Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0b3d521a by security tracker role at 2020-07-10T20:10:17+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,85 @@ +CVE-2020-15686 + RESERVED +CVE-2020-15685 + RESERVED +CVE-2020-15684 + RESERVED +CVE-2020-15683 + RESERVED +CVE-2020-15682 + RESERVED +CVE-2020-15681 + RESERVED +CVE-2020-15680 + RESERVED +CVE-2020-15679 + RESERVED +CVE-2020-15678 + RESERVED +CVE-2020-15677 + RESERVED +CVE-2020-15676 + RESERVED +CVE-2020-15675 + RESERVED +CVE-2020-15674 + RESERVED +CVE-2020-15673 + RESERVED +CVE-2020-15672 + RESERVED +CVE-2020-15671 + RESERVED +CVE-2020-15670 + RESERVED +CVE-2020-15669 + RESERVED +CVE-2020-15668 + RESERVED +CVE-2020-15667 + RESERVED +CVE-2020-15666 + RESERVED +CVE-2020-15665 + RESERVED +CVE-2020-15664 + RESERVED +CVE-2020-15663 + RESERVED +CVE-2020-15662 + RESERVED +CVE-2020-15661 + RESERVED +CVE-2020-15660 + RESERVED +CVE-2020-15659 + RESERVED +CVE-2020-15658 + RESERVED +CVE-2020-15657 + RESERVED +CVE-2020-15656 + RESERVED +CVE-2020-15655 + RESERVED +CVE-2020-15654 + RESERVED +CVE-2020-15653 + RESERVED +CVE-2020-15652 + RESERVED +CVE-2020-15651 + RESERVED +CVE-2020-15650 + RESERVED +CVE-2020-15649 + RESERVED +CVE-2020-15648 + RESERVED +CVE-2020-15647 + RESERVED +CVE-2020-15646 + RESERVED CVE-2020-15645 RESERVED CVE-2020-15644 @@ -326,8 +408,8 @@ CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Co NOT-FOR-US: MobileIron Core and Connector CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...) NOT-FOR-US: MobileIron Core and Connector -CVE-2020-15504 - RESERVED +CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...) + TODO: check CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...) - libraw <unfixed> (bug #964747) [buster] - libraw <no-dsa> (Minor issue) @@ -602,6 +684,7 @@ CVE-2020-15391 CVE-2020-15390 RESERVED CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) + {DLA-2277-1} - openjpeg2 <unfixed> NOTE: https://github.com/uclouvain/openjpeg/issues/1261 NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 @@ -1395,7 +1478,7 @@ CVE-2020-15013 CVE-2020-15012 RESERVED CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...) - {DLA-2265-1} + {DLA-2276-1 DLA-2265-1} - mailman <removed> NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 CVE-2020-15010 @@ -4044,7 +4127,7 @@ CVE-2020-13985 CVE-2020-13984 RESERVED CVE-2020-13983 - RESERVED + REJECTED CVE-2020-13982 RESERVED CVE-2020-13981 @@ -8659,7 +8742,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...) NOT-FOR-US: TP-Link CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) - {DLA-2204-1} + {DLA-2276-1 DLA-2204-1} - mailman <removed> NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 CVE-2020-12107 @@ -9049,7 +9132,7 @@ CVE-2020-11947 CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt @@ -11269,7 +11352,7 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 -CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...) +CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...) NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices @@ -12327,8 +12410,8 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al [jessie] - ruby-kaminari <no-dsa> (No reverse dependency) NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 -CVE-2020-11081 - RESERVED +CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation vulnerabi ...) + TODO: check CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) @@ -14598,7 +14681,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma [jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 -CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.1.0, an out-of-bou ...) +CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...) - pillow <unfixed> [buster] - pillow <no-dsa> (Minor issue) [jessie] - pillow <no-dsa> (Minor issue) @@ -15746,7 +15829,6 @@ CVE-2020-9852 (An integer overflow was addressed through improved input validati CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -15765,7 +15847,6 @@ CVE-2020-9845 CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -15842,21 +15923,18 @@ CVE-2020-9809 (An information disclosure issue was addressed with improved state CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -15865,14 +15943,12 @@ CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issu CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) - RESERVED - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17253,12 +17329,12 @@ CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) NOT-FOR-US: HUAWEI CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI -CVE-2020-9260 - RESERVED +CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...) + TODO: check CVE-2020-9259 RESERVED -CVE-2020-9258 - RESERVED +CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...) + TODO: check CVE-2020-9257 RESERVED CVE-2020-9256 @@ -19143,7 +19219,7 @@ CVE-2020-8452 CVE-2020-8451 RESERVED CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt @@ -19151,7 +19227,7 @@ CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect bu NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt @@ -19680,47 +19756,48 @@ CVE-2020-8201 RESERVED CVE-2020-8200 RESERVED -CVE-2020-8199 - RESERVED -CVE-2020-8198 - RESERVED -CVE-2020-8197 - RESERVED -CVE-2020-8196 - RESERVED -CVE-2020-8195 - RESERVED -CVE-2020-8194 - RESERVED -CVE-2020-8193 - RESERVED +CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) + TODO: check +CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + TODO: check +CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...) + TODO: check +CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) + TODO: check +CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + TODO: check +CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...) + TODO: check +CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) + TODO: check CVE-2020-8192 RESERVED -CVE-2020-8191 - RESERVED -CVE-2020-8190 - RESERVED +CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + TODO: check +CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) + TODO: check CVE-2020-8189 RESERVED CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...) NOT-FOR-US: UniFi Protect -CVE-2020-8187 - RESERVED -CVE-2020-8186 - RESERVED +CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + TODO: check +CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...) + TODO: check CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that all ...) [experimental] - rails 6.0.3.2+dfsg-1 (bug #964081) - rails <not-affected> (Introduced in rails 6.x) NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...) + {DLA-2275-1} - ruby-rack <unfixed> (bug #963477) NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c CVE-2020-8183 RESERVED CVE-2020-8182 RESERVED -CVE-2020-8181 - RESERVED +CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...) + TODO: check CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...) NOT-FOR-US: Nextcloud Talk CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...) @@ -19805,7 +19882,7 @@ CVE-2020-8162 (A client side enforcement of server side security vulnerability e NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...) - {DLA-2216-1} + {DLA-2275-1 DLA-2216-1} - ruby-rack 2.1.1-5 [buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ @@ -19932,7 +20009,7 @@ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) - {DLA-2089-1} + {DLA-2277-1 DLA-2089-1} - openjpeg2 <unfixed> (bug #950184) [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 @@ -20751,10 +20828,10 @@ CVE-2020-7817 RESERVED CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) NOT-FOR-US: DaView -CVE-2020-7815 - RESERVED -CVE-2020-7814 - RESERVED +CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...) + TODO: check +CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...) + TODO: check CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) @@ -22917,7 +22994,7 @@ CVE-2020-6853 CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...) - {DLA-2081-1} + {DLA-2277-1 DLA-2081-1} - openjpeg2 <unfixed> (bug #950000) [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1228 @@ -24894,8 +24971,8 @@ CVE-2020-6116 RESERVED CVE-2020-6115 RESERVED -CVE-2020-6114 - RESERVED +CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...) + TODO: check CVE-2020-6113 RESERVED CVE-2020-6112 @@ -29961,8 +30038,8 @@ CVE-2020-3976 RESERVED CVE-2020-3975 RESERVED -CVE-2020-3974 - RESERVED +CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...) + TODO: check CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...) TODO: check CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...) @@ -38681,6 +38758,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow CVE-2019-18861 RESERVED CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...) + {DLA-2278-1} - squid 4.9-1 (low) [buster] - squid <no-dsa> (Minor issue) - squid3 <removed> @@ -41330,26 +41408,26 @@ CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195 - linux <not-affected> (Vulnerable code not present) NOTE: https://lkml.org/lkml/2019/9/18/337 CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...) - {DSA-4682-1 DLA-2028-1} + {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...) - {DSA-4682-1 DLA-2028-1} + {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...) - {DSA-4682-1 DLA-2028-1} + {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.9-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt @@ -59361,7 +59439,7 @@ CVE-2019-13347 (An issue was discovered in the SAML Single Sign On (SSO) plugin CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...) NOT-FOR-US: MyT CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...) - {DSA-4507-1 DLA-1847-1} + {DSA-4507-1 DLA-2278-1 DLA-1847-1} - squid 4.8-1 (bug #931478) - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt @@ -60462,6 +60540,7 @@ CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in cod NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...) + {DLA-2277-1} - openjpeg2 <unfixed> (bug #931292) [buster] - openjpeg2 <no-dsa> (Minor issue) [jessie] - openjpeg2 <not-affected> (vulnerable code is not present) @@ -61582,13 +61661,13 @@ CVE-2019-12531 CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...) NOT-FOR-US: Dashboard plugin for GLPI CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...) - {DSA-4507-1 DLA-1858-1} + {DSA-4507-1 DLA-2278-1 DLA-1858-1} - squid 4.8-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950925) - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt @@ -61604,26 +61683,26 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded NOTE: without regard for the size of the target buffer. CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in ...) - {DSA-4682-1 DLA-2028-1} + {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 <removed> NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...) - {DSA-4507-1 DLA-1858-1} + {DSA-4507-1 DLA-2278-1 DLA-1858-1} - squid 4.8-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-409956536647b3a05ee1e367424a24ae6b8f13fd.patch NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch CVE-2019-12524 (An issue was discovered in Squid through 4.7. When handling requests f ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.8-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.9-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt @@ -61631,19 +61710,19 @@ CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run as roo ...) TODO: check CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.8-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...) - {DSA-4682-1} + {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 <removed> NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt @@ -99090,7 +99169,7 @@ CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO S CVE-2017-18350 (bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer over ...) - bitcoin 0.15.1~dfsg-1 CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...) - {DLA-1596-1} + {DLA-2278-1 DLA-1596-1} - squid 4.4-1 (low; bug #912294) - squid3 <removed> (low) NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt @@ -298986,7 +299065,7 @@ CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode functi - iceweasel <not-affected> (Only affects Firefox > 17) - iceape <not-affected> (Only affects Firefox > 17) CVE-2013-1703 - RESERVED + REJECTED CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <not-affected> (Only affects Firefox > 17) - icedove <not-affected> (Only affects Firefox > 17) @@ -301551,7 +301630,7 @@ CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Rub - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-0802 - RESERVED + REJECTED CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 @@ -301942,45 +302021,45 @@ CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerab CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...) NOT-FOR-US: Rapid7 Nexpose Security Console CVE-2012-6492 - RESERVED + REJECTED CVE-2012-6491 - RESERVED + REJECTED CVE-2012-6490 - RESERVED + REJECTED CVE-2012-6489 - RESERVED + REJECTED CVE-2012-6488 - RESERVED + REJECTED CVE-2012-6487 - RESERVED + REJECTED CVE-2012-6486 - RESERVED + REJECTED CVE-2012-6485 - RESERVED + REJECTED CVE-2012-6484 - RESERVED + REJECTED CVE-2012-6483 - RESERVED + REJECTED CVE-2012-6482 - RESERVED + REJECTED CVE-2012-6481 - RESERVED + REJECTED CVE-2012-6480 - RESERVED + REJECTED CVE-2012-6479 - RESERVED + REJECTED CVE-2012-6478 - RESERVED + REJECTED CVE-2012-6477 - RESERVED + REJECTED CVE-2012-6476 - RESERVED + REJECTED CVE-2012-6475 - RESERVED + REJECTED CVE-2012-6474 - RESERVED + REJECTED CVE-2012-6473 - RESERVED + REJECTED CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allo ...) NOT-FOR-US: WordPress plugin CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3d521a21d84686f64eda1a266a84f05e951bee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3d521a21d84686f64eda1a266a84f05e951bee You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits