Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 368a2ee7 by Salvatore Bonaccorso at 2020-10-06T21:05:59+02:00 Track fixes for etcd via experimental - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -24010,6 +24010,7 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) NOT-FOR-US: HoRNDIS CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd <unfixed> (bug #968752) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) @@ -24068,15 +24069,19 @@ CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashe CVE-2020-15116 RESERVED CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd <unfixed> (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd <unfixed> (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd <unfixed> (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd <unfixed> (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...) @@ -24094,6 +24099,7 @@ CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...) NOT-FOR-US: openenclave CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd <unfixed> (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368a2ee7262931f5c230873fd0cc454cd7319850 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368a2ee7262931f5c230873fd0cc454cd7319850 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits