Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a1340df8 by security tracker role at 2020-02-28T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,14 +1,60 @@ +CVE-2020-9445 + RESERVED +CVE-2020-9444 + RESERVED +CVE-2020-9443 + RESERVED +CVE-2020-9442 + RESERVED +CVE-2020-9441 + RESERVED +CVE-2020-9440 + RESERVED +CVE-2020-9439 + RESERVED +CVE-2020-9438 + RESERVED +CVE-2020-9437 + RESERVED +CVE-2020-9436 + RESERVED +CVE-2020-9435 + RESERVED +CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) + TODO: check +CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) + TODO: check +CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) + TODO: check +CVE-2020-9427 + RESERVED +CVE-2020-9426 + RESERVED +CVE-2020-9425 + RESERVED +CVE-2020-9424 + RESERVED +CVE-2020-9423 + RESERVED +CVE-2020-9422 + RESERVED +CVE-2020-9421 + RESERVED +CVE-2019-20484 + RESERVED +CVE-2019-20483 + RESERVED CVE-2020-9420 RESERVED CVE-2020-9419 RESERVED -CVE-2020-9431 [LTE RRC dissector memory leak] +CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 -CVE-2020-9430 [WiMax DLMAP dissector crash] +CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html @@ -16,13 +62,13 @@ CVE-2020-9430 [WiMax DLMAP dissector crash] NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 -CVE-2020-9428 [EAP dissector crash] +CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 -CVE-2020-9429 [WireGuard dissector crash] +CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) - wireshark 3.2.2-1 [buster] - wireshark <not-affected> (Vulnerable code not present) [stretch] - wireshark <not-affected> (Vulnerable code not present) @@ -371,6 +417,7 @@ CVE-2020-9276 CVE-2020-9275 RESERVED CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) + {DLA-2123-1} - pure-ftpd 1.0.49-4 (bug #952666) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa NOTE: though the CVE description does not specifically say, the issue seems to be an @@ -5341,24 +5388,21 @@ CVE-2020-7065 RESERVED CVE-2020-7064 RESERVED -CVE-2020-7063 - RESERVED +CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: http://bugs.php.net/79082 -CVE-2020-7062 - RESERVED +CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: http://bugs.php.net/79221 -CVE-2020-7061 - RESERVED +CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...) - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 <removed> @@ -6836,8 +6880,7 @@ CVE-2020-6420 RESERVED CVE-2020-6419 RESERVED -CVE-2020-6418 - RESERVED +CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...) @@ -6870,8 +6913,7 @@ CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...) - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6407 - RESERVED +CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...) @@ -6934,19 +6976,16 @@ CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3 CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6386 - RESERVED +CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...) - chromium 80.0.3987.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...) - chromium 80.0.3987.106-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6384 - RESERVED +CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...) - chromium 80.0.3987.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6383 - RESERVED +CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...) - chromium 80.0.3987.116-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...) @@ -9015,12 +9054,12 @@ CVE-2020-5404 RESERVED CVE-2020-5403 RESERVED -CVE-2020-5402 - RESERVED -CVE-2020-5401 - RESERVED -CVE-2020-5400 - RESERVED +CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...) + TODO: check +CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...) + TODO: check +CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...) + TODO: check CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) NOT-FOR-US: Cloud Foundry CredHub CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) @@ -13330,46 +13369,43 @@ CVE-2020-3880 RESERVED CVE-2020-3879 RESERVED -CVE-2020-3878 - RESERVED -CVE-2020-3877 - RESERVED +CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2020-3876 RESERVED -CVE-2020-3875 - RESERVED -CVE-2020-3874 - RESERVED -CVE-2020-3873 - RESERVED -CVE-2020-3872 - RESERVED -CVE-2020-3871 - RESERVED -CVE-2020-3870 - RESERVED -CVE-2020-3869 - RESERVED -CVE-2020-3868 - RESERVED +CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check +CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...) + TODO: check +CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...) + TODO: check +CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...) + TODO: check +CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...) + TODO: check +CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html -CVE-2020-3867 - RESERVED +CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html -CVE-2020-3866 - RESERVED -CVE-2020-3865 - RESERVED +CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...) + TODO: check +CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) @@ -13386,32 +13422,31 @@ CVE-2020-3864 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3863 RESERVED -CVE-2020-3862 - RESERVED +CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html -CVE-2020-3861 - RESERVED -CVE-2020-3860 - RESERVED -CVE-2020-3859 - RESERVED -CVE-2020-3858 - RESERVED -CVE-2020-3857 - RESERVED -CVE-2020-3856 - RESERVED +CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...) + TODO: check +CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...) + TODO: check +CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...) + TODO: check +CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...) + TODO: check CVE-2020-3855 RESERVED -CVE-2020-3854 - RESERVED -CVE-2020-3853 - RESERVED +CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...) + TODO: check CVE-2020-3852 RESERVED CVE-2020-3851 @@ -13424,50 +13459,50 @@ CVE-2020-3848 RESERVED CVE-2020-3847 RESERVED -CVE-2020-3846 - RESERVED -CVE-2020-3845 - RESERVED -CVE-2020-3844 - RESERVED -CVE-2020-3843 - RESERVED -CVE-2020-3842 - RESERVED -CVE-2020-3841 - RESERVED -CVE-2020-3840 - RESERVED -CVE-2020-3839 - RESERVED -CVE-2020-3838 - RESERVED -CVE-2020-3837 - RESERVED -CVE-2020-3836 - RESERVED -CVE-2020-3835 - RESERVED -CVE-2020-3834 - RESERVED -CVE-2020-3833 - RESERVED +CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...) + TODO: check +CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...) + TODO: check +CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...) + TODO: check +CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...) + TODO: check +CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check +CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...) + TODO: check +CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...) + TODO: check +CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...) + TODO: check +CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...) + TODO: check CVE-2020-3832 RESERVED -CVE-2020-3831 - RESERVED -CVE-2020-3830 - RESERVED -CVE-2020-3829 - RESERVED -CVE-2020-3828 - RESERVED -CVE-2020-3827 - RESERVED -CVE-2020-3826 - RESERVED -CVE-2020-3825 - RESERVED +CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...) + TODO: check +CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...) + TODO: check +CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + TODO: check +CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...) + TODO: check +CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check CVE-2019-19890 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...) NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices CVE-2019-19889 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...) @@ -107377,10 +107412,10 @@ CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't NOT-FOR-US: Lutron Quantum BACnet Integration CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...) NOT-FOR-US: ASUS -CVE-2018-8878 - RESERVED -CVE-2018-8877 - RESERVED +CVE-2018-8878 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...) + TODO: check +CVE-2018-8877 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...) + TODO: check CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...) NOT-FOR-US: 2345 Security Guard CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...) @@ -199629,6 +199664,7 @@ CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583 CVE-2016-5104 (The socket_create function in common/socket.c in libimobiledevice and ...) + {DLA-2122-1 DLA-2121-1} - libimobiledevice 1.2.0+dfsg-3 (bug #825553) [wheezy] - libimobiledevice <not-affected> (Vulnerable code not present) NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1340df804ba82c72a5a3e6f3fcfb1f74579f126 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1340df804ba82c72a5a3e6f3fcfb1f74579f126 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits