diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-02 21:42:38 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-12-02 21:42:38 +0100 |
commit | 22e2e62ff889326613f81114049816aef2e558d7 (patch) | |
tree | d7d36ccfd1921c2205cdc0cf6916e0f6bc3a449c | |
parent | 68a08a54c6bad66c497551541a3c6c509dfc0486 (diff) |
Track fixes for sphinxsearch via unstable
-rw-r--r-- | data/CVE/2019.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 50f465ada7..da9f35c009 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -16871,7 +16871,7 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...) - limesurvey <itp> (bug #472802) CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...) - - sphinxsearch <unfixed> (unimportant; bug #939762) + - sphinxsearch 2.2.11-4 (unimportant; bug #939762) NOTE: Issue is just with the default configuration, but can be easily reconfigured NOTE: to listen on localhost only. sphinxsearch will not be started automatically NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e65887ca97..19c9dd4d71 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -4978,8 +4978,10 @@ CVE-2020-29052 RESERVED CVE-2020-29051 RESERVED -CVE-2020-29050 +CVE-2020-29050 [arbitrary file reads by scattered file snippets] RESERVED + - sphinxsearch 2.2.11-3 + NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035 CVE-2020-29049 RESERVED CVE-2020-29048 |