Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ff107484 by security tracker role at 2020-10-25T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -557,6 +557,7 @@ CVE-2020-27615 (The Loginizer plugin before 1.6.4 for
WordPress allows SQL injec
CVE-2020-27614
RESERVED
CVE-2020-27638 (receive.c in fastd before v21 allows denial of service
(assertion fail ...)
+ {DLA-2414-1}
- fastd 21-1 (bug #972521)
[buster] - fastd <no-dsa> (Will be fixed via point release)
NOTE:
https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
@@ -1970,10 +1971,12 @@ CVE-2020-26937
CVE-2020-26936
RESERVED
CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin
before 4.9.6 ...)
+ {DLA-2413-1}
- phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000)
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2
CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS
through the tr ...)
+ {DLA-2413-1}
- phpmyadmin 4:4.9.7+dfsg1-1 (bug #971999)
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
@@ -24720,7 +24723,7 @@ CVE-2020-15970
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15969
RESERVED
- {DSA-4778-1 DLA-2411-1}
+ {DSA-4780-1 DSA-4778-1 DLA-2411-1}
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 82.0-1
@@ -25502,7 +25505,7 @@ CVE-2020-15684 (Mozilla developers reported memory
safety bugs present in Firefo
- firefox 82.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
CVE-2020-15683 (Mozilla developers and community members reported memory
safety bugs p ...)
- {DSA-4778-1 DLA-2411-1}
+ {DSA-4780-1 DSA-4778-1 DLA-2411-1}
- firefox 82.0-1
- firefox-esr 78.4.0esr-1
- thunderbird 1:78.4.0-1
@@ -27687,7 +27690,7 @@ CVE-2020-14805 (Vulnerability in the Oracle E-Business
Suite Secure Enterprise S
CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed> (bug #972623)
CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE
(component: Lib ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
@@ -27700,17 +27703,17 @@ CVE-2020-14800 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed> (bug #972623)
CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
@@ -27722,7 +27725,7 @@ CVE-2020-14793 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-5.7 <unfixed> (bug #972824)
- mysql-8.0 <unfixed> (bug #972623)
CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
@@ -27747,19 +27750,19 @@ CVE-2020-14784 (Vulnerability in the Oracle BI
Publisher product of Oracle Fusio
CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of
Oracle Foo ...)
NOT-FOR-US: Oracle
CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion
Middleware ...)
NOT-FOR-US: Oracle
CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DLA-2412-1}
+ {DSA-4779-1 DLA-2412-1}
- openjdk-15 15.0.1+9-1
- openjdk-11 11.0.9+11-1
- openjdk-8 <unfixed>
@@ -47528,8 +47531,8 @@ CVE-2020-7753
RESERVED
CVE-2020-7752
RESERVED
-CVE-2020-7751
- RESERVED
+CVE-2020-7751 (This affects all versions of package pathval. ...)
+ TODO: check
CVE-2020-7750 (This affects the package scratch-svg-renderer before
0.2.0-prerelease. ...)
NOT-FOR-US: scratch-svg-renderer nodejs module
CVE-2020-7749 (This affects all versions of package osm-static-maps. User
input given ...)
@@ -61580,7 +61583,7 @@ CVE-2019-19619 (domain/section/markdown/markdown.go in
Documize before 3.5.1 mis
CVE-2019-19618
RESERVED
CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git
information, relat ...)
- {DLA-2024-1}
+ {DLA-2413-1 DLA-2024-1}
- phpmyadmin 4:4.9.2+dfsg1-1
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in
the Xtivia ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff1074846042731a417532c62f4c5e56e0df9c5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff1074846042731a417532c62f4c5e56e0df9c5f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
