Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa31a1d0 by Moritz Muehlenhoff at 2020-07-09T19:43:51+02:00
buster triage
mark Google Closure Library as NFU, if this were a security issue as bundled
in Chromium, it would get fixed via Chromium updates anyway
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -178,6 +178,7 @@ CVE-2020-15570 (The parse_report() function in whoopsie.c
in Whoopsie through 0.
NOT-FOR-US: Whoopsie
CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a
use-after-free ...)
- milkytracker <unfixed>
+ [buster] - milkytracker <no-dsa> (Minor issue)
NOTE:
https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
CVE-2020-15568
RESERVED
@@ -14601,7 +14602,9 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL
Injection. ...)
NOTE: Test:
https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in
libImaging/T ...)
- pillow <unfixed>
- [jessie] - pillow <no-dsa> (Minor issue)
+ [buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs
introduced in 6.0.0)
+ [stretch] - pillow <not-affected> (Support for old-JPEG compressed
TIFFs introduced in 6.0.0)
+ [jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs
introduced in 6.0.0)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an
out-of-bou ...)
@@ -17993,9 +17996,7 @@ CVE-2020-8912
CVE-2020-8911
RESERVED
CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library
versions ...)
- - chromium <unfixed>
- [stretch] - chromium <end-of-life> (see DSA 4562)
- NOTE:
https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
+ NOT-FOR-US: Google Closure Library
CVE-2020-8909
RESERVED
CVE-2020-8908
@@ -18173,6 +18174,7 @@ CVE-2020-8839 (Stored XSS was discovered on CHIYU
BF-430 232/485 TCP/IP Converte
CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not
correct ...)
{DLA-2116-1}
- libpam-radius-auth 1.4.0-3 (bug #951396)
+ [buster] - libpam-radius-auth <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa31a1d00b6697e9206b40bd534c5a4b309920d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa31a1d00b6697e9206b40bd534c5a4b309920d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
