summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-12-02 21:42:38 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-12-02 21:42:38 +0100
commit22e2e62ff889326613f81114049816aef2e558d7 (patch)
treed7d36ccfd1921c2205cdc0cf6916e0f6bc3a449c
parent68a08a54c6bad66c497551541a3c6c509dfc0486 (diff)
Track fixes for sphinxsearch via unstable
-rw-r--r--data/CVE/2019.list2
-rw-r--r--data/CVE/2020.list4
2 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 50f465ada7..da9f35c009 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -16871,7 +16871,7 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack
CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...)
- limesurvey <itp> (bug #472802)
CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...)
- - sphinxsearch <unfixed> (unimportant; bug #939762)
+ - sphinxsearch 2.2.11-4 (unimportant; bug #939762)
NOTE: Issue is just with the default configuration, but can be easily reconfigured
NOTE: to listen on localhost only. sphinxsearch will not be started automatically
NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index e65887ca97..19c9dd4d71 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -4978,8 +4978,10 @@ CVE-2020-29052
RESERVED
CVE-2020-29051
RESERVED
-CVE-2020-29050
+CVE-2020-29050 [arbitrary file reads by scattered file snippets]
RESERVED
+ - sphinxsearch 2.2.11-3
+ NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
CVE-2020-29049
RESERVED
CVE-2020-29048

© 2014-2022 Faster IT GmbH | imprint | privacy policy