Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a755982e by Moritz Muehlenhoff at 2020-07-28T08:58:19+02:00
NFUs
mruby, kmail, gpac no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,6 +4,8 @@ CVE-2020-15955
RESERVED
CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3
communicati ...)
- kmail <unfixed>
+ [buster] - kmail <no-dsa> (Minor issue)
+ - kdepim <removed>
NOTE: https://bugs.kde.org/show_bug.cgi?id=423426
CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3
and other ...)
- libetpan <unfixed>
@@ -219,6 +221,7 @@ CVE-2020-15867
RESERVED
CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the
mrb_yie ...)
- mruby <unfixed>
+ [buster] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/5042
NOTE:
https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b
CVE-2020-15865
@@ -1922,11 +1925,11 @@ CVE-2020-15121 (In radare2 before version 4.5.0,
malformed PDB file names in the
NOTE: https://github.com/radareorg/radare2/issues/16945
NOTE: https://github.com/radareorg/radare2/pull/16966
CVE-2020-15120 (An authenticated member of one project can modify and delete
members o ...)
- TODO: check
+ NOT-FOR-US: ihatemoney
CVE-2020-15119
RESERVED
CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page
type is m ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be
crashed by r ...)
- synergy <removed>
NOTE:
https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
@@ -12125,6 +12128,7 @@ CVE-2020-11559
RESERVED
CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as
demonstrated by ...)
- gpac <unfixed>
+ [buster] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <not-affected> (Vulnerable code not present and not
reproducible)
NOTE:
https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
NOTE: https://github.com/gpac/gpac/issues/1440
@@ -21662,7 +21666,7 @@ CVE-2020-7827
CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions
contain a ...)
NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
CVE-2020-7825 (A vulnerability exists that could allow the execution of
operating sys ...)
- TODO: check
+ NOT-FOR-US: MiPlatform
CVE-2020-7824
RESERVED
CVE-2020-7823
@@ -21676,7 +21680,7 @@ CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library
under 2019.9.6 version conta
CVE-2020-7819
RESERVED
CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow
vulnerability, ...)
- TODO: check
+ NOT-FOR-US: Daview
CVE-2020-7817
RESERVED
CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView
Indy, DaVa+ ...)
@@ -22307,19 +22311,19 @@ CVE-2020-7522
CVE-2020-7521
RESERVED
CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
vulnera ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in
Easergy ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in
Easergy Bu ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory
vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in
cleartext vul ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information
vulnerability ex ...)
NOT-FOR-US: Schneider
CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components
with vuln ...)
@@ -22365,7 +22369,7 @@ CVE-2020-7493 (A CWE-89: Improper Neutralization of
Special Elements used in an
CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in
the GP-P ...)
NOT-FOR-US: Schneider
CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port
account in ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo
Designe ...)
NOT-FOR-US: Schneider
CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output
Used b ...)
@@ -23515,9 +23519,9 @@ CVE-2020-7019
CVE-2020-7018
RESERVED
CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map
visualizatio ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of
service (D ...)
- TODO: check
+ - kibana <itp> (bug #700337)
CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS
flaw in t ...)
- kibana <itp> (bug #700337)
CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete.
Elasticsearch ve ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a755982e999313cfbbc703d3c3aa8e6b85d42eb4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a755982e999313cfbbc703d3c3aa8e6b85d42eb4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
