Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 83d467c7 by security tracker role at 2020-08-01T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,7 @@ +CVE-2020-16265 + RESERVED +CVE-2020-16264 + RESERVED CVE-2020-16263 RESERVED CVE-2020-16262 @@ -6625,7 +6629,7 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers CVE-2020-13626 RESERVED CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...) - {DLA-2244-1} + {DLA-2306-1 DLA-2244-1} - libphp-phpmailer 6.1.6-1 (bug #962827) [buster] - libphp-phpmailer <no-dsa> (Minor issue) NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj @@ -17272,6 +17276,7 @@ CVE-2020-9926 RESERVED CVE-2020-9925 RESERVED + {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17297,6 +17302,7 @@ CVE-2020-9916 RESERVED CVE-2020-9915 RESERVED + {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17342,6 +17348,7 @@ CVE-2020-9896 RESERVED CVE-2020-9895 RESERVED + {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17349,6 +17356,7 @@ CVE-2020-9895 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9894 RESERVED + {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17356,6 +17364,7 @@ CVE-2020-9894 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9893 RESERVED + {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -17423,6 +17432,7 @@ CVE-2020-9863 RESERVED CVE-2020-9862 RESERVED + {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -19910,7 +19920,7 @@ CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain x CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...) - {DLA-2116-1} + {DLA-2304-1 DLA-2116-1} - libpam-radius-auth 1.4.0-3 (bug #951396) [buster] - libpam-radius-auth 1.4.0-3~deb10u1 NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec @@ -117073,7 +117083,7 @@ CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External En CVE-2018-1000545 REJECTED CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...) - {DLA-1467-1} + {DLA-2307-1 DLA-1467-1} - ruby-zip 1.2.2-1 (bug #902720) NOTE: https://github.com/rubyzip/rubyzip/issues/369 NOTE: Part of fixes: @@ -122847,7 +122857,7 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...) NOT-FOR-US: CSP MySQL User Manager CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...) - {DLA-2218-1} + {DLA-2305-1 DLA-2218-1} - transmission 3.00-1 (bug #961461) [buster] - transmission 2.94-2+deb10u1 NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d467c7e31b19e827a6f18cc481ef7d7c3c6375 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83d467c7e31b19e827a6f18cc481ef7d7c3c6375 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits