[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Mon, 14 Sep 2020 11:03:10 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bd4d8ac1 by Moritz Muehlenhoff at 2020-09-14T20:02:11+02:00
buster triage
also track python-os-brick

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2112,6 +2112,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 
allows XSS because tex
        - golang-1.15 <unfixed> (bug #969661)
        - golang-1.14 <unfixed> (bug #969662)
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <no-dsa> (Minor issue)
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        NOTE: 
https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs
@@ -16344,6 +16345,7 @@ CVE-2020-17481
        RESERVED
 CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the 
core parse ...)
        - tinymce <unfixed>
+       [buster] - tinymce <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not 
properly valida ...)
        NOT-FOR-US: jpv
@@ -28260,6 +28262,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows 
lib/cmds/player/help.c direct
        NOT-FOR-US: Gurbalib
 CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 
and earlie ...)
        - tinymce <unfixed>
+       [buster] - tinymce <no-dsa> (Minor issue)
        NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 
59.1a.9, and 6 ...)
        NOT-FOR-US: Unisys ALGOL Compiler
@@ -28821,6 +28824,7 @@ CVE-2020-12414 (IndexedDB should be cleared when 
leaving private browsing mode a
 CVE-2020-12413 [racoon attack for NSS]
        RESERVED
        - nss <unfixed>
+       [buster] - nss <no-dsa> (Minor issue)
        NOTE: https://raccoon-attack.com/
 CVE-2020-12412 (By navigating a tab using the history API, an attacker could 
cause the ...)
        - firefox 70.0-1
@@ -34622,9 +34626,10 @@ CVE-2020-10755 (An insecure-credentials flaw was found 
in all openstack-cinder v
        [buster] - cinder <no-dsa> (Minor issue)
        [stretch] - cinder <no-dsa> (Minor issue)
        [jessie] - cinder <end-of-life> (OpenStack component, not supported in 
jessie LTS)
+       - python-os-brick 3.1.0-1 (low)
+       [buster] - python-os-brick <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
        NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
-       TODO: check, affects as well  python-os-brick or needs a respective 
update?
 CVE-2020-10754 (It was found that nmcli, a command line interface to 
NetworkManager di ...)
        - network-manager <unfixed> (unimportant)
        NOTE: 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
@@ -46302,6 +46307,7 @@ CVE-2020-6098 (An exploitable denial of service 
vulnerability exists in the free
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the 
atftpd da ...)
        - atftp <unfixed> (bug #970066)
+       [buster] - atftp <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the 
ARMv7 mem ...)
        - glibc 2.31-2 (low; bug #961452)
@@ -91202,6 +91208,7 @@ CVE-2019-1010092
        RESERVED
 CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper 
Neutralization ...)
        - tinymce <unfixed> (bug #970256)
+       [buster] - tinymce <no-dsa> (Minor issue)
        [jessie] - tinymce <ignored> (Minor issue, requires manually 
copy/pasting javascript to execute it, can't reproduce on Jessie)
        NOTE: https://github.com/tinymce/tinymce/issues/4394
 CVE-2019-1010090


=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ knot-resolver
 linux (carnil)
   Wait until more issues have piled up
 --
+python-flask-cors
+--
 rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4d8ac1a24333399042c48f94efd4fa038f05fc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd4d8ac1a24333399042c48f94efd4fa038f05fc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to