From 22e2e62ff889326613f81114049816aef2e558d7 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 2 Dec 2021 21:42:38 +0100 Subject: Track fixes for sphinxsearch via unstable --- data/CVE/2019.list | 2 +- data/CVE/2020.list | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 50f465ada7..da9f35c009 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -16871,7 +16871,7 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...) - limesurvey (bug #472802) CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...) - - sphinxsearch (unimportant; bug #939762) + - sphinxsearch 2.2.11-4 (unimportant; bug #939762) NOTE: Issue is just with the default configuration, but can be easily reconfigured NOTE: to listen on localhost only. sphinxsearch will not be started automatically NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e65887ca97..19c9dd4d71 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -4978,8 +4978,10 @@ CVE-2020-29052 RESERVED CVE-2020-29051 RESERVED -CVE-2020-29050 +CVE-2020-29050 [arbitrary file reads by scattered file snippets] RESERVED + - sphinxsearch 2.2.11-3 + NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035 CVE-2020-29049 RESERVED CVE-2020-29048 -- cgit v1.2.3