Debian Sphinxsearch vulnerabilities

CVE-2020-29050 [HIGH] CVE-2020-29050: sphinxsearch - SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traver... SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. Scope: local bookworm: resolved (fixed in 2.2.11-3) forky: resolved

CVE-2019-14511 [HIGH] CVE-2019-14511: sphinxsearch - Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on... Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). Scope: local bookworm: resolved (fixed in 2.2.11-4) forky: resolved (fixed in 2.2.11-4) sid: resolved (fixed in 2.2.11-4) trixie: resolved (fixed in 2.2.11-4)