Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: bd4d8ac1 by Moritz Muehlenhoff at 2020-09-14T20:02:11+02:00 buster triage also track python-os-brick - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2112,6 +2112,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex - golang-1.15 <unfixed> (bug #969661) - golang-1.14 <unfixed> (bug #969662) - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) - golang-1.8 <removed> - golang-1.7 <removed> NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs @@ -16344,6 +16345,7 @@ CVE-2020-17481 RESERVED CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...) - tinymce <unfixed> + [buster] - tinymce <no-dsa> (Minor issue) NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...) NOT-FOR-US: jpv @@ -28260,6 +28262,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c direct NOT-FOR-US: Gurbalib CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) - tinymce <unfixed> + [buster] - tinymce <no-dsa> (Minor issue) NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) NOT-FOR-US: Unisys ALGOL Compiler @@ -28821,6 +28824,7 @@ CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode a CVE-2020-12413 [racoon attack for NSS] RESERVED - nss <unfixed> + [buster] - nss <no-dsa> (Minor issue) NOTE: https://raccoon-attack.com/ CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...) - firefox 70.0-1 @@ -34622,9 +34626,10 @@ CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder v [buster] - cinder <no-dsa> (Minor issue) [stretch] - cinder <no-dsa> (Minor issue) [jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS) + - python-os-brick 3.1.0-1 (low) + [buster] - python-os-brick <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/cinder/+bug/1823200 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086 - TODO: check, affects as well python-os-brick or needs a respective update? CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...) - network-manager <unfixed> (unimportant) NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 @@ -46302,6 +46307,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...) - atftp <unfixed> (bug #970066) + [buster] - atftp <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - glibc 2.31-2 (low; bug #961452) @@ -91202,6 +91208,7 @@ CVE-2019-1010092 RESERVED CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...) - tinymce <unfixed> (bug #970256) + [buster] - tinymce <no-dsa> (Minor issue) [jessie] - tinymce <ignored> (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie) NOTE: https://github.com/tinymce/tinymce/issues/4394 CVE-2019-1010090 ===================================== data/dsa-needed.txt ===================================== @@ -25,6 +25,8 @@ knot-resolver linux (carnil) Wait until more issues have piled up -- +python-flask-cors +-- rails (jmm) Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4d8ac1a24333399042c48f94efd4fa038f05fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4d8ac1a24333399042c48f94efd4fa038f05fc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits