[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Update status of libperlspeak-perl.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: e271f15d by Mike Gabriel at 2020-03-31T08:09:31+02:00 data/dla-needed.txt: Update status of libperlspeak-perl. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -37,7 +37,7 @@ libmtp (Dylan Aïssi) -- libperlspeak-perl (Mike Gabriel) NOTE: 20200326: No patches yet. - NOTE: 20200330: Will request removal from jessie (sunweaver). + NOTE: 20200330: Requested EOL/jessie (sunweaver, h01ger). -- libplist (Dylan Aïssi) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e271f15d11b7a4295cd12c6e7fc75bcdfedf435f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e271f15d11b7a4295cd12c6e7fc75bcdfedf435f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-10595/libpam-krb5
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88d637bd by Salvatore Bonaccorso at 2020-03-31T05:43:48+02:00 Add CVE-2020-10595/libpam-krb5 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1353,6 +1353,8 @@ CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to NOT-FOR-US: Subrion CMS CVE-2020-10595 RESERVED + - libpam-krb5 4.9-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) NOT-FOR-US: drf-jwt CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88d637bddc17a37d3d60a82f7f2d973a18d454e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88d637bddc17a37d3d60a82f7f2d973a18d454e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixing commit information on CVE-2020-1957/shiro
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3c9b8a5 by Salvatore Bonaccorso at 2020-03-31T05:34:50+02:00 Add fixing commit information on CVE-2020-1957/shiro - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22532,7 +22532,8 @@ CVE-2020-1958 CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) - shiro (bug #955018) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 - TODO: check with upstream on details, cf. https://github.com/apache/shiro/pull/203#issuecomment-605442534 + NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 + NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 CVE-2020-1956 RESERVED CVE-2020-1955 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3c9b8a518dfe7cd435fbd8f225500b77f8e1326 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3c9b8a518dfe7cd435fbd8f225500b77f8e1326 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct source package name for CVE-2020-7212
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2364c423 by Salvatore Bonaccorso at 2020-03-31T05:30:43+02:00 Correct source package name for CVE-2020-7212 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9035,7 +9035,7 @@ CVE-2020-7214 CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) NOT-FOR-US: Parallels CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...) - - python-urllib 1.25.8-1 + - python-urllib3 1.25.8-1 [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) [jessie] - python-urllib3 (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2364c4236fe3c82a12acc39182350567d341d39d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2364c4236fe3c82a12acc39182350567d341d39d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-6817/python-bleach, #955388
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 048d086c by Salvatore Bonaccorso at 2020-03-31T05:23:38+02:00 Add CVE-2020-6817/python-bleach, #955388 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9957,8 +9957,11 @@ CVE-2020-6819 RESERVED CVE-2020-6818 RESERVED -CVE-2020-6817 +CVE-2020-6817 [Regular expression denial of service] RESERVED + - python-bleach 3.1.4-1 (bug #955388) + NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/048d086cbb4f371b4c457e48faa7e0a6c4a85e66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/048d086cbb4f371b4c457e48faa7e0a6c4a85e66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark golang-1.13 as removed from the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ea2f32e9 by Salvatore Bonaccorso at 2020-03-31T05:21:17+02:00 Mark golang-1.13 as removed from the archive - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -706,3 +706,4 @@ lepton ruby-simple-form ruby-openssl koji +golang-1.13 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea2f32e94c558814f4fe4a69d7def679b67f150d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea2f32e94c558814f4fe4a69d7def679b67f150d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct source package name: synfony -> symfony
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 80272cd4 by Salvatore Bonaccorso at 2020-03-31T05:19:46+02:00 Correct source package name: synfony -> symfony - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13434,13 +13434,13 @@ CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a re CVE-2020-5276 RESERVED CVE-2020-5275 [All "access_control" rules are required when a firewall uses the unanimous strategy] - - synfony + - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf CVE-2020-5274 [Fix Exception message escaping rendered by ErrorHandler] - - synfony + - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler @@ -13496,7 +13496,7 @@ CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) NOT-FOR-US: BookStack CVE-2020-5255 [Prevent cache poisoning via a Response Content-Type header] - - synfony + - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80272cd4462259b8b5435d5857341645cf48428d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80272cd4462259b8b5435d5857341645cf48428d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Document new symfony issues
David Prévot pushed to branch master at Debian Security Tracker / security-tracker Commits: 2228b107 by David Prévot at 2020-03-30T14:05:12-10:00 Document new symfony issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13433,10 +13433,19 @@ CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a re NOT-FOR-US: PrestaShop CVE-2020-5276 RESERVED -CVE-2020-5275 - RESERVED -CVE-2020-5274 - RESERVED +CVE-2020-5275 [All "access_control" rules are required when a firewall uses the unanimous strategy] + - synfony + [buster] - symfony (Introduced in 4.4.0) + [stretch] - symfony (Introduced in 4.4.0) + NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy + NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf +CVE-2020-5274 [Fix Exception message escaping rendered by ErrorHandler] + - synfony + [buster] - symfony (Introduced in 4.4.0) + [stretch] - symfony (Introduced in 4.4.0) + NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler + NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad + NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db CVE-2020-5273 RESERVED CVE-2020-5272 @@ -13486,8 +13495,12 @@ CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by NOT-FOR-US: Administrate ruby gem CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) NOT-FOR-US: BookStack -CVE-2020-5255 - RESERVED +CVE-2020-5255 [Prevent cache poisoning via a Response Content-Type header] + - synfony + [buster] - symfony (Introduced in 4.4.0) + [stretch] - symfony (Introduced in 4.4.0) + NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header + NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...) - nethack (bug #953978) [buster] - nethack (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2228b107eaff50f422c0d715a2569a3e983a653a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2228b107eaff50f422c0d715a2569a3e983a653a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim netkit-telnet and netkit-telnet-ssl
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker Commits: 3bb22f9f by Anton Gladky at 2020-03-30T23:49:36+02:00 Claim netkit-telnet and netkit-telnet-ssl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -53,13 +53,13 @@ mumble (Abhijith PA) NOTE:20200325: Regression in last upload, forgot to follow up. NOTE:20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) -- -netkit-telnet +netkit-telnet (Anton Gladky) NOTE: 20200310: No patch available, yet. Only PoC. (sunweaver) NOTE: 20200320: Upstream's dead, keep an eye on other distros and krb5-appl (embed). (beuc) NOTE: 20200327: Pinged issue on the ~new upstream. (lamby) NOTE: 20200329: Turns out this is not actually the new upstream (which is MIA). (lamby) -- -netkit-telnet-ssl +netkit-telnet-ssl (Anton Gladky) NOTE: 20200310: No patch available, yet. Only PoC. (sunweaver) NOTE: 20200320: Upstream's dead, keep an eye on other distros and krb5-appl (embed). (beuc) NOTE: 20200327: Pinged issue on the ~new upstream. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb22f9fa262e9616babe9010c6dac4b1e599d95 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bb22f9fa262e9616babe9010c6dac4b1e599d95 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-8835/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cdeb5191 by Salvatore Bonaccorso at 2020-03-30T23:17:46+02:00 Track fixed version for CVE-2020-8835/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5332,7 +5332,7 @@ CVE-2020-8836 RESERVED CVE-2020-8835 RESERVED - - linux + - linux 5.5.13-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdeb519134e302a99b4ca455f4d65785a2d2795c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdeb519134e302a99b4ca455f4d65785a2d2795c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Expand TODO item for CVE-2020-7610
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e613697 by Salvatore Bonaccorso at 2020-03-30T22:34:50+02:00 Expand TODO item for CVE-2020-7610 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8153,7 +8153,7 @@ CVE-2020-7612 CVE-2020-7611 RESERVED CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...) - TODO: check + TODO: check, might affect node-mongodb embedding bson CVE-2020-7609 RESERVED CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e6136972e05132acb77f41be987f388ebca8a68 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e6136972e05132acb77f41be987f388ebca8a68 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f1c5201e by Salvatore Bonaccorso at 2020-03-30T22:24:11+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1439,7 +1439,7 @@ CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_ CVE-2020-10561 RESERVED CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) - TODO: check + NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) @@ -6086,7 +6086,7 @@ CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute a CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook CVE-2020-8509 (Zoho ManageEngine Desktop Central allows unauthenticated users to acce ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) @@ -12429,13 +12429,13 @@ CVE-2020-5728 CVE-2020-5727 RESERVED CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5725 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5724 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user passwor ...) - TODO: check + NOT-FOR-US: UCM6200 CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...) NOT-FOR-US: Grandstream CVE-2020-5721 @@ -12829,7 +12829,7 @@ CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...) NOT-FOR-US: AWMS Mobile App for Android and iOS CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1c5201e12585a011867d82c17027e1b4537ab9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1c5201e12585a011867d82c17027e1b4537ab9f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 654c6ed6 by security tracker role at 2020-03-30T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,203 @@ +CVE-2020-11099 + RESERVED +CVE-2020-11098 + RESERVED +CVE-2020-11097 + RESERVED +CVE-2020-11096 + RESERVED +CVE-2020-11095 + RESERVED +CVE-2020-11094 + RESERVED +CVE-2020-11093 + RESERVED +CVE-2020-11092 + RESERVED +CVE-2020-11091 + RESERVED +CVE-2020-11090 + RESERVED +CVE-2020-11089 + RESERVED +CVE-2020-11088 + RESERVED +CVE-2020-11087 + RESERVED +CVE-2020-11086 + RESERVED +CVE-2020-11085 + RESERVED +CVE-2020-11084 + RESERVED +CVE-2020-11083 + RESERVED +CVE-2020-11082 + RESERVED +CVE-2020-11081 + RESERVED +CVE-2020-11080 + RESERVED +CVE-2020-11079 + RESERVED +CVE-2020-11078 + RESERVED +CVE-2020-11077 + RESERVED +CVE-2020-11076 + RESERVED +CVE-2020-11075 + RESERVED +CVE-2020-11074 + RESERVED +CVE-2020-11073 + RESERVED +CVE-2020-11072 + RESERVED +CVE-2020-11071 + RESERVED +CVE-2020-11070 + RESERVED +CVE-2020-11069 + RESERVED +CVE-2020-11068 + RESERVED +CVE-2020-11067 + RESERVED +CVE-2020-11066 + RESERVED +CVE-2020-11065 + RESERVED +CVE-2020-11064 + RESERVED +CVE-2020-11063 + RESERVED +CVE-2020-11062 + RESERVED +CVE-2020-11061 + RESERVED +CVE-2020-11060 + RESERVED +CVE-2020-11059 + RESERVED +CVE-2020-11058 + RESERVED +CVE-2020-11057 + RESERVED +CVE-2020-11056 + RESERVED +CVE-2020-11055 + RESERVED +CVE-2020-11054 + RESERVED +CVE-2020-11053 + RESERVED +CVE-2020-11052 + RESERVED +CVE-2020-11051 + RESERVED +CVE-2020-11050 + RESERVED +CVE-2020-11049 + RESERVED +CVE-2020-11048 + RESERVED +CVE-2020-11047 + RESERVED +CVE-2020-11046 + RESERVED +CVE-2020-11045 + RESERVED +CVE-2020-11044 + RESERVED +CVE-2020-11043 + RESERVED +CVE-2020-11042 + RESERVED +CVE-2020-11041 + RESERVED +CVE-2020-11040 + RESERVED +CVE-2020-11039 + RESERVED +CVE-2020-11038 + RESERVED +CVE-2020-11037 + RESERVED +CVE-2020-11036 + RESERVED +CVE-2020-11035 + RESERVED +CVE-2020-11034 + RESERVED +CVE-2020-11033 + RESERVED +CVE-2020-11032 + RESERVED +CVE-2020-11031 + RESERVED +CVE-2020-11030 + RESERVED +CVE-2020-11029 + RESERVED +CVE-2020-11028 + RESERVED +CVE-2020-11027 + RESERVED +CVE-2020-11026 + RESERVED +CVE-2020-11025 + RESERVED +CVE-2020-11024 + RESERVED +CVE-2020-11023 + RESERVED +CVE-2020-11022 + RESERVED +CVE-2020-11021 + RESERVED +CVE-2020-11020 + RESERVED +CVE-2020-11019 + RESERVED +CVE-2020-11018 + RESERVED +CVE-2020-11017 + RESERVED +CVE-2020-11016 + RESERVED +CVE-2020-11015 + RESERVED +CVE-2020-11014 + RESERVED +CVE-2020-11013 + RESERVED +CVE-2020-11012 + RESERVED +CVE-2020-11011 + RESERVED +CVE-2020-11010 + RESERVED +CVE-2020-11009 + RESERVED +CVE-2020-11008 + RESERVED +CVE-2020-11007 + RESERVED +CVE-2020-11006 + RESERVED +CVE-2020-11005 + RESERVED +CVE-2020-11004 + RESERVED +CVE-2020-11003 + RESERVED +CVE-2020-11002 + RESERVED +CVE-2020-11001 + RESERVED +CVE-2020-11000 + RESERVED CVE-2020-10999 RESERVED CVE-2020-10998 @@ -1238,8 +1438,8 @@ CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_ NOT-FOR-US: DEVOME GRR CVE-2020-10561 RESERVED -CVE-2020-10560 - RESERVED +CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) + TODO: check CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) @@ -5885,8 +6085,8 @@ CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute a NOT-FOR-US: Artica Pandora FMS CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook -CVE-2020-8509 - RESERVED +CVE-2020-8509 (Zoho ManageEngine Desktop Central allows unauthenticated users to acce ...) + TODO: check CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) @@ -7952,8 +8152,8 @@ CVE-2020-7612 RESERVED CVE-2020-7611 RESERVED -CVE-2020-7610 - RESERVED +CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...) +
[Git][security-tracker-team/security-tracker][master] dla-needed: add and claim libplist
Dylan Aïssi pushed to branch master at Debian Security Tracker / security-tracker Commits: b86c12b0 by Dylan Aïssi at 2020-03-30T21:49:28+02:00 dla-needed: add and claim libplist - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -39,6 +39,8 @@ libperlspeak-perl (Mike Gabriel) NOTE: 20200326: No patches yet. NOTE: 20200330: Will request removal from jessie (sunweaver). -- +libplist (Dylan Aïssi) +-- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b86c12b0faaea1deba3a2d4c454c19157743cf4b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b86c12b0faaea1deba3a2d4c454c19157743cf4b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-8835/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 08de20a2 by Salvatore Bonaccorso at 2020-03-30T18:47:25+02:00 Add CVE-2020-8835/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5132,6 +5132,10 @@ CVE-2020-8836 RESERVED CVE-2020-8835 RESERVED + - linux + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + [jessie] - linux (Vulnerable code introduced later) CVE-2020-8834 RESERVED CVE-2020-8833 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08de20a2f668a46af2f5600703426a94ea38def1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08de20a2f668a46af2f5600703426a94ea38def1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 659fc26d by Moritz Muehlenhoff at 2020-03-30T18:10:32+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7284,7 +7284,7 @@ CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/crypto NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) TODO: check older versions than golang-1.11 CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) - TODO: check + NOT-FOR-US: totemo totemomail CVE-2020-7917 RESERVED CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) @@ -11951,7 +11951,7 @@ CVE-2020-5865 CVE-2020-5864 RESERVED CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...) - TODO: check + NOT-FOR-US: NGINX Controller CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...) @@ -12575,7 +12575,7 @@ CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrar CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...) NOT-FOR-US: mailform CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) - TODO: check + NOT-FOR-US: Toyota CVE-2020-5550 RESERVED CVE-2020-5549 @@ -50988,7 +50988,7 @@ CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 a NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828 NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3 CVE-2019-11355 (An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A featu ...) - TODO: check + NOT-FOR-US: Poly (formerly Polycom) HDX CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...) NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker ...) @@ -51019,7 +51019,7 @@ CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN C CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...) NOT-FOR-US: Pluck CMS CVE-2019-11343 (Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBu ...) - TODO: check + NOT-FOR-US: Torpedo Query CVE-2019-11342 RESERVED CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...) @@ -51686,9 +51686,9 @@ CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers to run arbitrary commands CVE-2019-11075 RESERVED CVE-2019-11074 (A Write to Arbitrary Location in Disk vulnerability exists in PRTG Net ...) - TODO: check + NOT-FOR-US: PRTG Network Monitor CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...) - TODO: check + NOT-FOR-US: PRTG Network Monitor CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...) - lighttpd 1.4.53-4 (bug #926885) [stretch] - lighttpd (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659fc26dbaf2ac7aed85ef66f1c6d0d1be2173ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659fc26dbaf2ac7aed85ef66f1c6d0d1be2173ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] yarnpkg fixed in experimental
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4eb3f25a by Moritz Muehlenhoff at 2020-03-30T17:49:54+02:00 yarnpkg fixed in experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -6686,6 +6686,7 @@ CVE-2020-8133 CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) + [experimental] - node-yarnpkg 1.22.4-1 - node-yarnpkg (bug #952912) NOTE: https://hackerone.com/reports/730239 NOTE: https://github.com/yarnpkg/yarn/pull/7831 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb3f25a2e7fc5e0219ba67628795cf6af96d149 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eb3f25a2e7fc5e0219ba67628795cf6af96d149 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-19325 as REJECTED after MITRE confirmation
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fdff42fc by Salvatore Bonaccorso at 2020-03-30T17:23:46+02:00 Mark CVE-2018-19325 as REJECTED after MITRE confirmation - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83263,8 +83263,8 @@ CVE-2018-19327 (An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php NOT-FOR-US: JTBC(PHP) CVE-2018-19326 (Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory T ...) NOT-FOR-US: Zyxel -CVE-2018-19325 (tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based b ...) - TODO: check, REJECT at MITRE level as it is a duplicate of CVE-2018-14466 +CVE-2018-19325 + REJECTED CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&a ...) NOT-FOR-US: kimsQ Rb CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdff42fc403a4e111744ee0158b83a631df1f61b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdff42fc403a4e111744ee0158b83a631df1f61b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: re-claim qtbase-opensource-src.
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker Commits: 54b78ab6 by Mike Gabriel at 2020-03-30T15:17:58+02:00 data/dla-needed.txt: re-claim qtbase-opensource-src. - - - - - cdcdb268 by Mike Gabriel at 2020-03-30T15:18:43+02:00 data/dla-needed.txt: claim libperlspeak-perl and investigate removal from jessie. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -35,8 +35,9 @@ libmatio (Adrian Bunk) libmtp (Dylan Aïssi) NOTE: 20200323: WIP. (daissi) -- -libperlspeak-perl +libperlspeak-perl (Mike Gabriel) NOTE: 20200326: No patches yet. + NOTE: 20200330: Will request removal from jessie (sunweaver). -- linux (Ben Hutchings) -- @@ -67,7 +68,7 @@ opendmarc (Thorsten Alteholz) -- otrs2 (Abhijith PA) -- -qtbase-opensource-src +qtbase-opensource-src (Mike Gabriel) NOTE: 20200224: No upstream fix available, yet. (sunweaver) -- ruby-rack View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4fd7d9ef06933418e4e288624dbc6e21e1e6e35e...cdcdb268a3b5b1216d1fb6c7eba96d0402a1f58d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4fd7d9ef06933418e4e288624dbc6e21e1e6e35e...cdcdb268a3b5b1216d1fb6c7eba96d0402a1f58d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim squid3 and claim tomcat8 in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 4fd7d9ef by Markus Koschany at 2020-03-30T12:46:08+02:00 Reclaim squid3 and claim tomcat8 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -79,8 +79,12 @@ shiro NOTE: 20200329: https://github.com/apache/shiro/pull/203 (lamby) NOTE: 20200329: See 53dc30bf6823c98 in this repo. (lamby) -- -squid3 - NOTE: 20200309: Requires more tests. (apo) +squid3 (Markus Koschany) + NOTE: 20200330: There is still an issue with CVE-2019-12523 but the rest + NOTE: looks good now. (apo) +-- +tomcat8 (Markus Koschany) + NOTE: I am reviewing a patch for Abhijith currently. -- wireshark (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fd7d9ef06933418e4e288624dbc6e21e1e6e35e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fd7d9ef06933418e4e288624dbc6e21e1e6e35e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: reclaim bluez
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 71f68343 by Emilio Pozuelo Monfort at 2020-03-30T11:39:21+02:00 dla: reclaim bluez - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,7 +13,8 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues ansible NOTE: 20200219: no upstream fixes yet -- -bluez +bluez (Emilio) + NOTE: 20200330: wip -- graphicsmagick (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f68343ef3e4b28c0755feb081ded05ec2ca798 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71f68343ef3e4b28c0755feb081ded05ec2ca798 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-1752/glibc no-dsa on jessie
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 9bdd17a9 by Emilio Pozuelo Monfort at 2020-03-30T11:37:26+02:00 CVE-2020-1752/glibc no-dsa on jessie - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -23175,6 +23175,7 @@ CVE-2020-1752 [use-after-free in glob() function when expanding ~user] - glibc 2.30-3 (bug #953788) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) + [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414 NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c = data/dla-needed.txt = @@ -15,8 +15,6 @@ ansible -- bluez -- -glibc --- graphicsmagick (Roberto C. Sánchez) -- jackson-databind (Utkarsh Gupta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bdd17a917a4ce8d32d73d6a3c6ce2f1eb3134a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bdd17a917a4ce8d32d73d6a3c6ce2f1eb3134a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f667204 by Holger Levsen at 2020-03-30T11:17:24+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen- - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -13,9 +13,9 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues ansible NOTE: 20200219: no upstream fixes yet -- -bluez (Emilio) +bluez -- -glibc (Mike Gabriel) +glibc -- graphicsmagick (Roberto C. Sánchez) -- @@ -68,7 +68,7 @@ opendmarc (Thorsten Alteholz) -- otrs2 (Abhijith PA) -- -qtbase-opensource-src (Mike Gabriel) +qtbase-opensource-src NOTE: 20200224: No upstream fix available, yet. (sunweaver) -- ruby-rack @@ -80,7 +80,7 @@ shiro NOTE: 20200329: https://github.com/apache/shiro/pull/203 (lamby) NOTE: 20200329: See 53dc30bf6823c98 in this repo. (lamby) -- -squid3 (Markus Koschany) +squid3 NOTE: 20200309: Requires more tests. (apo) -- wireshark (Thorsten Alteholz) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f667204f87d39498df7416230e924154dce7f4a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f667204f87d39498df7416230e924154dce7f4a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 46cadb78 by security tracker role at 2020-03-30T08:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5046,6 +5046,7 @@ CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary c CVE-2020-8867 RESERVED CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) + {DLA-2162-1} - php-horde-form (bug #955020) NOTE: https://lists.horde.org/archives/announce/2020/001288.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ @@ -12572,8 +12573,8 @@ CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrar NOT-FOR-US: mailform CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...) NOT-FOR-US: mailform -CVE-2020-5551 - RESERVED +CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) + TODO: check CVE-2020-5550 RESERVED CVE-2020-5549 @@ -22044,7 +22045,6 @@ CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86 HVM/P {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) - NOTE: https://xenbits.xen.org/xsa/advisory-308.html CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86 guest OS us ...) {DSA-4602-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46cadb78641debae91a5365de99d831bca916e1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46cadb78641debae91a5365de99d831bca916e1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits