Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: af70f1c1 by Moritz Muehlenhoff at 2020-06-10T09:12:02+02:00 NFUs new gitlab issue mark ntpsec explicitly as not-affected - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,5 +1,5 @@ CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...) - TODO: check + NOT-FOR-US: OpenCart CVE-2020-13979 RESERVED CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...) @@ -1682,7 +1682,7 @@ CVE-2020-13268 CVE-2020-13267 RESERVED CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) - TODO: check + - gitlab <unfixed> CVE-2020-13265 RESERVED CVE-2020-13264 @@ -11040,13 +11040,13 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was CVE-2020-10072 RESERVED CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10069 RESERVED CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10066 @@ -11056,11 +11056,11 @@ CVE-2020-10065 CVE-2020-10064 RESERVED CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...) @@ -11433,151 +11433,151 @@ CVE-2020-9861 CVE-2020-9860 RESERVED CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9857 RESERVED CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9854 RESERVED CVE-2020-9853 RESERVED CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9849 RESERVED CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9846 RESERVED CVE-2020-9845 RESERVED CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) NOT-FOR-US: SwiftNIO Extras CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9836 RESERVED CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9828 RESERVED CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9810 RESERVED CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9799 RESERVED CVE-2020-9798 RESERVED CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9796 RESERVED CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - sqlite3 <undetermined> NOTE: https://vuldb.com/?id.155768 TODO: Try to get more information, as usual Apple advisories are too unspecific CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9787 RESERVED CVE-2020-9786 @@ -12497,9 +12497,9 @@ CVE-2020-9414 CVE-2020-9413 RESERVED CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) @@ -13357,11 +13357,11 @@ CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Ser CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...) NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) @@ -120949,6 +120949,7 @@ CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remot [buster] - ntp <no-dsa> (Minor issue) [stretch] - ntp <no-dsa> (Minor issue) [jessie] - ntp <postponed> (Minor issue, requires being part of same broadcast network, no patch) + - ntpsec <not-affected> (Broadcast mode not present, see #961748) NOTE: https://arxiv.org/abs/2005.01783 NOTE: https://nikhiltripathi.in/NTP_attack.pdf NOTE: https://tools.ietf.org/html/rfc5905 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af70f1c1671bd570717c1dfee55ae2b52dbc2ddd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af70f1c1671bd570717c1dfee55ae2b52dbc2ddd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits