Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: de7acad2 by Moritz Muehlenhoff at 2020-05-15T09:37:45+02:00 new ruby-actionpack-page-caching issue new qemu issue (unfixed upstream) NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,11 @@ CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) - TODO: check + NOT-FOR-US: Veritas CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) - TODO: check + NOT-FOR-US: Veritas CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...) - TODO: check + NOT-FOR-US: Veritas CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) - TODO: check + NOT-FOR-US: Veritas CVE-2020-12873 RESERVED CVE-2020-12872 @@ -98,6 +98,9 @@ CVE-2020-12830 RESERVED CVE-2020-12829 RESERVED + - qemu <unfixed> + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 CVE-2020-12828 RESERVED CVE-2020-12827 @@ -223,7 +226,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authentic NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86 NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) - TODO: check + NOT-FOR-US: Ignite Realtime Spark CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) - libexif <unfixed> (bug #960199) [buster] - libexif <no-dsa> (Minor issue) @@ -261,7 +264,7 @@ CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view& CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...) NOT-FOR-US: Gnuteca CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) - TODO: check + NOT-FOR-US: TRENDnet ProView CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) - json-c <unfixed> (bug #960326) NOTE: https://github.com/json-c/json-c/pull/592 @@ -370,7 +373,7 @@ CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Cons CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) NOT-FOR-US: PHP-Fusion CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...) - TODO: check + NOT-FOR-US: COVIDSafe (Australia) app CVE-2020-12716 RESERVED CVE-2020-12715 @@ -442,7 +445,7 @@ CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mite CVE-2020-12678 REJECTED CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...) - TODO: check + NOT-FOR-US: Progress MOVEit Automation Web Admin CVE-2020-12676 RESERVED CVE-2020-12675 @@ -6879,7 +6882,7 @@ CVE-2020-10628 CVE-2020-10627 RESERVED CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) - TODO: check + NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10624 @@ -12476,7 +12479,8 @@ CVE-2020-8161 CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) - TODO: check + - ruby-actionpack-page-caching <unfixed> + NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 RESERVED CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits