[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f9405438 by security tracker role at 2020-11-26T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,112 @@
-CVE-2020-29074 [creates shared memory segments world-writable]
+CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of 
entitie ...)
+       TODO: check
+CVE-2020-29127
+       RESERVED
+CVE-2020-29126
+       RESERVED
+CVE-2020-29125
+       RESERVED
+CVE-2020-29124
+       RESERVED
+CVE-2020-29123
+       RESERVED
+CVE-2020-29122
+       RESERVED
+CVE-2020-29121
+       RESERVED
+CVE-2020-29120
+       RESERVED
+CVE-2020-29119
+       RESERVED
+CVE-2020-29118
+       RESERVED
+CVE-2020-29117
+       RESERVED
+CVE-2020-29116
+       RESERVED
+CVE-2020-29115
+       RESERVED
+CVE-2020-29114
+       RESERVED
+CVE-2020-29113
+       RESERVED
+CVE-2020-29112
+       RESERVED
+CVE-2020-29111
+       RESERVED
+CVE-2020-29110
+       RESERVED
+CVE-2020-29109
+       RESERVED
+CVE-2020-29108
+       RESERVED
+CVE-2020-29107
+       RESERVED
+CVE-2020-29106
+       RESERVED
+CVE-2020-29105
+       RESERVED
+CVE-2020-29104
+       RESERVED
+CVE-2020-29103
+       RESERVED
+CVE-2020-29102
+       RESERVED
+CVE-2020-29101
+       RESERVED
+CVE-2020-29100
+       RESERVED
+CVE-2020-29099
+       RESERVED
+CVE-2020-29098
+       RESERVED
+CVE-2020-29097
+       RESERVED
+CVE-2020-29096
+       RESERVED
+CVE-2020-29095
+       RESERVED
+CVE-2020-29094
+       RESERVED
+CVE-2020-29093
+       RESERVED
+CVE-2020-29092
+       RESERVED
+CVE-2020-29091
+       RESERVED
+CVE-2020-29090
+       RESERVED
+CVE-2020-29089
+       RESERVED
+CVE-2020-29088
+       RESERVED
+CVE-2020-29087
+       RESERVED
+CVE-2020-29086
+       RESERVED
+CVE-2020-29085
+       RESERVED
+CVE-2020-29084
+       RESERVED
+CVE-2020-29083
+       RESERVED
+CVE-2020-29082
+       RESERVED
+CVE-2020-29081
+       RESERVED
+CVE-2020-29080
+       RESERVED
+CVE-2020-29079
+       RESERVED
+CVE-2020-29078
+       RESERVED
+CVE-2020-29077
+       RESERVED
+CVE-2020-29076
+       RESERVED
+CVE-2020-29075
+       RESERVED
+CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, 
which all ...)
        - x11vnc <unfixed> (bug #975875)
        NOTE: 
https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
 CVE-2020-29073
@@ -269,14 +377,14 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x 
before 19.07.5 may enc
 CVE-2020-28950
        RESERVED
 CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only 
to addre ...)
-       {DLA-2465-1}
+       {DLA-2466-1 DLA-2465-1}
        - drupal7 <removed>
        - php-pear <unfixed>
        NOTE: https://github.com/pear/Archive_Tar/issues/33
        NOTE: 
https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
        NOTE: https://www.drupal.org/sa-core-2020-013
 CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack 
because ph ...)
-       {DLA-2465-1}
+       {DLA-2466-1 DLA-2465-1}
        - drupal7 <removed>
        - php-pear <unfixed>
        NOTE: https://github.com/pear/Archive_Tar/issues/33
@@ -7293,16 +7401,16 @@ CVE-2020-27257
        RESERVED
 CVE-2020-27256
        RESERVED
-CVE-2020-27255
-       RESERVED
+CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx 
Version 6 ...)
+       TODO: check
 CVE-2020-27254
        RESERVED
-CVE-2020-27253
-       RESERVED
+CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of 
FactoryTalk Linx ...)
+       TODO: check
 CVE-2020-27252
        RESERVED
-CVE-2020-27251
-       RESERVED
+CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx 
Version 6 ...)
+       TODO: check
 CVE-2020-27250
        RESERVED
 CVE-2020-27249
@@ -10993,20 +11101,17 @@ CVE-2020-25654 (An ACL bypass flaw was found in 
pacemaker before 1.1.24-rc1 and
        - pacemaker 2.0.5~rc2-1 (bug #973254)
        NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
-CVE-2020-25653 [UNIX Doman Socket Peer PID Retrieved via SO_PEERCRED is 
Subject to Race Condition]
-       RESERVED
+CVE-2020-25653 (A race condition vulnerability was found in the way the 
spice-vdagentd ...)
        - spice-vdagent <unfixed> (bug #973769)
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
        NOTE: 
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/51c415df82a52e9ec033225783c77df95f387891
        NOTE: 
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/5c50131797e985d0a5654c1fd7000ae945ed29a7
-CVE-2020-25652 [Possibility to Exhaust File Descriptors in vdagentd]
-       RESERVED
+CVE-2020-25652 (A flaw was found in the spice-vdagentd daemon, where it did 
not proper ...)
        - spice-vdagent <unfixed> (bug #973769)
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
        NOTE: 
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/91caa9223857708475d29df1768208fed1675340
        NOTE: 
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/812ca777469a377c84b9861d7d326bfc72563304
-CVE-2020-25651 [Possible File Transfer DoS and Information Leak via 
active_xfers Hash Map]
-       RESERVED
+CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File 
data from t ...)
        - spice-vdagent <unfixed> (bug #973769)
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
        NOTE: 
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
@@ -35980,10 +36085,10 @@ CVE-2020-14193
        RESERVED
 CVE-2020-14192
        RESERVED
-CVE-2020-14191
-       RESERVED
-CVE-2020-14190
-       RESERVED
+CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote 
attackers ...)
+       TODO: check
+CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote 
attackers ...)
+       TODO: check
 CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub 
Action  ...)
        NOT-FOR-US: Atlassian
 CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create 
GitHub Acti ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94054389f5c213c6fa61f61ec61d09ca082ecab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94054389f5c213c6fa61f61ec61d09ca082ecab
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits