automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-06-20 08:10:14 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-06-20 08:10:14 +0000
commit: fd84133603a34d4d6e4c89dd3836f7d50821119b (patch)
tree: ac57dbb6d8517a0082c67fb16ab8444fb78ff501 /data
parent: 25bd255e8d3054b669a6a56d60020970d7cd572f (diff)
5 files changed, 103 insertions, 96 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 038704d6a8..84b843e695 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,5 +1,5 @@
-CVE-2015-9548
-	RESERVED
+CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
+	TODO: check
 CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index dad5402272..ecf41aceaa 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,49 +1,49 @@
-CVE-2016-11084
-	RESERVED
-CVE-2016-11083
-	RESERVED
-CVE-2016-11082
-	RESERVED
-CVE-2016-11081
-	RESERVED
-CVE-2016-11080
-	RESERVED
-CVE-2016-11079
-	RESERVED
-CVE-2016-11078
-	RESERVED
-CVE-2016-11077
-	RESERVED
-CVE-2016-11076
-	RESERVED
-CVE-2016-11075
-	RESERVED
-CVE-2016-11074
-	RESERVED
-CVE-2016-11073
-	RESERVED
-CVE-2016-11072
-	RESERVED
-CVE-2016-11071
-	RESERVED
-CVE-2016-11070
-	RESERVED
-CVE-2016-11069
-	RESERVED
-CVE-2016-11068
-	RESERVED
-CVE-2016-11067
-	RESERVED
-CVE-2016-11066
-	RESERVED
-CVE-2016-11065
-	RESERVED
-CVE-2016-11064
-	RESERVED
-CVE-2016-11063
-	RESERVED
-CVE-2016-11062
-	RESERVED
+CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
+	TODO: check
+CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
+	TODO: check
+CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
+	TODO: check
+CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...)
+	TODO: check
+CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...)
+	TODO: check
+CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
+	TODO: check
+CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...)
+	TODO: check
+CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...)
+	TODO: check
+CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...)
+	TODO: check
+CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...)
+	TODO: check
+CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...)
+	TODO: check
+CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
+	TODO: check
+CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...)
+	TODO: check
+CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
+	TODO: check
+CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
+	TODO: check
+CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...)
+	TODO: check
+CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...)
+	TODO: check
+CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed  ...)
+	TODO: check
+CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...)
+	TODO: check
+CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...)
+	TODO: check
+CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...)
+	TODO: check
+CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...)
+	TODO: check
+CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...)
+	TODO: check
 CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...)
 	NOT-FOR-US: Xerox
 CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 713161aa74..c1e90f8989 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,21 +1,21 @@
-CVE-2017-18921
-	RESERVED
-CVE-2017-18920
-	RESERVED
-CVE-2017-18919
-	RESERVED
-CVE-2017-18918
-	RESERVED
-CVE-2017-18917
-	RESERVED
-CVE-2017-18916
-	RESERVED
-CVE-2017-18915
-	RESERVED
-CVE-2017-18914
-	RESERVED
-CVE-2017-18913
-	RESERVED
+CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...)
+	TODO: check
+CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...)
+	TODO: check
+CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...)
+	TODO: check
+CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...)
+	TODO: check
+CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
+CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
+	TODO: check
 CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
 	NOT-FOR-US: Mattermost
 CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and  ...)
@@ -24,14 +24,14 @@ CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5
 	NOT-FOR-US: Mattermost
 CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...)
 	NOT-FOR-US: Mattermost
-CVE-2017-18908
-	RESERVED
-CVE-2017-18907
-	RESERVED
-CVE-2017-18906
-	RESERVED
-CVE-2017-18905
-	RESERVED
+CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
+CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
+CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
+CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+	TODO: check
 CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
 	NOT-FOR-US: Mattermost
 CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index b1d90a6969..7d76d1b2f5 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
+	TODO: check
 CVE-2019-20890 (An issue was discovered in Mattermost Server before 5.7. It allows a b ...)
 	NOT-FOR-US: Mattermost
 CVE-2019-20889 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 60ad7122f9..06469ac490 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,7 @@
+CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...)
+	TODO: check
+CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...)
+	TODO: check
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)
 	- alpine <unfixed> (bug #963179)
 	NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
@@ -1741,6 +1745,7 @@ CVE-2020-14095
 CVE-2020-14094
 	RESERVED
 CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...)
+	{DSA-4707-1}
 	- mutt 1.14.3-1 (bug #962897)
 	- neomutt 20200619+dfsg.1-1
 	NOTE: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
@@ -3614,16 +3619,16 @@ CVE-2020-13278
 	RESERVED
 CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
 	TODO: check
-CVE-2020-13276
-	RESERVED
-CVE-2020-13275
-	RESERVED
-CVE-2020-13274
-	RESERVED
-CVE-2020-13273
-	RESERVED
-CVE-2020-13272
-	RESERVED
+CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...)
+	TODO: check
+CVE-2020-13275 (A user with an unverified email address could request an access to dom ...)
+	TODO: check
+CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...)
+	TODO: check
+CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...)
+	TODO: check
+CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...)
+	TODO: check
 CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...)
 	- gitlab <unfixed>
 CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...)
@@ -3636,16 +3641,16 @@ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the executio
 	- gitlab <unfixed>
 CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
 	- gitlab <unfixed>
-CVE-2020-13265
-	RESERVED
-CVE-2020-13264
-	RESERVED
-CVE-2020-13263
-	RESERVED
-CVE-2020-13262
-	RESERVED
-CVE-2020-13261
-	RESERVED
+CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through  ...)
+	TODO: check
+CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...)
+	TODO: check
+CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...)
+	TODO: check
+CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...)
+	TODO: check
+CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...)
+	TODO: check
 CVE-2020-13260
 	RESERVED
 CVE-2020-13259
@@ -9771,8 +9776,8 @@ CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implement
 	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
-CVE-2020-10750
-	RESERVED
+CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...)
+	TODO: check
 CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...)
 	- golang-github-containernetworking-plugins <unfixed>
 	NOTE: https://github.com/containernetworking/plugins/pull/484
author	security tracker role <sectracker@soriano.debian.org>	2020-06-20 08:10:14 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-06-20 08:10:14 +0000
commit	fd84133603a34d4d6e4c89dd3836f7d50821119b (patch)
tree	ac57dbb6d8517a0082c67fb16ab8444fb78ff501 /data
parent	25bd255e8d3054b669a6a56d60020970d7cd572f (diff)