[Git][security-tracker-team/security-tracker][master] new ruby-actionpack-page-caching issue

Moritz Muehlenhoff Fri, 15 May 2020 00:39:27 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
de7acad2 by Moritz Muehlenhoff at 2020-05-15T09:37:45+02:00
new ruby-actionpack-page-caching issue
new qemu issue (unfixed upstream)
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive 
information to ...)
-       TODO: check
+       NOT-FOR-US: Veritas
 CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to 
access s ...)
-       TODO: check
+       NOT-FOR-US: Veritas
 CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate 
authori ...)
-       TODO: check
+       NOT-FOR-US: Veritas
 CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that 
bypassed the  ...)
-       TODO: check
+       NOT-FOR-US: Veritas
 CVE-2020-12873
        RESERVED
 CVE-2020-12872
@@ -98,6 +98,9 @@ CVE-2020-12830
        RESERVED
 CVE-2020-12829
        RESERVED
+       - qemu <unfixed>
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
 CVE-2020-12828
        RESERVED
 CVE-2020-12827
@@ -223,7 +226,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read 
in the SPA authentic
        NOTE: 
https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86
        NOTE: 
https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and 
the ROAR p ...)
-       TODO: check
+       NOT-FOR-US: Ignite Realtime Spark
 CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a 
divide-by ...)
        - libexif <unfixed> (bug #960199)
        [buster] - libexif <no-dsa> (Minor issue)
@@ -261,7 +264,7 @@ CVE-2020-12765 (Solis Miolo 2.0 allows 
index.php?module=install&amp;action=view&
 CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&amp;file= Directory 
Traversal. ...)
        NOT-FOR-US: Gnuteca
 CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: TRENDnet ProView
 CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds 
write vi ...)
        - json-c <unfixed> (bug #960326)
        NOTE: https://github.com/json-c/json-c/pull/592
@@ -370,7 +373,7 @@ CVE-2020-12719 (XXE during an EventPublisher update can 
occur in Management Cons
 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an 
authenticated ...)
        NOT-FOR-US: PHP-Fusion
 CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a 
remote atta ...)
-       TODO: check
+       NOT-FOR-US: COVIDSafe (Australia) app
 CVE-2020-12716
        RESERVED
 CVE-2020-12715
@@ -442,7 +445,7 @@ CVE-2020-12679 (A reflected cross-site scripting (XSS) 
vulnerability in the Mite
 CVE-2020-12678
        REJECTED
 CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web 
Admin. A Web ...)
-       TODO: check
+       NOT-FOR-US: Progress MOVEit Automation Web Admin
 CVE-2020-12676
        RESERVED
 CVE-2020-12675
@@ -6879,7 +6882,7 @@ CVE-2020-10628
 CVE-2020-10627
        RESERVED
 CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an 
uncontrolled sear ...)
-       TODO: check
+       NOT-FOR-US: Fazecast jSerialComm
 CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an 
unauthenticated remo ...)
        NOT-FOR-US: WebAccess/NMS
 CVE-2020-10624
@@ -12476,7 +12479,8 @@ CVE-2020-8161
 CVE-2020-8160
        RESERVED
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem &lt; 
v1.2.1 th ...)
-       TODO: check
+       - ruby-actionpack-page-caching <unfixed>
+       NOTE: 
https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
 CVE-2020-8158
        RESERVED
 CVE-2020-8157 (UniFi Cloud Key firmware &lt;= v1.1.10 for Cloud Key gen2 and 
Cloud Ke ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7acad2b8cf9357e310e5d729f895ba6f5c6e0d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new ruby-actionpack-page-caching issue

Reply via email to