Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 563224f9 by security tracker role at 2021-02-07T08:10:14+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -15910,18 +15910,21 @@ CVE-2021-20218 NOT-FOR-US: fabric8io / kubernetes-client CVE-2021-20217 RESERVED + {DLA-2548-1} - privoxy 3.0.31-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31) CVE-2021-20216 RESERVED + {DLA-2548-1} - privoxy 3.0.31-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31) CVE-2021-20215 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 @@ -15936,30 +15939,35 @@ CVE-2021-20214 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a CVE-2021-20213 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=7530132349 CVE-2021-20212 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8fe CVE-2021-20211 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf32 CVE-2021-20210 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a CVE-2021-20209 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 @@ -16460,6 +16468,7 @@ CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus ad NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346 CVE-2020-35502 RESERVED + {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 @@ -25702,6 +25711,7 @@ CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...) NOT-FOR-US: eramba CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...) + {DLA-2547-1} - wireshark 3.2.8-0.1 (bug #974689) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b @@ -29739,6 +29749,7 @@ CVE-2020-26577 CVE-2020-26576 RESERVED CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...) + {DLA-2547-1} - wireshark 3.2.8-0.1 (bug #974688) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab @@ -30117,6 +30128,7 @@ CVE-2020-26422 (Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 al NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17073 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-20.html CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissectors in W ...) + {DLA-2547-1} - wireshark 3.4.1-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1 @@ -30137,6 +30149,7 @@ CVE-2020-26419 (Memory leak in the dissection engine in Wireshark 3.4.0 allows d NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17032 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-19.html CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 t ...) + {DLA-2547-1} - wireshark 3.4.1-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/f4374967bbf9c12746b8ec3cd54dddada9dd353e @@ -31394,11 +31407,13 @@ CVE-2020-25865 CVE-2020-25864 RESERVED CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) + {DLA-2547-1} - wireshark 3.2.7-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741 CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) + {DLA-2547-1} - wireshark 3.2.7-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html @@ -53697,6 +53712,7 @@ CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the car CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...) NOT-FOR-US: Cohesive Networks vns3:vpn appliances CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...) + {DLA-2547-1} - wireshark 3.2.5-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 @@ -59982,6 +59998,7 @@ CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers CVE-2020-13165 RESERVED CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) + {DLA-2547-1} - wireshark 3.2.4-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <postponed> (Can be fixed along with other CVEs) @@ -64866,6 +64883,7 @@ CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) + {DLA-2547-1} - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <postponed> (Minor, can be fixed along in a future update) @@ -71110,6 +71128,7 @@ CVE-2020-9420 CVE-2020-9419 RESERVED CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) + {DLA-2547-1} - wireshark 3.2.2-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <not-affected> (composite TVB handling added later) @@ -71117,6 +71136,7 @@ CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) + {DLA-2547-1} - wireshark 3.2.2-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <not-affected> (Vulnerable code not present) @@ -71126,6 +71146,7 @@ CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) + {DLA-2547-1} - wireshark 3.2.2-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <not-affected> (Vulnerable code not present) @@ -77055,6 +77076,7 @@ CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3 - dovecot <not-affected> (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) + {DLA-2547-1} - wireshark 3.2.0-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <not-affected> (Doesn't support request-respone tracking in affected code passage, yet) @@ -90760,6 +90782,7 @@ CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-bas CVE-2019-19554 RESERVED CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...) + {DLA-2547-1} - wireshark 3.0.7-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA) @@ -103818,6 +103841,7 @@ CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file inclusion CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...) NOT-FOR-US: Integard CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...) + {DLA-2547-1} - wireshark 3.0.4-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <not-affected> (Vulnerable code not present) @@ -112639,6 +112663,7 @@ CVE-2019-13621 CVE-2019-13620 RESERVED CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ...) + {DLA-2547-1} - wireshark 2.6.10-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported) @@ -117324,7 +117349,7 @@ CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 an CVE-2019-12296 RESERVED CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...) - {DLA-2423-1} + {DLA-2547-1 DLA-2423-1} - wireshark 2.6.8-1.1 (low; bug #929446) [jessie] - wireshark <postponed> (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563224f9d60bf5f266c1e741668859869f1ceda7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563224f9d60bf5f266c1e741668859869f1ceda7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits