherently affected by malicious packages, use packages from Debian instead :-) CVE-2018-20224 RESERVED CVE-2018-20223 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651df17fbe481dd8249c09fc89081120f70ab2c7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits