[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 18 May 2020 01:11:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ff76cbc1 by security tracker role at 2020-05-18T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-13130
+       RESERVED
+CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for 
macOS. T ...)
+       TODO: check
+CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. 
server/UploadServle ...)
+       TODO: check
+CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 
6.9.7 for  ...)
+       TODO: check
+CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 
6.9.7 for  ...)
+       TODO: check
+CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an 
out-of-bo ...)
+       TODO: check
+CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors 
may be  ...)
+       TODO: check
+CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in 
Cherokee throu ...)
+       TODO: check
+CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a 
buffer  ...)
+       TODO: check
 CVE-2020-13127
        RESERVED
 CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 
2.9.4 for W ...)
@@ -533,16 +551,16 @@ CVE-2020-12862
        RESERVED
 CVE-2020-12861
        RESERVED
-CVE-2020-12860
-       RESERVED
-CVE-2020-12859
-       RESERVED
-CVE-2020-12858
-       RESERVED
-CVE-2020-12857
-       RESERVED
-CVE-2020-12856
-       RESERVED
+CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access 
phone nam ...)
+       TODO: check
+CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in 
COVIDSafe th ...)
+       TODO: check
+CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload 
in COVI ...)
+       TODO: check
+CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe 
v1.0.15 an ...)
+       TODO: check
+CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, 
TraceTogether, ABTrac ...)
+       TODO: check
 CVE-2020-12855
        RESERVED
 CVE-2020-12854
@@ -731,6 +749,7 @@ CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read 
in the SPA authentic
 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and 
the ROAR p ...)
        NOT-FOR-US: Ignite Realtime Spark
 CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a 
divide-by ...)
+       {DLA-2214-1}
        - libexif 0.6.21-7 (bug #960199)
        [buster] - libexif <no-dsa> (Minor issue)
        [stretch] - libexif <no-dsa> (Minor issue)
@@ -36542,6 +36561,7 @@ CVE-2020-0095
 CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is 
a possi ...)
        TODO: check
 CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a 
possible out o ...)
+       {DLA-2214-1}
        - libexif <unfixed>
        [buster] - libexif <no-dsa> (Minor issue)
        [stretch] - libexif <no-dsa> (Minor issue)
@@ -83696,6 +83716,7 @@ CVE-2018-20032 (A Denial of Service vulnerability 
related to message decoding in
 CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item 
deletion  ...)
        NOT-FOR-US: FlexNet Publisher
 CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and 
EXIF_IFD_EX ...)
+       {DLA-2214-1}
        - libexif 0.6.21-5.1 (bug #918730)
        [stretch] - libexif <no-dsa> (Minor issue)
        NOTE: 
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
@@ -173982,6 +174003,7 @@ CVE-2017-7546 (PostgreSQL versions before 9.2.22, 
9.3.18, 9.4.13, 9.5.8 and 9.6.
 CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 
perform ...)
        NOT-FOR-US: jbpm-designer / jBPM
 CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read 
vulner ...)
+       {DLA-2214-1}
        - libexif 0.6.21-2.1 (bug #876466)
        [stretch] - libexif <no-dsa> (Minor issue)
        [wheezy] - libexif <no-dsa> (Minor issue)
@@ -205510,6 +205532,7 @@ CVE-2016-6329 (OpenVPN, when using a 64-bit block 
cipher, makes it easier for re
        NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
        NOTE: This is a generic cryptographic weakness, not a vulnerability in 
OpenVPN per se
 CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when 
parsing ...)
+       {DLA-2214-1}
        - libexif 0.6.21-2.1 (bug #873022)
        [stretch] - libexif <no-dsa> (Minor issue)
        [wheezy] - libexif <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff76cbc15856268b212737b59ef20d7baf007f46

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff76cbc15856268b212737b59ef20d7baf007f46
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to