[Git][security-tracker-team/security-tracker][master] Temporarily track fix for CVE-2020-6860/libmysofa via experimental

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2225a24 by Salvatore Bonaccorso at 2020-02-09T08:18:07+01:00
Temporarily track fix for CVE-2020-6860/libmysofa via experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4287,6 +4287,7 @@ CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W 
product are impacted by Info
 CVE-2020-6861
RESERVED
 CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in 
readDataVar in hd ...)
+   [experimental] - libmysofa 1.0~dfsg0-1~exp1
- libmysofa  (bug #949325)
[buster] - libmysofa  (Minor issue)
NOTE: https://github.com/hoene/libmysofa/issues/96



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2225a24ab194472486cf4d63ffe4803657f3f68

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2225a24ab194472486cf4d63ffe4803657f3f68
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add note for CVE-2020-3123 pointing to upstream announcement

[Scott Kitterman]

Scott Kitterman pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
10c52b8a by Scott Kitterman at 2020-02-09T01:21:14-05:00
Add note for CVE-2020-3123 pointing to upstream announcement

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13594,6 +13594,7 @@ CVE-2020-3123 (A vulnerability in the 
Data-Loss-Prevention (DLP) module in Clam
- clamav  (bug #950944)
[buster] - clamav  (ClamAV is updated via -updates)
[stretch] - clamav  (ClamAV is updated via -updates)
+   NOTE: 
https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
 CVE-2020-3122
RESERVED
 CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco 
Small B ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c52b8ae632cbd7226c4e8b6ed256ce5a5828aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/10c52b8ae632cbd7226c4e8b6ed256ce5a5828aa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] List all needed commits for CVE-2020-5208

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
65d1191b by Salvatore Bonaccorso at 2020-02-08T23:37:31+01:00
List all needed commits for CVE-2020-5208

The initially mentioned one was only the first part of a series of
commits to adress CVE-2020-5208 which consist of a full set of 6
commits.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7911,6 +7911,11 @@ CVE-2020-5208 (It's been found that multiple functions 
in ipmitool before 1.8.19
- ipmitool  (bug #950761)
NOTE: 
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
NOTE: 
https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
+   NOTE: 
https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10
+   NOTE: 
https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22
+   NOTE: 
https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
+   NOTE: 
https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10
+   NOTE: 
https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637
 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when 
running behin ...)
NOT-FOR-US: Ktor
 CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with 
an arb ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/65d1191b07b7c8a792db0301172dec3088706dc5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/65d1191b07b7c8a792db0301172dec3088706dc5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-19920/sa-exim via unstable

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82948b38 by Salvatore Bonaccorso at 2020-02-09T00:10:28+01:00
Add fixed version for CVE-2019-19920/sa-exim via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -97613,7 +97613,7 @@ CVE-2018-1000182 (A server-side request forgery 
vulnerability exists in Jenkins
NOT-FOR-US: Jenkins plugin
 CVE-2019-19920 (sa-exim 4.2.1 allows attackers to execute arbitrary code if 
they can w ...)
{DLA-2062-1}
-   - sa-exim  (bug #947198)
+   - sa-exim 4.2.1-19 (bug #947198)
[buster] - sa-exim  (Minor issue; can be fixed via point 
release)
[stretch] - sa-exim  (Minor issue; can be fixed via point 
release)
NOTE: https://bugs.debian.org/946829#24



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82948b38d0c8f8fb0e5b622978fae369a38d518d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82948b38d0c8f8fb0e5b622978fae369a38d518d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Claim ppp in dla-needed.txt

[Markus Koschany]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0f79da60 by Markus Koschany at 2020-02-08T23:46:02+01:00
Claim ppp in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -69,6 +69,8 @@ openjdk-7 (Emilio)
 --
 php5 (Thorsten Alteholz)
 --
+ppp (Markus Koschany)
+--
 python-pysaml2 (Abhijith PA)
   NOTE: 2020203: test fails already for the one in archive (abhijith)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f79da606dd1e6b36b95cc848fbc7be69cd71eb1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f79da606dd1e6b36b95cc848fbc7be69cd71eb1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Claim ipmitool in dla-needed.txt

[Markus Koschany]

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f4d7938 by Markus Koschany at 2020-02-08T23:07:22+01:00
Claim ipmitool in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -24,6 +24,8 @@ ibus
 --
 intel-microcode
 --
+ipmitool (Markus Koschany)
+--
 jackson-databind
   NOTE: 20200105: Can be postponed again. (apo)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f4d7938935c9075cacd7b5883958ce4bdf2b379

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f4d7938935c9075cacd7b5883958ce4bdf2b379
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2020-70{59,60}/php7.4

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
69822c73 by Salvatore Bonaccorso at 2020-02-08T21:47:49+01:00
Track fixed version via unstable for CVE-2020-70{59,60}/php7.4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3841,7 +3841,7 @@ CVE-2020-7061
RESERVED
 CVE-2020-7060 [Global buffer-overflow in mbfl_filt_conv_big5_wchar function]
RESERVED
-   - php7.4 
+   - php7.4 7.4.2-7
- php7.3 
- php7.0 
- php5 
@@ -3849,7 +3849,7 @@ CVE-2020-7060 [Global buffer-overflow in 
mbfl_filt_conv_big5_wchar function]
NOTE: PHP Bug: http://bugs.php.net/79037
 CVE-2020-7059 [Out of bounds read in php_strip_tags_ex]
RESERVED
-   - php7.4 
+   - php7.4 7.4.2-7
- php7.3 
- php7.0 
- php5 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/69822c7356f11962f3469a5ba2e6e806928e5151

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/69822c7356f11962f3469a5ba2e6e806928e5151
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for CVE-2019-20444

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
370851b3 by Salvatore Bonaccorso at 2020-02-08T21:43:26+01:00
Add Debian bug reference for CVE-2019-20444

- - - - -
5c97c854 by Salvatore Bonaccorso at 2020-02-08T21:44:23+01:00
Add Debian bug reference for CVE-2019-20445 (and CVE-2020-7238)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -814,13 +814,13 @@ CVE-2020-8434
 CVE-2020-8433
RESERVED
 CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a 
Content-Length  ...)
-   - netty 
+   - netty  (bug #950967)
- netty-3.9 
NOTE: https://github.com/netty/netty/issues/9861
NOTE: 
https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 
(4.1)
NOTE: 
https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c 
(tests)
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP 
header th ...)
-   - netty 
+   - netty  (bug #950966)
- netty-3.9 
NOTE: https://github.com/netty/netty/issues/9866
NOTE: 
https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e 
(4.1)
@@ -3454,7 +3454,7 @@ CVE-2019-20383
 CVE-2019-20382
RESERVED
 CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it 
mishandles ...)
-   - netty 
+   - netty  (bug #950967)
- netty-3.9 
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b998114a97dced4120c3a70ff9f0ef7647800ed...5c97c8545dbb9885e05aba59e3b3f562fd958fa9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b998114a97dced4120c3a70ff9f0ef7647800ed...5c97c8545dbb9885e05aba59e3b3f562fd958fa9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b998114 by Salvatore Bonaccorso at 2020-02-08T21:42:26+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -26604,9 +26604,9 @@ CVE-2019-17138 (This vulnerability allows remote 
attackers to disclose sensitive
 CVE-2019-17137
RESERVED
 CVE-2019-17136 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-17135 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-17134 (Amphora Images in OpenStack Octavia =0.10.0 2.1.2, 
=3.0.0  ...)
- octavia 4.0.0-6 (bug #941897)
[buster] - octavia  (Minor issue in regular setups, can be 
fixed via point release)
@@ -29509,7 +29509,7 @@ CVE-2019-16157
 CVE-2019-16156
RESERVED
 CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 
6.2.1 an ...)
-   TODO: check
+   NOT-FOR-US: Fortiguard FortiClient
 CVE-2019-16154 (An improper neutralization of input during web page generation 
in Fort ...)
NOT-FOR-US: FortiAuthenticator WEB UI
 CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM 
database ...)
@@ -36515,7 +36515,7 @@ CVE-2019-14090
 CVE-2019-14089
RESERVED
 CVE-2019-14088 (Possible use after free issue while CRM is accessing the link 
pointer  ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14087
RESERVED
 CVE-2019-14086
@@ -36565,23 +36565,23 @@ CVE-2019-14065
 CVE-2019-14064
RESERVED
 CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings 
which r ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14062
RESERVED
 CVE-2019-14061
RESERVED
 CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated 
for blob ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14059
RESERVED
 CVE-2019-14058
RESERVED
 CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv 
file due t ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14056
RESERVED
 CVE-2019-14055 (Possibility of use-after-free and double free because of not 
marking b ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14054
RESERVED
 CVE-2019-14053
@@ -36589,29 +36589,29 @@ CVE-2019-14053
 CVE-2019-14052
RESERVED
 CVE-2019-14051 (Subsequent additions performed during Module loading while 
allocating  ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14050
RESERVED
 CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system 
allocation whi ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14048
RESERVED
 CVE-2019-14047
RESERVED
 CVE-2019-14046 (Out of bound access while allocating memory for an array in 
camera due ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14045
RESERVED
 CVE-2019-14044 (Out of bound access due to access of uninitialized memory 
segment in a ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14043
RESERVED
 CVE-2019-14042
RESERVED
 CVE-2019-14041 (During listener modified response processing, a buffer overrun 
occurs  ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14040 (Using memory after being freed in qsee due to wrong 
implementation can ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon
 CVE-2019-14039
RESERVED
 CVE-2019-14038
@@ -39487,9 +39487,9 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell 
DB01-S Gen 1 allows remote
 CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 
7.11.7 has  ...)
NOT-FOR-US: SalesAgility SuiteCRM
 CVE-2019-13334 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-1 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
-   TODO: check
+   NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-13332 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
NOT-FOR-US: Foxit Reader
 CVE-2019-13331 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
@@ -39984,7 +39984,7 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does 
not ensure that a networ
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
NOTE: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
 CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. 
This affect ...)
-   TODO: check
+   NOT-FOR-US: Fujitsu
 CVE-2019-13162

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2af77da by security tracker role at 2020-02-08T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -221362,8 +221362,7 @@ CVE-2014-9742 (The Miller-Rabin primality check in 
Botan before 1.10.8 and 1.11.
- botan1.10 1.10.8-1
NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
NOTE: http://botan.randombit.net/security.html
-CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations]
-   RESERVED
+CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 
does n ...)
- golang 2:1.4.2-4 (bug #795106)
[jessie] - golang  (Minor issue)
[wheezy] - golang  (Minor issue)
@@ -228058,8 +228057,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) 
vulnerability in Accentis Content Reso
NOT-FOR-US: Accentis Content Resource Management System
 CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource 
Management Sy ...)
NOT-FOR-US: Accentis Content Resource Management System
-CVE-2015-3423
-   RESERVED
+CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource 
Manageme ...)
+   TODO: check
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 
8.2.1 al ...)
NOT-FOR-US: SearchBlox
 CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress 
Eshop plu ...)
@@ -232034,8 +232033,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to 
obtain the installation pa
NOT-FOR-US: DLGuard
 CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 
allows remo ...)
NOT-FOR-US: phpMoAdmin
-CVE-2015-2207
-   RESERVED
+CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in 
NetCracker Reso ...)
+   TODO: check
 CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 
4.0.10.9, 4.2 ...)
{DSA-3382-1 DLA-336-1}
- phpmyadmin 4:4.4.4-1 (unimportant)
@@ -232485,8 +232484,8 @@ CVE-2015-2080 (The exception handling code in Eclipse 
Jetty before 9.2.9.v201502
NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
NOTE: 
https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
NOTE: 
http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
-CVE-2015-2062
-   RESERVED
+CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider 
(slider-i ...)
+   TODO: check
 CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo 
View all ...)
NOT-FOR-US: PTC Creo View
 CVE-2015-2057
@@ -234562,8 +234561,7 @@ CVE-2015-1398 (Multiple directory traversal 
vulnerabilities in Magento Community
NOT-FOR-US: Magento
 CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the 
Mage_Adm ...)
NOT-FOR-US: Magento
-CVE-2015-1394
-   RESERVED
+CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Photo Galle ...)
NOT-FOR-US: WordPress plugin photo-gallery
 CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 
1.2.11  ...)
NOT-FOR-US: WordPress plugin photo-gallery
@@ -237733,8 +237731,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request 
Tracker) 3.0.0 through 4.x b
{DSA-3176-1 DLA-158-1}
- request-tracker4 4.2.8-3
- request-tracker3.8  (unimportant)
-CVE-2014-9470
-   RESERVED
+CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm 
function in F ...)
+   TODO: check
 CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 
3.6.0, 3. ...)
NOT-FOR-US: vBulletin
 CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in 
InstantASP Inst ...)
@@ -239490,10 +239488,10 @@ CVE-2014-9131
RESERVED
 CVE-2014-9128
RESERVED
-CVE-2014-9127
-   RESERVED
-CVE-2014-9126
-   RESERVED
+CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict 
access to ...)
+   TODO: check
+CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in 
Open-School Com ...)
+   TODO: check
 CVE-2014-9125
RESERVED
 CVE-2014-9124
@@ -241298,8 +241296,8 @@ CVE-2014-8741 (Directory traversal vulnerability in 
the GfdFileUploadServerlet s
NOT-FOR-US: Lexmark
 CVE-2014-8740
RESERVED
-CVE-2014-8739
-   RESERVED
+CVE-2014-8739 (Unrestricted file upload vulnerability in 
server/php/UploadHandler.php ...)
+   TODO: check
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows 
remote a ...)
NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 

[Git][security-tracker-team/security-tracker][master] Mark ruby-openssl as removed from every supported suite

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
01a90672 by Salvatore Bonaccorso at 2020-02-08T19:16:05+01:00
Mark ruby-openssl as removed from every supported suite

The source is now shipped with ruby2.7 directly and not anymore
separately. There is no further supported suite with the source package
still shipped.

- - - - -


1 changed file:

- data/packages/removed-packages


Changes:

=
data/packages/removed-packages
=
@@ -704,3 +704,4 @@ openjdk-12
 golang-1.12
 lepton
 ruby-simple-form
+ruby-openssl



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/01a9067210e8a388b916d0e943b9cd5f4bf69390

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/01a9067210e8a388b916d0e943b9cd5f4bf69390
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-3123/clamav

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0c6c7609 by Salvatore Bonaccorso at 2020-02-08T17:19:05+01:00
Add CVE-2020-3123/clamav

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13586,7 +13586,9 @@ CVE-2020-3125
 CVE-2020-3124
RESERVED
 CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in 
Clam AntiV ...)
-   TODO: check
+   - clamav  (bug #950944)
+   [buster] - clamav  (ClamAV is updated via -updates)
+   [stretch] - clamav  (ClamAV is updated via -updates)
 CVE-2020-3122
RESERVED
 CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco 
Small B ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c6c7609ec0399969efead554b5602485b0ae8c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c6c7609ec0399969efead554b5602485b0ae8c9
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1560{4,5,6}/nodejs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
78fec22d by Salvatore Bonaccorso at 2020-02-08T15:12:10+01:00
Add CVE-2019-1560{4,5,6}/nodejs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -31080,11 +31080,14 @@ CVE-2019-15608
 CVE-2019-15607 (A stored XSS vulnerability is present within node-red 
(version: =  ...)
TODO: check
 CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 
10, 12, ...)
-   TODO: check
+   - nodejs 
+   NOTE: https://hackerone.com/reports/730779
 CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes 
malicious payl ...)
-   TODO: check
+   - nodejs 
+   NOTE: https://hackerone.com/reports/735748
 CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 
causes the p ...)
-   TODO: check
+   - nodejs 
+   NOTE: https://hackerone.com/reports/746733
 CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site 
Scriptin ...)
NOT-FOR-US: seefl
 CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and 
escapin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78fec22de3a6284f6bc45ad825f613770f8d31a3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78fec22de3a6284f6bc45ad825f613770f8d31a3
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-1697 as NFU

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
93a693a0 by Salvatore Bonaccorso at 2020-02-08T15:03:48+01:00
Mark CVE-2020-1697 as NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -17626,6 +17626,7 @@ CVE-2020-1698
RESERVED
 CVE-2020-1697
RESERVED
+   NOT-FOR-US: Keycloak
 CVE-2020-1696
RESERVED
- dogtag-pki 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/93a693a08cb6302077b15a9a8bf8d56fdc36b2cd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/93a693a08cb6302077b15a9a8bf8d56fdc36b2cd
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-12528/squid

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
43fbdb29 by Salvatore Bonaccorso at 2020-02-08T14:49:40+01:00
Add Debian bug reference for CVE-2019-12528/squid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -41659,7 +41659,7 @@ CVE-2019-12529 (An issue was discovered in Squid 2.x 
through 2.7.STABLE9, 3.x th
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
NOTE: Squid 4: 
http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
 CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a 
crafted FTP  ...)
-   - squid 
+   - squid  (bug #950925)
- squid3 
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
NOTE: Squid 3: 
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8cdb18ca1829a0b7faa1c9e472604ed0e7e105ac.patch



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43fbdb29fe05b2fcc8df2b010f698d0c8eb5ea4e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/43fbdb29fe05b2fcc8df2b010f698d0c8eb5ea4e
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 5 commits: Add fixed version for CVE-2009-0801/squid

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
03dddcf9 by Salvatore Bonaccorso at 2020-02-08T14:42:33+01:00
Add fixed version for CVE-2009-0801/squid

Mark is as fixed with first src:squid version based on 4.x series after
the source package rename.

- - - - -
e419eb0b by Salvatore Bonaccorso at 2020-02-08T14:44:03+01:00
Add fixed version for CVE-2014-6270/squid

While src:squid was on the 2.x branch the issue was unimportant as the
SNMP part was not build. A while later after the issue got fixed in
3.4.8-1 in src:squid3 the source package was renamed back to src:squid.
Mark the issue for src:squid as fixed with the first upload of the 4.x
series to unstable.

- - - - -
904f33d3 by Salvatore Bonaccorso at 2020-02-08T14:45:42+01:00
Add fixed version for CVE-2015-3455/squid

- - - - -
ed1c67f2 by Salvatore Bonaccorso at 2020-02-08T14:46:30+01:00
Add fixed version for CVE-2016-2390/squid

For the 4.x branch the issue was fixed back in 4.0.6, mark the first 4.x
based version which entered unstable as the fixed one.

- - - - -
7ab89c98 by Salvatore Bonaccorso at 2020-02-08T14:47:41+01:00
Add fixed version for CVE-2018-1172/squid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -128132,7 +128132,7 @@ CVE-2018-1173 (This vulnerability allows remote 
attackers to execute arbitrary c
NOT-FOR-US: Foxit Reader
 CVE-2018-1172 (This vulnerability allows remote attackers to deny service on 
vulnerab ...)
[experimental] - squid 4.0.21-1~exp5 (unimportant)
-   - squid  (unimportant)
+   - squid 4.1-1 (unimportant)
[wheezy] - squid  (Vunerable code introduced in 3.1)
- squid3  (unimportant)
NOTE: src:squid as source package reintroduced for 4.x in experimental
@@ -205478,7 +205478,7 @@ CVE-2016-2391 (The ohci_bus_start function in the USB 
OHCI emulation support (hw
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
 CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid 
before 3. ...)
-   - squid  (unimportant)
+   - squid 4.1-1 (unimportant)
- squid3 3.5.14-1 (unimportant)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
NOTE: Only affects custom builds with --enable-ssl (disabled for 
license purposes in Debian)
@@ -228012,7 +228012,7 @@ CVE-2015-3622 (The _asn1_extract_der_octet function 
in lib/decoding.c in GNU Lib
NOTE: Introduced by 
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204
 (libtasn1_3_6)
NOTE: DECR_LEN introduced in 
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee
 (libtasn1_3_6)
 CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 
3.4.13, a ...)
-   - squid  (unimportant)
+   - squid 4.1-1 (unimportant)
- squid3 3.5.6-1 (unimportant)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
NOTE: Only affects custom builds with --enable-ssl (disabled for 
license purposes in Debian)
@@ -247687,8 +247687,8 @@ CVE-2014-6311 (generate_doygen.pl in ace before 
6.2.7+dfsg-2 creates predictable
 CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote 
attacker ...)
- chicken  (Affects only CHICKEN Scheme on the Android 
platform)
 CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc 
in Squi ...)
-   - squid  (unimportant)
-   NOTE: SNMP not built in squid 2
+   - squid 4.1-1 (unimportant)
+   NOTE: SNMP was not built in squid 2.x
- squid3 3.4.8-1 (low; bug #761002)
[wheezy] - squid3  (Minor issue)
[squeeze] - squid3  (Minor issue)
@@ -340951,7 +340951,7 @@ CVE-2009-0803 (SmoothWall SmoothGuardian, as used in 
SmoothWall Firewall, Networ
 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, 
uses the  ...)
NOT-FOR-US: Qbik WinGate
 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the 
HTTP Ho ...)
-   - squid  (unimportant; bug #521053)
+   - squid 4.1-1 (unimportant; bug #521053)
- squid3 3.3.3-1 (unimportant; bug #521052)
NOTE: This only affects HTTP connections and only in transparent mode
NOTE: Also, same origin validations in the browsers still apply and 
keep this mostly harmless



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/fa1960b0b09d9b7ca93d900a27afe177fbde9349...7ab89c98171845029531068b99eef8e7717c2289
You're receiving this email because of your 

[Git][security-tracker-team/security-tracker][master] xml-security-c issue (#913136) got addressed in 9.12

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fa1960b0 by Salvatore Bonaccorso at 2020-02-08T13:47:40+01:00
xml-security-c issue (#913136) got addressed in 9.12

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -89257,7 +89257,7 @@ CVE-2018-14879 (The command-line argument parser in 
tcpdump before 4.9.3 has a b
NOTE: 
https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
 CVE-2018- [DSA verification crashes OpenSSL on invalid combinations of key 
content]
- xml-security-c 2.0.2-2 (bug #913136)
-   [stretch] - xml-security-c  (Minor issue; can be fixed via 
point release)
+   [stretch] - xml-security-c 1.7.3-4+deb9u2
[jessie] - xml-security-c 1.7.2-3+deb8u2
NOTE: temporary entry for DLA-1594-1
NOTE: https://issues.apache.org/jira/browse/SANTUARIO-496



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1960b0b09d9b7ca93d900a27afe177fbde9349

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa1960b0b09d9b7ca93d900a27afe177fbde9349
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] ruby-simple-form removed from every supported suite

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ce75177 by Salvatore Bonaccorso at 2020-02-08T13:37:48+01:00
ruby-simple-form removed from every supported suite

Was still present in stretch but with the point release ahead for 9.12
the package is as well removed from stretch.

- - - - -


1 changed file:

- data/packages/removed-packages


Changes:

=
data/packages/removed-packages
=
@@ -703,3 +703,4 @@ flif
 openjdk-12
 golang-1.12
 lepton
+ruby-simple-form



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce75177fc36292cf5a3a5cfb65a5c7171a19835

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ce75177fc36292cf5a3a5cfb65a5c7171a19835
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for yara.

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7018ad9d by Chris Lamb at 2020-02-08T09:22:58+00:00
dla-needed.txt: Update note for yara.

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -140,4 +140,5 @@ xerces-c (Hugo Lefeuvre)
 yara
   NOTE: 20191212: no upstream fix yet
   NOTE: 20200119: still no upstream fix (daissi)
+  NOTE: 20200208: still no fix (lamby)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7018ad9d6498b9eeab8f532c51412e25b2523cae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7018ad9d6498b9eeab8f532c51412e25b2523cae
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c570fd5a by Salvatore Bonaccorso at 2020-02-08T09:51:03+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,15 +1,15 @@
 CVE-2020-8813
RESERVED
 CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to 
insert m ...)
-   TODO: check
+   NOT-FOR-US: Bludit
 CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows 
authenticated  ...)
-   TODO: check
+   NOT-FOR-US: Bludit
 CVE-2020-8810
RESERVED
 CVE-2020-8809
RESERVED
 CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in 
CORSAIR ...)
-   TODO: check
+   NOT-FOR-US: CORSAIR iCUE
 CVE-2020-8807
RESERVED
 CVE-2020-8806
@@ -33,7 +33,7 @@ CVE-2020-8798
 CVE-2020-8797
RESERVED
 CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx 
before  ...)
-   TODO: check
+   NOT-FOR-US: Biscom Secure File Transfer (SFT)
 CVE-2020-8795
RESERVED
 CVE-2020-8794
@@ -4498,11 +4498,11 @@ CVE-2020-6772
 CVE-2020-6771
RESERVED
 CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video 
Service (BV ...)
-   TODO: check
+   NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS)
 CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video 
Stream ...)
-   TODO: check
+   NOT-FOR-US: Bosch
 CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management 
System (B ...)
-   TODO: check
+   NOT-FOR-US: Bosch
 CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management 
System (B ...)
NOT-FOR-US: Bosch
 CVE-2020-6766
@@ -17622,7 +17622,7 @@ CVE-2019-19358
 CVE-2019-19357
RESERVED
 CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code 
Execution (RCE ...)
-   TODO: check
+   NOT-FOR-US: Netis WF2419
 CVE-2019-19355
RESERVED
NOT-FOR-US: openshift



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c570fd5adc1077b08ff3b38fa77788a3063d4a9b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c570fd5adc1077b08ff3b38fa77788a3063d4a9b
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d162b9fc by security tracker role at 2020-02-08T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,41 @@
+CVE-2020-8813
+   RESERVED
+CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to 
insert m ...)
+   TODO: check
+CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows 
authenticated  ...)
+   TODO: check
+CVE-2020-8810
+   RESERVED
+CVE-2020-8809
+   RESERVED
+CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in 
CORSAIR ...)
+   TODO: check
+CVE-2020-8807
+   RESERVED
+CVE-2020-8806
+   RESERVED
+CVE-2020-8805
+   RESERVED
+CVE-2020-8804
+   RESERVED
+CVE-2020-8803
+   RESERVED
+CVE-2020-8802
+   RESERVED
+CVE-2020-8801
+   RESERVED
+CVE-2020-8800
+   RESERVED
+CVE-2020-8799
+   RESERVED
+CVE-2020-8798
+   RESERVED
+CVE-2020-8797
+   RESERVED
+CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx 
before  ...)
+   TODO: check
+CVE-2020-8795
+   RESERVED
 CVE-2020-8794
RESERVED
 CVE-2020-8793
@@ -4459,12 +4497,12 @@ CVE-2020-6772
RESERVED
 CVE-2020-6771
RESERVED
-CVE-2020-6770
-   RESERVED
-CVE-2020-6769
-   RESERVED
-CVE-2020-6768
-   RESERVED
+CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video 
Service (BV ...)
+   TODO: check
+CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video 
Stream ...)
+   TODO: check
+CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management 
System (B ...)
+   TODO: check
 CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management 
System (B ...)
NOT-FOR-US: Bosch
 CVE-2020-6766
@@ -17510,8 +17548,7 @@ CVE-2020-1710
 CVE-2020-1709
RESERVED
NOT-FOR-US: openshift
-CVE-2020-1708
-   RESERVED
+CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all 
openshi ...)
NOT-FOR-US: openshift
 CVE-2020-1707
RESERVED
@@ -17533,8 +17570,7 @@ CVE-2020-1702
 CVE-2020-1701
RESERVED
NOT-FOR-US: KubeVirt
-CVE-2020-1700
-   RESERVED
+CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end 
handles unexp ...)
- ceph 14.2.7-1
[stretch] - ceph  (Vulnerable code introduced later)
[jessie] - ceph  (Vulnerable code introduced later)
@@ -17585,8 +17621,8 @@ CVE-2019-19358
RESERVED
 CVE-2019-19357
RESERVED
-CVE-2019-19356
-   RESERVED
+CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code 
Execution (RCE ...)
+   TODO: check
 CVE-2019-19355
RESERVED
NOT-FOR-US: openshift
@@ -26474,10 +26510,10 @@ CVE-2019-17138 (This vulnerability allows remote 
attackers to disclose sensitive
NOT-FOR-US: Foxit
 CVE-2019-17137
RESERVED
-CVE-2019-17136
-   RESERVED
-CVE-2019-17135
-   RESERVED
+CVE-2019-17136 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2019-17135 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
 CVE-2019-17134 (Amphora Images in OpenStack Octavia =0.10.0 2.1.2, 
=3.0.0  ...)
- octavia 4.0.0-6 (bug #941897)
[buster] - octavia  (Minor issue in regular setups, can be 
fixed via point release)
@@ -39306,10 +39342,10 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell 
DB01-S Gen 1 allows remote
NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell
 CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 
7.11.7 has  ...)
NOT-FOR-US: SalesAgility SuiteCRM
-CVE-2019-13334
-   RESERVED
-CVE-2019-1
-   RESERVED
+CVE-2019-13334 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
+CVE-2019-1 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
+   TODO: check
 CVE-2019-13332 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
NOT-FOR-US: Foxit Reader
 CVE-2019-13331 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
@@ -39803,8 +39839,8 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does 
not ensure that a networ
- qemu-kvm 
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
NOTE: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a
-CVE-2019-13163
-   RESERVED
+CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. 
This affect ...)
+   TODO: check
 CVE-2019-13162
RESERVED
 CVE-2019-13161 (An issue was discovered in Asterisk Open Source through