[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 01 Aug 2020 13:11:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
83d467c7 by security tracker role at 2020-08-01T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-16265
+       RESERVED
+CVE-2020-16264
+       RESERVED
 CVE-2020-16263
        RESERVED
 CVE-2020-16262
@@ -6625,7 +6629,7 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability 
allows remote attackers
 CVE-2020-13626
        RESERVED
 CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when 
the name o ...)
-       {DLA-2244-1}
+       {DLA-2306-1 DLA-2244-1}
        - libphp-phpmailer 6.1.6-1 (bug #962827)
        [buster] - libphp-phpmailer <no-dsa> (Minor issue)
        NOTE: 
https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
@@ -17272,6 +17276,7 @@ CVE-2020-9926
        RESERVED
 CVE-2020-9925
        RESERVED
+       {DSA-4739-1}
        - webkit2gtk 2.28.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
@@ -17297,6 +17302,7 @@ CVE-2020-9916
        RESERVED
 CVE-2020-9915
        RESERVED
+       {DSA-4739-1}
        - webkit2gtk 2.28.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
@@ -17342,6 +17348,7 @@ CVE-2020-9896
        RESERVED
 CVE-2020-9895
        RESERVED
+       {DSA-4739-1}
        - webkit2gtk 2.28.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
@@ -17349,6 +17356,7 @@ CVE-2020-9895
        NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
 CVE-2020-9894
        RESERVED
+       {DSA-4739-1}
        - webkit2gtk 2.28.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
@@ -17356,6 +17364,7 @@ CVE-2020-9894
        NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
 CVE-2020-9893
        RESERVED
+       {DSA-4739-1}
        - webkit2gtk 2.28.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
@@ -17423,6 +17432,7 @@ CVE-2020-9863
        RESERVED
 CVE-2020-9862
        RESERVED
+       {DSA-4739-1}
        - webkit2gtk 2.28.4-1
        [stretch] - webkit2gtk <ignored> (Not covered by security support in 
stretch)
        [jessie] - webkit2gtk <ignored> (Not covered by security support in 
jessie)
@@ -19910,7 +19920,7 @@ CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 
2.9.10.2 lacks certain x
 CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP 
Converter dev ...)
        NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices
 CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not 
correct ...)
-       {DLA-2116-1}
+       {DLA-2304-1 DLA-2116-1}
        - libpam-radius-auth 1.4.0-3 (bug #951396)
        [buster] - libpam-radius-auth 1.4.0-3~deb10u1
        NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
@@ -117073,7 +117083,7 @@ CVE-2018-1000546 (Triplea version &lt;= 1.9.0.0.10291 
contains a XML External En
 CVE-2018-1000545
        REJECTED
 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a 
Directory Tra ...)
-       {DLA-1467-1}
+       {DLA-2307-1 DLA-1467-1}
        - ruby-zip 1.2.2-1 (bug #902720)
        NOTE: https://github.com/rubyzip/rubyzip/issues/369
        NOTE: Part of fixes:
@@ -122847,7 +122857,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 
0.7.3 has CSRF via a delete a
 CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and 
resultant Authe ...)
        NOT-FOR-US: CSP MySQL User Manager
 CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission 
before 3.0 ...)
-       {DLA-2218-1}
+       {DLA-2305-1 DLA-2218-1}
        - transmission 3.00-1 (bug #961461)
        [buster] - transmission 2.94-2+deb10u1
        NOTE: 
https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e
 (3.00)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d467c7e31b19e827a6f18cc481ef7d7c3c6375

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d467c7e31b19e827a6f18cc481ef7d7c3c6375
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to