[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
258a725e by security tracker role at 2020-08-01T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-16263
+       RESERVED
+CVE-2020-16262
+       RESERVED
+CVE-2020-16261
+       RESERVED
+CVE-2020-16260
+       RESERVED
+CVE-2020-16259
+       RESERVED
+CVE-2020-16258
+       RESERVED
+CVE-2020-16257
+       RESERVED
+CVE-2020-16256
+       RESERVED
+CVE-2020-16255
+       RESERVED
 CVE-2020-16254
        RESERVED
 CVE-2020-16253
@@ -238,6 +256,7 @@ CVE-2020-16137
 CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user 
with permis ...)
        TODO: check
 CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if 
ssh_buf ...)
+       {DLA-2303-1}
        - libssh <unfixed> (bug #966560)
        NOTE: https://bugs.libssh.org/T232
        NOTE: 
https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238
@@ -289,6 +308,7 @@ CVE-2020-16117 (In GNOME evolution-data-server before 
3.35.91, a malicious serve
        NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
 CVE-2020-16116
        RESERVED
+       {DSA-4738-1}
        - ark 4:20.04.3-1
        NOTE: https://kde.org/info/security/advisory-20200730-1.txt
        NOTE: 
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
@@ -832,12 +852,12 @@ CVE-2020-15873 (In LibreNMS before 1.65.1, an 
authenticated attacker can achieve
        NOT-FOR-US: LibreNMS
 CVE-2020-15872
        RESERVED
-CVE-2020-15871
-       RESERVED
-CVE-2020-15870
-       RESERVED
-CVE-2020-15869
-       RESERVED
+CVE-2020-15871 (Sonatype Nexus Repository Manager OSS/Pro version before 
3.25.1 allows ...)
+       TODO: check
+CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 
3.25.1 allow ...)
+       TODO: check
+CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 
3.25.1 allow ...)
+       TODO: check
 CVE-2020-15868
        RESERVED
 CVE-2020-15867
@@ -4750,15 +4770,13 @@ CVE-2020-14312
        RESERVED
        - dnsmasq 2.69-1 (bug #732610)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
-CVE-2020-14311
-       RESERVED
+CVE-2020-14311 (There is an issue with grub2 before version 2.06 while 
handling symlin ...)
        {DSA-4735-1}
        - grub2 2.04-9
        [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
        NOTE: 
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
-CVE-2020-14310
-       RESERVED
+CVE-2020-14310 (There is an issue on grub2 before version 2.06 at function 
read_sectio ...)
        {DSA-4735-1}
        - grub2 2.04-9
        [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
@@ -28233,10 +28251,10 @@ CVE-2020-5416
        RESERVED
 CVE-2020-5415
        RESERVED
-CVE-2020-5414
-       RESERVED
-CVE-2020-5413
-       RESERVED
+CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior 
to 2.7. ...)
+       TODO: check
+CVE-2020-5413 (Spring Integration framework provides Kryo Codec 
implementations as an ...)
+       TODO: check
 CVE-2020-5412
        RESERVED
 CVE-2020-5411 (When configured to enable default typing, Jackson contained a 
deserial ...)
@@ -28278,8 +28296,8 @@ CVE-2020-5397 (Spring Framework, versions 5.2.x prior 
to 5.2.3 are vulnerable to
        NOTE: https://pivotal.io/security/cve-2020-5397
        NOTE: https://github.com/spring-projects/spring-framework/issues/24327
        NOTE: 
https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929
-CVE-2020-5396
-       RESERVED
+CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 
9.7.6, and  ...)
+       TODO: check
 CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData 
in sfd. ...)
        - fontforge <unfixed> (bug #948231)
        [buster] - fontforge <no-dsa> (Minor issue)
@@ -67059,8 +67077,8 @@ CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior 
to 3.7.21 and 3.8.x prior
        [stretch] - rabbitmq-server <no-dsa> (Minor issue)
        [jessie] - rabbitmq-server <postponed> (Minor issue)
        NOTE: https://pivotal.io/security/cve-2019-11287
-CVE-2019-11286
-       RESERVED
+CVE-2019-11286 (VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 
9.7.5, and  ...)
+       TODO: check
 CVE-2019-11285
        REJECTED
 CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes 
headers throug ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258a725e6c18987728f112ee6533fc3f14bba2ec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/258a725e6c18987728f112ee6533fc3f14bba2ec
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits