[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 10 Apr 2020 01:11:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
43b016f1 by security tracker role at 2020-04-10T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,36 @@
-CVE-2020-11668 [media: xirlink_cit: add missing descriptor sanity checks]
+CVE-2020-11684
        RESERVED
+CVE-2020-11683
+       RESERVED
+CVE-2020-11682
+       RESERVED
+CVE-2020-11681
+       RESERVED
+CVE-2020-11680
+       RESERVED
+CVE-2020-11679
+       RESERVED
+CVE-2020-11678
+       RESERVED
+CVE-2020-11677
+       RESERVED
+CVE-2020-11676
+       RESERVED
+CVE-2020-11675
+       RESERVED
+CVE-2020-11674
+       RESERVED
+CVE-2020-11673
+       RESERVED
+CVE-2020-11672
+       RESERVED
+CVE-2020-11671
+       RESERVED
+CVE-2020-11670
+       RESERVED
+CVE-2020-11669
+       RESERVED
+CVE-2020-11668 (In the Linux kernel before 5.6.1, 
drivers/media/usb/gspca/xirlink_cit. ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
 CVE-2020-11667
@@ -6630,8 +6661,8 @@ CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, 
SC9705 1.0.007, SR7110
        NOT-FOR-US: TimeTools devices
 CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 
REVC wit ...)
        NOT-FOR-US: D-Link
-CVE-2020-8961
-       RESERVED
+CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 
15.0.2004.1825. ...)
+       TODO: check
 CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows 
XSS. ...)
        NOT-FOR-US: Western Digital mycloud.com
 CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 
3.0.2.0 all ...)
@@ -6928,16 +6959,14 @@ CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the 
bpf verifier (kernel/bpf
        [stretch] - linux <not-affected> (Vulnerable code introduced later)
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef
-CVE-2020-8834 [Linux kernel Power8 conflicting use of HSTATE_HOST_R1 
vulnerability]
-       RESERVED
+CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting 
use of  ...)
        - linux 4.18.6-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
        [jessie] - linux <not-affected> (Vulnerable code not present)
        NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2
 CVE-2020-8833
        RESERVED
-CVE-2020-8832 [incomplete fix for CVE-2019-14615 allows for a local 
information exposure]
-       RESERVED
+CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for 
CVE-2019-14615 (" ...)
        - linux <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817047
        TODO: check (in kernel-sec) if we have incomplete fix
@@ -27106,8 +27135,7 @@ CVE-2020-1635
        RESERVED
 CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and 
when sp ...)
        NOT-FOR-US: Juniper
-CVE-2020-1633
-       RESERVED
+CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced 
in Junos ...)
        NOT-FOR-US: Juniper
 CVE-2020-1632
        RESERVED
@@ -30388,10 +30416,10 @@ CVE-2019-18378 (Symantec Messaging Gateway, prior to 
10.7.3, may be susceptible
        NOT-FOR-US: Symantec
 CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be 
susceptible to a p ...)
        NOT-FOR-US: Symantec
-CVE-2019-18376
-       RESERVED
-CVE-2019-18375
-       RESERVED
+CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote 
attacker, with a ...)
+       TODO: check
+CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a 
session h ...)
+       TODO: check
 CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 
HF1 &amp; ...)
        NOT-FOR-US: Symantec
 CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a 
bypass ex ...)
@@ -65110,8 +65138,7 @@ CVE-2019-7306 [Apport hook may expose sensitive 
information]
        NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
        NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
        NOTE: non-issue in Debian as Apport not present.
-CVE-2019-7305 [extplorer exposes /usr and /etc/extplorer over HTTP]
-       RESERVED
+CVE-2019-7305 (Information Exposure vulnerability in eXtplorer makes the /usr/ 
and /e ...)
        - extplorer <removed>
        NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013
 CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed 
socket own ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b016f11d91561e2a7901b7398833585f171332

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b016f11d91561e2a7901b7398833585f171332
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to