Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56f8fec9 by security tracker role at 2020-11-23T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-28982
+ RESERVED
+CVE-2020-28981
+ RESERVED
+CVE-2020-28980
+ RESERVED
+CVE-2020-28979
+ RESERVED
+CVE-2020-28978
+ RESERVED
+CVE-2020-28977
+ RESERVED
+CVE-2020-28976
+ RESERVED
CVE-2020-XXXX [identified authors can execute arbitrary PHP code]
- spip 3.2.8-1
NOTE:
https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
@@ -64,10 +78,12 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x
before 19.07.5 may enc
CVE-2020-28950
RESERVED
CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only
to addre ...)
+ {DLA-2465-1}
- php-pear <unfixed>
NOTE: https://github.com/pear/Archive_Tar/issues/33
NOTE:
https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack
because ph ...)
+ {DLA-2465-1}
- php-pear <unfixed>
NOTE: https://github.com/pear/Archive_Tar/issues/33
NOTE:
https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
@@ -197,8 +213,7 @@ CVE-2020-28898
RESERVED
CVE-2020-28897
RESERVED
-CVE-2020-28896
- RESERVED
+CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure
that $s ...)
- mutt 2.0.2-1
[buster] - mutt <no-dsa> (Minor issue)
- neomutt 20201120+dfsg.1-1
@@ -267,8 +282,8 @@ CVE-2020-28866
RESERVED
CVE-2020-28865
RESERVED
-CVE-2020-28864
- RESERVED
+CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server
to caus ...)
+ TODO: check
CVE-2020-28863
RESERVED
CVE-2020-28862
@@ -2312,8 +2327,8 @@ CVE-2020-28423
RESERVED
CVE-2020-28422
RESERVED
-CVE-2020-28421
- RESERVED
+CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains
a vulne ...)
+ TODO: check
CVE-2020-28420
RESERVED
CVE-2020-28419
@@ -4611,8 +4626,8 @@ CVE-2020-28055 (A vulnerability in the TCL Android Smart
TV series V8-R851T02-LF
NOT-FOR-US: TCL Android Smart TV series
CVE-2020-28054 (JamoDat TSMManager Collector version up to 6.5.0.21 is
vulnerable to a ...)
NOT-FOR-US: JamoDat TSMManager Collector
-CVE-2020-28053
- RESERVED
+CVE-2020-28053 (HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5
allowed opera ...)
+ TODO: check
CVE-2020-28052
RESERVED
CVE-2020-28051
@@ -4796,8 +4811,8 @@ CVE-2020-27987
RESERVED
CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers
to discov ...)
NOT-FOR-US: SonarQube
-CVE-2020-27985
- RESERVED
+CVE-2020-27985 (Security Onion v2 prior to 2.3.10 has an incorrect sudo
configuration, ...)
+ TODO: check
CVE-2020-27984
RESERVED
CVE-2020-27983
@@ -6344,7 +6359,7 @@ CVE-2020-27555 (Use of default credentials for the telnet
server in BASETech GE-
NOT-FOR-US: BASETech
CVE-2020-27554 (Cleartext Transmission of Sensitive Information vulnerability
in BASET ...)
NOT-FOR-US: BASETech
-CVE-2020-27553 (A directory traversal vulnerability in BASETech GE-131
BT-1837836 firm ...)
+CVE-2020-27553 (In BASETech GE-131 BT-1837836 firmware 20180921, the
web-server on the ...)
NOT-FOR-US: BASETech
CVE-2020-27552
RESERVED
@@ -7543,7 +7558,7 @@ CVE-2020-26969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
CVE-2020-26968
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7564,7 +7579,7 @@ CVE-2020-26966
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966
CVE-2020-26965
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7585,7 +7600,7 @@ CVE-2020-26962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
CVE-2020-26961
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7594,7 +7609,7 @@ CVE-2020-26961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961
CVE-2020-26960
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7603,7 +7618,7 @@ CVE-2020-26960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960
CVE-2020-26959
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7612,7 +7627,7 @@ CVE-2020-26959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959
CVE-2020-26958
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7625,7 +7640,7 @@ CVE-2020-26957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957
CVE-2020-26956
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7642,7 +7657,7 @@ CVE-2020-26954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954
CVE-2020-26953
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7655,7 +7670,7 @@ CVE-2020-26952
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
CVE-2020-26951
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -8469,10 +8484,10 @@ CVE-2019-20926
RESERVED
CVE-2019-20925
RESERVED
-CVE-2019-20924
- RESERVED
-CVE-2019-20923
- RESERVED
+CVE-2019-20924 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
+CVE-2019-20923 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2
lacks a ...)
- glibc 2.2-1
CVE-2020-26572 (The TCOS smart card software driver in OpenSC before
0.21.0-rc1 has a ...)
@@ -9168,8 +9183,8 @@ CVE-2020-26241
RESERVED
CVE-2020-26240
RESERVED
-CVE-2020-26239
- RESERVED
+CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and
Firefox ...)
+ TODO: check
CVE-2020-26238
RESERVED
CVE-2020-26237
@@ -12355,7 +12370,7 @@ CVE-2020-24892
RESERVED
CVE-2020-24891
REJECTED
-CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in
parse_tiff ...)
+CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null pointer dereference
vulnerabilit ...)
- libraw <unfixed> (unimportant)
NOTE: https://github.com/LibRaw/LibRaw/issues/335
NOTE: https://github.com/LibRaw/LibRaw/issues/335#issuecomment-677637276
@@ -30529,7 +30544,7 @@ CVE-2020-16013
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16012
RESERVED
- {DSA-4796-1 DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -37291,6 +37306,7 @@ CVE-2020-13585
RESERVED
CVE-2020-13584
RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -40427,15 +40443,13 @@ CVE-2020-12354 (Incorrect default permissions in
Windows(R) installer in Intel(R
NOT-FOR-US: Intel
CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager
Console befor ...)
NOT-FOR-US: Intel
-CVE-2020-12352
- RESERVED
+CVE-2020-12352 (Improper access control in BlueZ may allow an unauthenticated
user to ...)
{DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.9.1-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
NOTE: Fixed by:
https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8
-CVE-2020-12351
- RESERVED
+CVE-2020-12351 (Improper input validation in BlueZ may allow an
unauthenticated user t ...)
{DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.9.1-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
@@ -47997,7 +48011,7 @@ CVE-2020-9985 (A buffer overflow issue was addressed
with improved memory handli
CVE-2020-9984 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -48064,14 +48078,14 @@ CVE-2020-9954
CVE-2020-9953
RESERVED
CVE-2020-9952 (An input validation issue was addressed with improved input
validation ...)
- RESERVED
+ {DSA-4739-1}
- webkit2gtk 2.28.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
CVE-2020-9951 (A use after free issue was addressed with improved memory
management. ...)
- RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -48082,7 +48096,7 @@ CVE-2020-9950
CVE-2020-9949
RESERVED
CVE-2020-9948 (A type confusion issue was addressed with improved memory
handling. Th ...)
- RESERVED
+ {DSA-4797-1}
- webkit2gtk 2.30.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
@@ -53131,14 +53145,14 @@ CVE-2020-7930
RESERVED
CVE-2020-7929
RESERVED
-CVE-2020-7928
- RESERVED
-CVE-2020-7927
- RESERVED
-CVE-2020-7926
- RESERVED
-CVE-2020-7925
- RESERVED
+CVE-2020-7928 (A user authorized to perform database queries may trigger a
read overr ...)
+ TODO: check
+CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who
holds ...)
+ TODO: check
+CVE-2020-7926 (A user authorized to perform database queries may cause denial
of serv ...)
+ TODO: check
+CVE-2020-7925 (Incorrect validation of user input in the role name parser may
lead to ...)
+ TODO: check
CVE-2020-7924
RESERVED
CVE-2020-7923 (A user authorized to perform database queries may cause denial
of serv ...)
@@ -53550,8 +53564,8 @@ CVE-2020-7779
RESERVED
CVE-2020-7778
RESERVED
-CVE-2020-7777
- RESERVED
+CVE-2020-7777 (This affects all versions of package jsen. If an attacker can
control ...)
+ TODO: check
CVE-2020-7776
RESERVED
CVE-2020-7775
@@ -55522,8 +55536,8 @@ CVE-2020-6941
RESERVED
CVE-2020-6940
RESERVED
-CVE-2020-6939
- RESERVED
+CVE-2020-6939 (Tableau Server installations configured with Site-Specific SAML
that a ...)
+ TODO: check
CVE-2020-6938 (A sensitive information disclosure vulnerability in Tableau
Server 10. ...)
NOT-FOR-US: Tableau Server
CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x,
3.9.x, ...)
@@ -61115,8 +61129,8 @@ CVE-2020-4856
RESERVED
CVE-2020-4855
RESERVED
-CVE-2020-4854
- RESERVED
+CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains
hard-coded cr ...)
+ TODO: check
CVE-2020-4853
RESERVED
CVE-2020-4852
@@ -61257,8 +61271,8 @@ CVE-2020-4785 (IBM App Connect Enterprise Certified
Container 1.0.0, 1.0.1, 1.0.
NOT-FOR-US: IBM
CVE-2020-4784
RESERVED
-CVE-2020-4783
- RESERVED
+CVE-2020-4783 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a
remote a ...)
+ TODO: check
CVE-2020-4782 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
NOT-FOR-US: IBM
CVE-2020-4781 (An improper input validation before calling java readLine()
method may ...)
@@ -61281,8 +61295,8 @@ CVE-2020-4773 (A cross-site request forgery (CSRF)
vulnerability may impact IBM
NOT-FOR-US: IBM
CVE-2020-4772 (An XML External Entity Injection (XXE) vulnerability may impact
IBM Cu ...)
NOT-FOR-US: IBM
-CVE-2020-4771
- RESERVED
+CVE-2020-4771 (IBM Spectrum Protect Operations Center 8.1.0.000 through
8.1.10.and 7. ...)
+ TODO: check
CVE-2020-4770
RESERVED
CVE-2020-4769
@@ -69801,8 +69815,8 @@ CVE-2020-1780
RESERVED
CVE-2020-1779
RESERVED
-CVE-2020-1778
- RESERVED
+CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with
LDAP), ...)
+ TODO: check
CVE-2020-1777 (Agent names that participates in a chat conversation are
revealed in c ...)
- otrs <not-affected> (Only affects 7.x and 8.x)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
@@ -74680,8 +74694,7 @@ CVE-2020-0570 (Uncontrolled search path in the QT
Library before 5.14.0, 5.12.7
NOTE: https://bugreports.qt.io/browse/QTBUG-81272
NOTE: Patch:
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd
NOTE:
https://lists.qt-project.org/pipermail/development/2020-January/038534.html
-CVE-2020-0569
- RESERVED
+CVE-2020-0569 (Out of bounds write in Intel(R) PROSet/Wireless WiFi products
on Windo ...)
{DSA-4617-1 DLA-2092-1}
- qtbase-opensource-src 5.12.5+dfsg-8
NOTE: Patch for 5.6.0 through 5.13.2:
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
@@ -87402,14 +87415,12 @@ CVE-2019-14589
RESERVED
CVE-2019-14588
RESERVED
-CVE-2019-14587
- RESERVED
+CVE-2019-14587 (Logic issue EDK II may allow an unauthenticated user to
potentially en ...)
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
-CVE-2019-14586
- RESERVED
+CVE-2019-14586 (Use after free vulnerability in EDK II may allow an
authenticated user ...)
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
@@ -87439,8 +87450,7 @@ CVE-2019-14577
RESERVED
CVE-2019-14576
RESERVED
-CVE-2019-14575 [DxeImageVerificationHandler() fails open in case of dbx
signature check]
- RESERVED
+CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may
allow an a ...)
- edk2 0~20200229.4c0f6e34-1 (low; bug #952935)
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
@@ -87468,16 +87478,14 @@ CVE-2019-14565 (Insufficient initialization in
Intel(R) SGX SDK Windows versions
NOT-FOR-US: Intel
CVE-2019-14564
RESERVED
-CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib]
- RESERVED
+CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user
to potent ...)
- edk2 0~20200229.4c0f6e34-1 (low; bug #952934)
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE:
https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
-CVE-2019-14562
- RESERVED
+CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may
allow an ...)
- edk2 2020.05-4 (bug #968819)
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
@@ -87491,8 +87499,7 @@ CVE-2019-14560 [GetEfiGlobalVariable2() return value
not checked]
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
-CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
- RESERVED
+CVE-2019-14559 (Uncontrolled resource consumption in EDK II may allow an
unauthenticat ...)
- edk2 0~20200229.4c0f6e34-1 (bug #952926; low)
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
@@ -87515,8 +87522,7 @@ CVE-2019-14555
RESERVED
CVE-2019-14554
RESERVED
-CVE-2019-14553 [invalid server certificate accepted in HTTPS-over-IPv6 boot]
- RESERVED
+CVE-2019-14553 (Improper authentication in EDK II may allow a privileged user
to poten ...)
- edk2 0~20190828.37eef910-4 (unimportant; bug #941775)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1758518
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=960
@@ -103231,14 +103237,14 @@ CVE-2019-9832 (The AirDrop application through 2.0
for Android allows remote att
NOT-FOR-US: AirDrop application for Android
CVE-2019-9831 (The AirMore application through 1.6.1 for Android allows remote
attack ...)
NOT-FOR-US: AirMore application for Android
-CVE-2018-20805
- RESERVED
-CVE-2018-20804
- RESERVED
-CVE-2018-20803
- RESERVED
-CVE-2018-20802
- RESERVED
+CVE-2018-20805 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
+CVE-2018-20804 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
+CVE-2018-20803 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
+CVE-2018-20802 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
CVE-2017-18363
RESERVED
CVE-2015-9283
@@ -124003,10 +124009,10 @@ CVE-2018-20029 (The nxfs.sys driver in the DokanFS
library 0.6.0 in NoMachine be
NOT-FOR-US: nxfs.sys driver in the DokanFS library in NoMachine on
Windows
CVE-2019-2394
RESERVED
-CVE-2019-2393
- RESERVED
-CVE-2019-2392
- RESERVED
+CVE-2019-2393 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
+CVE-2019-2392 (A user authorized to perform database queries may trigger
denial of se ...)
+ TODO: check
CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson
not corr ...)
[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
- node-mongodb 3.5.6+~cs11.12.19-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56f8fec9d1d3c88ad678c7939ba99a698b2942e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56f8fec9d1d3c88ad678c7939ba99a698b2942e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
