Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af70f1c1 by Moritz Muehlenhoff at 2020-06-10T09:12:02+02:00
NFUs
new gitlab issue
mark ntpsec explicitly as not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated
users to c ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2020-13979
RESERVED
CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who
already has a ...)
@@ -1682,7 +1682,7 @@ CVE-2020-13268
CVE-2020-13267
RESERVED
CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE
12.8 and ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2020-13265
RESERVED
CVE-2020-13264
@@ -11040,13 +11040,13 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1
allows Denial of Service. It was
CVE-2020-10072
RESERVED
CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of
the len ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can
result i ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10069
RESERVED
CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate
and back- ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10067 (A malicious userspace application can cause a integer overflow
and byp ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10066
@@ -11056,11 +11056,11 @@ CVE-2020-10065
CVE-2020-10064
RESERVED
CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP
packets to ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length
decoder c ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr
Bluetooth impl ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete,
objects\[1] ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows
for a m ...)
@@ -11433,151 +11433,151 @@ CVE-2020-9861
CVE-2020-9860
RESERVED
CVE-2020-9859 (A memory consumption issue was addressed with improved memory
handling ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9858 (A dynamic library loading issue was addressed with improved
path searc ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9857
RESERVED
CVE-2020-9856 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9855 (A validation issue existed in the handling of symlinks. This
issue was ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9854
RESERVED
CVE-2020-9853
RESERVED
CVE-2020-9852 (An integer overflow was addressed through improved input
validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9851 (An access issue was addressed with improved access
restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9850 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9849
RESERVED
CVE-2020-9848 (An authorization issue was addressed with improved state
management. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9846
RESERVED
CVE-2020-9845
RESERVED
CVE-2020-9844 (A double free issue was addressed with improved memory
management. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9843 (An input validation issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9842 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9841 (An integer overflow was addressed through improved input
validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed
with impr ...)
NOT-FOR-US: SwiftNIO Extras
CVE-2020-9839 (A race condition was addressed with improved state handling.
This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9836
RESERVED
CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue
was resol ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9834 (A memory corruption issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9833 (A memory initialization issue was addressed with improved
memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9832 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9830 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9829 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9828
RESERVED
CVE-2020-9827 (A denial of service issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9826 (A denial of service issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9825 (An access issue was addressed with additional sandbox
restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9824 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9823 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9821 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9820 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9819 (A memory consumption issue was addressed with improved memory
handling ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9817 (A permissions issue existed. This issue was addressed with
improved pe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was
address ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was
address ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9812 (An information disclosure issue was addressed with improved
state mana ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9811 (An information disclosure issue was addressed with improved
state mana ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9810
RESERVED
CVE-2020-9809 (An information disclosure issue was addressed with improved
state mana ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9808 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9807 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9806 (A memory corruption issue was addressed with improved state
management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9805 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9804 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9803 (A memory corruption issue was addressed with improved
validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9802 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9801 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9800 (A type confusion issue was addressed with improved memory
handling. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9799
RESERVED
CVE-2020-9798
RESERVED
CVE-2020-9797 (An information disclosure issue was addressed by removing the
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9796
RESERVED
CVE-2020-9795 (A use after free issue was addressed with improved memory
management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- sqlite3 <undetermined>
NOTE: https://vuldb.com/?id.155768
TODO: Try to get more information, as usual Apple advisories are too
unspecific
CVE-2020-9793 (A memory corruption issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9792 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9791 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9788 (A validation issue was addressed with improved input
sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9787
RESERVED
CVE-2020-9786
@@ -12497,9 +12497,9 @@ CVE-2020-9414
CVE-2020-9413
RESERVED
CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO
Managed Fil ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO
Managed Fil ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO
JasperRe ...)
NOT-FOR-US: TIBCO
CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO
JasperR ...)
@@ -13357,11 +13357,11 @@ CVE-2020-9044 (XXE vulnerability exists in the
Metasys family of product Web Ser
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows
disclosure of t ...)
NOT-FOR-US: wpCentral plugin for WordPress
CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be
used t ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through
2.7.0, th ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential
attacker t ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0
through 4.6. ...)
NOT-FOR-US: Couchbase
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
@@ -120949,6 +120949,7 @@ CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11,
4.2.8p12 and 4.2.8p13 allow remot
[buster] - ntp <no-dsa> (Minor issue)
[stretch] - ntp <no-dsa> (Minor issue)
[jessie] - ntp <postponed> (Minor issue, requires being part of same
broadcast network, no patch)
+ - ntpsec <not-affected> (Broadcast mode not present, see #961748)
NOTE: https://arxiv.org/abs/2005.01783
NOTE: https://nikhiltripathi.in/NTP_attack.pdf
NOTE: https://tools.ietf.org/html/rfc5905
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af70f1c1671bd570717c1dfee55ae2b52dbc2ddd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af70f1c1671bd570717c1dfee55ae2b52dbc2ddd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
