Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ff76cbc1 by security tracker role at 2020-05-18T08:10:13+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,21 @@ +CVE-2020-13130 + RESERVED +CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS. T ...) + TODO: check +CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...) + TODO: check +CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) + TODO: check +CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) + TODO: check +CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an out-of-bo ...) + TODO: check +CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors may be ...) + TODO: check +CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...) + TODO: check +CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer ...) + TODO: check CVE-2020-13127 RESERVED CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) @@ -533,16 +551,16 @@ CVE-2020-12862 RESERVED CVE-2020-12861 RESERVED -CVE-2020-12860 - RESERVED -CVE-2020-12859 - RESERVED -CVE-2020-12858 - RESERVED -CVE-2020-12857 - RESERVED -CVE-2020-12856 - RESERVED +CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) + TODO: check +CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...) + TODO: check +CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...) + TODO: check +CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...) + TODO: check +CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...) + TODO: check CVE-2020-12855 RESERVED CVE-2020-12854 @@ -731,6 +749,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authentic CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) NOT-FOR-US: Ignite Realtime Spark CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) + {DLA-2214-1} - libexif 0.6.21-7 (bug #960199) [buster] - libexif <no-dsa> (Minor issue) [stretch] - libexif <no-dsa> (Minor issue) @@ -36542,6 +36561,7 @@ CVE-2020-0095 CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...) TODO: check CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...) + {DLA-2214-1} - libexif <unfixed> [buster] - libexif <no-dsa> (Minor issue) [stretch] - libexif <no-dsa> (Minor issue) @@ -83696,6 +83716,7 @@ CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion ...) NOT-FOR-US: FlexNet Publisher CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...) + {DLA-2214-1} - libexif 0.6.21-5.1 (bug #918730) [stretch] - libexif <no-dsa> (Minor issue) NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/ @@ -173982,6 +174003,7 @@ CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6. CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 perform ...) NOT-FOR-US: jbpm-designer / jBPM CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...) + {DLA-2214-1} - libexif 0.6.21-2.1 (bug #876466) [stretch] - libexif <no-dsa> (Minor issue) [wheezy] - libexif <no-dsa> (Minor issue) @@ -205510,6 +205532,7 @@ CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for re NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32 NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...) + {DLA-2214-1} - libexif 0.6.21-2.1 (bug #873022) [stretch] - libexif <no-dsa> (Minor issue) [wheezy] - libexif <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff76cbc15856268b212737b59ef20d7baf007f46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff76cbc15856268b212737b59ef20d7baf007f46 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits