Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: fa31a1d0 by Moritz Muehlenhoff at 2020-07-09T19:43:51+02:00 buster triage mark Google Closure Library as NFU, if this were a security issue as bundled in Chromium, it would get fixed via Chromium updates anyway - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -178,6 +178,7 @@ CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0. NOT-FOR-US: Whoopsie CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...) - milkytracker <unfixed> + [buster] - milkytracker <no-dsa> (Minor issue) NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf CVE-2020-15568 RESERVED @@ -14601,7 +14602,9 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) - pillow <unfixed> - [jessie] - pillow <no-dsa> (Minor issue) + [buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + [stretch] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + [jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an out-of-bou ...) @@ -17993,9 +17996,7 @@ CVE-2020-8912 CVE-2020-8911 RESERVED CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) - - chromium <unfixed> - [stretch] - chromium <end-of-life> (see DSA 4562) - NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9 + NOT-FOR-US: Google Closure Library CVE-2020-8909 RESERVED CVE-2020-8908 @@ -18173,6 +18174,7 @@ CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converte CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...) {DLA-2116-1} - libpam-radius-auth 1.4.0-3 (bug #951396) + [buster] - libpam-radius-auth <no-dsa> (Minor issue) NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa31a1d00b6697e9206b40bd534c5a4b309920d8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa31a1d00b6697e9206b40bd534c5a4b309920d8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits