Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: a755982e by Moritz Muehlenhoff at 2020-07-28T08:58:19+02:00 NFUs mruby, kmail, gpac no-dsa - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4,6 +4,8 @@ CVE-2020-15955 RESERVED CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) - kmail <unfixed> + [buster] - kmail <no-dsa> (Minor issue) + - kdepim <removed> NOTE: https://bugs.kde.org/show_bug.cgi?id=423426 CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...) - libetpan <unfixed> @@ -219,6 +221,7 @@ CVE-2020-15867 RESERVED CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) - mruby <unfixed> + [buster] - mruby <no-dsa> (Minor issue) NOTE: https://github.com/mruby/mruby/issues/5042 NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b CVE-2020-15865 @@ -1922,11 +1925,11 @@ CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the NOTE: https://github.com/radareorg/radare2/issues/16945 NOTE: https://github.com/radareorg/radare2/pull/16966 CVE-2020-15120 (An authenticated member of one project can modify and delete members o ...) - TODO: check + NOT-FOR-US: ihatemoney CVE-2020-15119 RESERVED CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...) - TODO: check + NOT-FOR-US: Wagtail CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) - synergy <removed> NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 @@ -12125,6 +12128,7 @@ CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) - gpac <unfixed> + [buster] - gpac <no-dsa> (Minor issue) [jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible) NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c NOTE: https://github.com/gpac/gpac/issues/1440 @@ -21662,7 +21666,7 @@ CVE-2020-7827 CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...) NOT-FOR-US: EyeSurfer BflyInstallerX.ocx CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...) - TODO: check + NOT-FOR-US: MiPlatform CVE-2020-7824 RESERVED CVE-2020-7823 @@ -21676,7 +21680,7 @@ CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version conta CVE-2020-7819 RESERVED CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...) - TODO: check + NOT-FOR-US: Daview CVE-2020-7817 RESERVED CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) @@ -22307,19 +22311,19 @@ CVE-2020-7522 CVE-2020-7521 RESERVED CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in Easergy Bu ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory vulner ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in cleartext vul ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...) NOT-FOR-US: Schneider CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...) @@ -22365,7 +22369,7 @@ CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...) NOT-FOR-US: Schneider CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...) NOT-FOR-US: Schneider CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) @@ -23515,9 +23519,9 @@ CVE-2020-7019 CVE-2020-7018 RESERVED CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...) - TODO: check + - kibana <itp> (bug #700337) CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...) - TODO: check + - kibana <itp> (bug #700337) CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...) - kibana <itp> (bug #700337) CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a755982e999313cfbbc703d3c3aa8e6b85d42eb4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a755982e999313cfbbc703d3c3aa8e6b85d42eb4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits