Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 888e7224 by Moritz Muehlenhoff at 2020-09-08T13:00:14+02:00 inn2 n/a NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -18979,17 +18979,12 @@ CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read b NOTE: Introduced in 5.4 CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...) - lua5.4 <unfixed> - - lua5.3 <undetermined> - - lua5.2 <undetermined> - - lua5.1 <undetermined> - - lua50 <undetermined> NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html NOTE: https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 NOTE: https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5 - TODO: check details for older versions CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php in the ...) NOT-FOR-US: MunkiReport CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in the repo ...) @@ -40564,7 +40559,7 @@ CVE-2020-8028 CVE-2020-8027 RESERVED CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - TODO: check + - inn2 <not-affected> (inews has correct ownership in Debian) CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) NOT-FOR-US: SAP CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...) @@ -41364,39 +41359,39 @@ CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code E CVE-2020-7728 RESERVED CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) - TODO: check + NOT-FOR-US: Node gedi CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node safe-object2 CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...) - TODO: check + NOT-FOR-US: Node worksmith CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...) - TODO: check + NOT-FOR-US: Node tiny-conf CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...) - TODO: check + NOT-FOR-US: Node promisehelpers CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...) - TODO: check + NOT-FOR-US: Node nodee-utils CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...) - TODO: check + NOT-FOR-US: Node node-oojs CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype Pollut ...) - node-node-forge <unfixed> (bug #969669) NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...) - TODO: check + NOT-FOR-US: Node locutus CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...) - TODO: check + NOT-FOR-US: Node gammautils CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...) - TODO: check + NOT-FOR-US: Node dot-notes CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...) - TODO: check + NOT-FOR-US: Node deeps CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node deep-get-set CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...) - TODO: check + NOT-FOR-US: Node confucious CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...) - TODO: check + NOT-FOR-US: Node arr-flatten-unflatten CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...) - TODO: check + NOT-FOR-US: Node json CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...) - golang-github-russellhaering-goxmldsig <unfixed> (bug #968928) NOTE: https://github.com/russellhaering/goxmldsig/issues/48 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/888e72243c8e862d08236222ec2685a2421e2238 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/888e72243c8e862d08236222ec2685a2421e2238 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits