Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a5111ed6 by Moritz Muehlenhoff at 2020-03-23T16:57:51+01:00 NFUs lwip spu - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== @@ -12522,7 +12522,7 @@ CVE-2020-5407 CVE-2020-5406 RESERVED CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...) - TODO: check + NOT-FOR-US: Spring Cloud Config CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...) @@ -12857,7 +12857,7 @@ CVE-2020-5264 CVE-2020-5263 RESERVED CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) - TODO: check + NOT-FOR-US: EasyBuild CVE-2020-5261 RESERVED CVE-2020-5260 @@ -17536,9 +17536,9 @@ CVE-2019-19854 (An issue was discovered in Serpico (aka SimplE RePort wrIting an CVE-2019-19853 RESERVED CVE-2019-19852 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...) - TODO: check + NOT-FOR-US: FreePBX CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...) - TODO: check + NOT-FOR-US: FreePBX CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...) NOT-FOR-US: TYPO3 CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...) @@ -21780,7 +21780,7 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...) NOT-FOR-US: Idelji Web ViewPoint CVE-2019-19538 (In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0. ...) - TODO: check + NOT-FOR-US: FreePBX CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.17-1 @@ -23154,7 +23154,7 @@ CVE-2019-19284 CVE-2019-19283 RESERVED CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...) - TODO: check + NOT-FOR-US: Siemens CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens CVE-2019-19280 @@ -23559,7 +23559,7 @@ CVE-2019-19137 CVE-2019-19136 RESERVED CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do ...) - TODO: check + NOT-FOR-US: OPC Foundation OPC UA .NET Standard codebase CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...) NOT-FOR-US: Hero Maps Premium plugin for WordPress CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...) @@ -26326,7 +26326,7 @@ CVE-2020-0817 CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly ...) @@ -26440,7 +26440,7 @@ CVE-2020-0760 CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...) @@ -26556,7 +26556,7 @@ CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub whe CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2020-0699 RESERVED CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...) @@ -27396,7 +27396,7 @@ CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authentic CVE-2020-0547 RESERVED CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0545 RESERVED CVE-2020-0544 @@ -27428,7 +27428,7 @@ CVE-2020-0532 CVE-2020-0531 RESERVED CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0529 RESERVED CVE-2020-0528 @@ -27436,7 +27436,7 @@ CVE-2020-0528 CVE-2020-0527 RESERVED CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0525 RESERVED CVE-2020-0524 @@ -27458,9 +27458,9 @@ CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 1 CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) TODO: check CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0513 RESERVED CVE-2020-0512 @@ -27472,7 +27472,7 @@ CVE-2020-0510 CVE-2020-0509 RESERVED CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...) TODO: check CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...) @@ -30515,7 +30515,7 @@ CVE-2019-17638 CVE-2019-17637 RESERVED CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...) - TODO: check + NOT-FOR-US: Eclipse Theia CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...) NOT-FOR-US: Eclipse Memory Analyzer CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...) @@ -34436,7 +34436,7 @@ CVE-2019-16260 CVE-2019-16259 RESERVED CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0 allows attack ...) - TODO: check + NOT-FOR-US: homee Brain Cube V2 CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T ...) NOT-FOR-US: SIMalliance Toolbox Browser CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T ...) @@ -39771,9 +39771,9 @@ CVE-2019-14628 CVE-2019-14627 RESERVED CVE-2019-14626 (Improper access control in PCIe function for the Intel® FPGA Prog ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14625 (Improper access control in on-card storage for the Intel® FPGA Pr ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14624 RESERVED CVE-2019-14623 @@ -47600,17 +47600,17 @@ CVE-2019-12372 (Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injecti CVE-2019-12371 RESERVED CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via an even ...) - TODO: check + NOT-FOR-US: some Android application CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows XSS via an ...) - TODO: check + NOT-FOR-US: some Android application CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows XSS via a ...) - TODO: check + NOT-FOR-US: some Android application CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows XSS via a ...) - TODO: check + NOT-FOR-US: some Android application CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via an even ...) - TODO: check + NOT-FOR-US: some Android application CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS via an e ...) - TODO: check + NOT-FOR-US: some Android application CVE-2019-12364 RESERVED CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...) @@ -48259,47 +48259,47 @@ CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) e CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/d ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC through Dubl ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12130 (In ONAP CLI through Dublin, by accessing an applicable port (30234, 30 ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12129 (In ONAP MSB through Dublin, by accessing an applicable port (30234, 30 ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12128 (In ONAP SO through Dublin, by accessing an applicable port (30234, 302 ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12127 (In ONAP OOM through Dublin, by accessing an applicable port (30234, 30 ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12126 (In ONAP DCAE through Dublin, by accessing an applicable port (30234, 3 ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12125 (In ONAP Logging through Dublin, by accessing an applicable port (30234 ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using an expose ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By executing a ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By executing a pa ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By accessing po ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By accessing por ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/u ...) - TODO: check + NOT-FOR-US: ONAP CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...) {DLA-1811-1} - miniupnpd 2.1-6 (bug #930050) ===================================== data/next-point-update.txt ===================================== @@ -57,3 +57,5 @@ CVE-2020-8141 [buster] - node-dot 1.1.1-1+deb10u1 CVE-2020-5267 [buster] - rails 2:5.2.2.1+dfsg-1+deb10u1 +CVE-2020-8597 + [buster] - lwip 2.0.3-3+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5111ed67fae751ce70fffca5af83de5e5e4aff3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5111ed67fae751ce70fffca5af83de5e5e4aff3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits