[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: acfe473d by Adrian Bunk at 2020-04-06T01:02:11+03:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -32,7 +32,7 @@ libmatio (Adrian Bunk) NOTE: 20190428: is likely vulnerable NOTE: 20190428: some CVE testcases still fail after applying the fix, NOTE: 20190428: older changes seem to also be required for them - NOTE: 20200323: work is ongoing + NOTE: 20200406: work is ongoing -- libperlspeak-perl (Mike Gabriel) NOTE: 20200326: No patches yet. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfe473df9ea9fc3b23b3aad545a596ebbb4a086 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfe473df9ea9fc3b23b3aad545a596ebbb4a086 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81066096 by security tracker role at 2020-04-05T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,11 @@ +CVE-2020-11552 + RESERVED +CVE-2020-11551 + RESERVED +CVE-2020-11550 + RESERVED +CVE-2020-11549 + RESERVED CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) @@ -159208,13 +159216,13 @@ CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injectio NOTE: script used in some embedded product relying on BOA as webserver. NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL functi ...) - {DLA-1029-1} + {DLA-2169-1 DLA-1029-1} - libmtp 1.1.13-1 NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb@curie.anarc.at CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx f ...) - {DLA-1029-1} + {DLA-2169-1 DLA-1029-1} - libmtp 1.1.13-1 NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810660961242a539c0b2630edf24e5872c1ec3ae -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810660961242a539c0b2630edf24e5872c1ec3ae You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add reference to upstream commit for CVE-2019-19377/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 470fe644 by Salvatore Bonaccorso at 2020-04-05T20:58:37+02:00 Add reference to upstream commit for CVE-2019-19377/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24366,6 +24366,7 @@ CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem - linux CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) - linux + NOTE: https://git.kernel.org/linus/b3ff8f1d380e65772542aa9bff6c86bf715a CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...) NOT-FOR-US: Octopus Deploy CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL offlo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/470fe644bd8e81e49e545db087b4cbf02d91064a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/470fe644bd8e81e49e545db087b4cbf02d91064a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-15690/libvncserver as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95f653de by Salvatore Bonaccorso at 2020-04-05T17:35:52+02:00 Mark CVE-2019-15690/libvncserver as no-dsa - - - - - 3bf44b1d by Salvatore Bonaccorso at 2020-04-05T17:36:32+02:00 Track proposed updates for libvncserver via {stretch,buster}-pu - - - - - 3 changed files: - data/CVE/list - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/CVE/list = @@ -37895,6 +37895,8 @@ CVE-2019-15690 RESERVED {DLA-2146-1} - libvncserver 0.9.12+dfsg-9 (bug #954163) + [buster] - libvncserver (Minor issue) + [stretch] - libvncserver (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/LibVNC/libvncserver/issues/381 NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed = data/next-oldstable-point-update.txt = @@ -68,3 +68,5 @@ CVE-2019-15522 [stretch] - csync2 2.0-8-g175a01c-4+deb9u1 CVE-2017-11747 [stretch] - tinyproxy 1.8.4-3~deb9u2 +CVE-2019-15690 + [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 = data/next-point-update.txt = @@ -67,3 +67,5 @@ CVE-2019-9658 [buster] - checkstyle 8.15-1+deb10u1 CVE-2019-15522 [buster] - csync2 2.0-22-gce67c55-1+deb10u1 +CVE-2019-15690 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9c293157c3851cf032d7ace82b54693c3514560a...3bf44b1d1abe5af984a150ad3c48bf2961f4b8f0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9c293157c3851cf032d7ace82b54693c3514560a...3bf44b1d1abe5af984a150ad3c48bf2961f4b8f0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for tinyproxy via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9c293157 by Salvatore Bonaccorso at 2020-04-05T17:33:47+02:00 Track proposed update for tinyproxy via stretch-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -66,3 +66,5 @@ CVE-2019-9658 [stretch] - checkstyle 6.15-1+deb9u1 CVE-2019-15522 [stretch] - csync2 2.0-8-g175a01c-4+deb9u1 +CVE-2017-11747 + [stretch] - tinyproxy 1.8.4-3~deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c293157c3851cf032d7ace82b54693c3514560a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c293157c3851cf032d7ace82b54693c3514560a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed updates for csync2 via {stretch,buster}-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f5b5700 by Salvatore Bonaccorso at 2020-04-05T17:31:19+02:00 Track proposed updates for csync2 via {stretch,buster}-pu - - - - - 2 changed files: - data/next-oldstable-point-update.txt - data/next-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -64,3 +64,5 @@ CVE-2020-5267 [stretch] - rails 2:4.2.7.1-1+deb9u2 CVE-2019-9658 [stretch] - checkstyle 6.15-1+deb9u1 +CVE-2019-15522 + [stretch] - csync2 2.0-8-g175a01c-4+deb9u1 = data/next-point-update.txt = @@ -65,3 +65,5 @@ CVE-2019-14862 [buster] - node-knockout 3.4.2-2+deb10u1 CVE-2019-9658 [buster] - checkstyle 8.15-1+deb10u1 +CVE-2019-15522 + [buster] - csync2 2.0-22-gce67c55-1+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f5b570049edf53f42864048c2ef8a343a82ed85 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f5b570049edf53f42864048c2ef8a343a82ed85 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2169-1 for libmtp
Dylan Aïssi pushed to branch master at Debian Security Tracker / security-tracker Commits: b8e08ba1 by Dylan Aïssi at 2020-04-05T15:53:00+02:00 Reserve DLA-2169-1 for libmtp - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[05 Apr 2020] DLA-2169-1 libmtp - security update + {CVE-2017-9831 CVE-2017-9832} + [jessie] - libmtp 1.1.8-1+deb8u1 [02 Apr 2020] DLA-2168-1 libplist - security update {CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-6435 CVE-2017-6436 CVE-2017-6439 CVE-2017-7982} [jessie] - libplist 1.11-3+deb8u1 = data/dla-needed.txt = @@ -34,9 +34,6 @@ libmatio (Adrian Bunk) NOTE: 20190428: older changes seem to also be required for them NOTE: 20200323: work is ongoing -- -libmtp (Dylan Aïssi) - NOTE: 20200323: WIP. (daissi) --- libperlspeak-perl (Mike Gabriel) NOTE: 20200326: No patches yet. NOTE: 20200330: Requested EOL/jessie (sunweaver, h01ger). View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8e08ba1e457b2d72d52dffef86cb57903302b1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8e08ba1e457b2d72d52dffef86cb57903302b1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove no-dsa tagged entries for libmtp which will get an update
Dylan Aïssi pushed to branch master at Debian Security Tracker / security-tracker Commits: a804ca16 by Dylan Aïssi at 2020-04-05T15:44:57+02:00 Remove no-dsa tagged entries for libmtp which will get an update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159207,14 +159207,12 @@ CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injectio CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL functi ...) {DLA-1029-1} - libmtp 1.1.13-1 - [jessie] - libmtp (Minor issue; can be fixed in a point release) NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb@curie.anarc.at CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx f ...) {DLA-1029-1} - libmtp 1.1.13-1 - [jessie] - libmtp (Minor issue; can be fixed in a point release) NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/ NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb@curie.anarc.at View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a804ca16e00e50419c15e3a1b85b04e54760e72d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a804ca16e00e50419c15e3a1b85b04e54760e72d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Jessie phpmyadmin is not affected by CVE-2020-11441. Quite likely no Debian...
Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker Commits: b3445960 by Ola Lundqvist at 2020-04-05T14:34:33+02:00 Jessie phpmyadmin is not affected by CVE-2020-11441. Quite likely no Debian release is affected but that should be checked specifically. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -224,6 +224,7 @@ CVE-2020-11442 RESERVED CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...) - phpmyadmin + [jessie] - phpmyadmin (The pma_error display code does not exist in this version) NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 CVE-2020-11440 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3445960a75b9dfe2e134102cf2721df55827293 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3445960a75b9dfe2e134102cf2721df55827293 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-10701/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 335ecf55 by Salvatore Bonaccorso at 2020-04-05T14:12:50+02:00 Add Debian bug reference for CVE-2020-10701/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2043,7 +2043,7 @@ CVE-2020-10702 [weak signature generation in Pointer Authentication support for NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED - - libvirt + - libvirt (bug #955841) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/335ecf558121aa0e4d0db617c9cb61e1dacce358 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/335ecf558121aa0e4d0db617c9cb61e1dacce358 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] csync2 fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b3a80e10 by Moritz Muehlenhoff at 2020-04-05T12:55:10+02:00 csync2 fixed in sid - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -38440,7 +38440,7 @@ CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a CVE-2019-15523 RESERVED CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...) - - csync2 (bug #955445) + - csync2 2.0-25-gc0faaf9-1 (bug #955445) [buster] - csync2 (Minor issue) [stretch] - csync2 (Minor issue) [jessie] - csync2 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3a80e1002945cb3817a8c36977e49b2510e034a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3a80e1002945cb3817a8c36977e49b2510e034a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c11f0ede by Salvatore Bonaccorso at 2020-04-05T11:48:56+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) - TODO: check + NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) - TODO: check + NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 RESERVED CVE-2020-11545 @@ -11,7 +11,7 @@ CVE-2020-11544 CVE-2020-11543 RESERVED CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) - TODO: check + NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 RESERVED CVE-2020-11540 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c11f0ede64f4fb3ae8ff0e72e6c38989ebe18f34 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c11f0ede64f4fb3ae8ff0e72e6c38989ebe18f34 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Fix for CVE-2019-20485/libvirt moved to unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a69b1373 by Salvatore Bonaccorso at 2020-04-05T10:19:53+02:00 Fix for CVE-2019-20485/libvirt moved to unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4762,8 +4762,7 @@ CVE-2020-9480 CVE-2020-9479 RESERVED CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) - [experimental] - libvirt 6.0.0-1 - - libvirt (low; bug #953078) + - libvirt 6.0.0-2 (low; bug #953078) [buster] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) [jessie] - libvirt (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a69b1373fa000ef10867a151982836c620900439 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a69b1373fa000ef10867a151982836c620900439 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8abee63c by security tracker role at 2020-04-05T08:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,33 @@ +CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) + TODO: check +CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) + TODO: check +CVE-2020-11546 + RESERVED +CVE-2020-11545 + RESERVED +CVE-2020-11544 + RESERVED +CVE-2020-11543 + RESERVED +CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) + TODO: check +CVE-2020-11541 + RESERVED +CVE-2020-11540 + RESERVED +CVE-2020-11539 + RESERVED +CVE-2020-11538 + RESERVED +CVE-2020-11537 + RESERVED +CVE-2020-11536 + RESERVED +CVE-2020-11535 + RESERVED +CVE-2020-11534 + RESERVED CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8abee63c790b98772276a16eeb96018dd5ba7018 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8abee63c790b98772276a16eeb96018dd5ba7018 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-10703/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f431e54 by Salvatore Bonaccorso at 2020-04-05T09:37:40+02:00 Update information on CVE-2020-10703/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1998,8 +1998,11 @@ CVE-2020-10704 CVE-2020-10703 [Potential denial of service via active pool without target path] RESERVED - libvirt 6.0.0-2 + [stretch] - libvirt (Vulnerable code introduced later) + [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 - NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) + NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) + NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] RESERVED - qemu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f431e543f346d13e203512b18dfba6f14c4dfdf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f431e543f346d13e203512b18dfba6f14c4dfdf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add tag information for CVE-2020-10703 upstream's fix
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0427b0b by Salvatore Bonaccorso at 2020-04-05T09:28:42+02:00 Add tag information for CVE-2020-10703 upstreams fix - - - - - dcd2c56d by Salvatore Bonaccorso at 2020-04-05T09:30:56+02:00 Add fixed version (via unstable) for CVE-2020-10703 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1997,9 +1997,9 @@ CVE-2020-10704 RESERVED CVE-2020-10703 [Potential denial of service via active pool without target path] RESERVED - - libvirt + - libvirt 6.0.0-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 - NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] RESERVED - qemu View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84ddc5cbcf2a01c5ffd75c5715df4703bf17a5f6...dcd2c56d6e3d52f032326cebb7aa065562d82fc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84ddc5cbcf2a01c5ffd75c5715df4703bf17a5f6...dcd2c56d6e3d52f032326cebb7aa065562d82fc5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information for CVE-2020-10702/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84ddc5cb by Salvatore Bonaccorso at 2020-04-05T09:27:17+02:00 Update information for CVE-2020-10702/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2003,8 +2003,11 @@ CVE-2020-10703 [Potential denial of service via active pool without target path] CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] RESERVED - qemu - - qemu-kvm - NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + - qemu-kvm (Vulnerable code introduced later) + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED - libvirt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84ddc5cbcf2a01c5ffd75c5715df4703bf17a5f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84ddc5cbcf2a01c5ffd75c5715df4703bf17a5f6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-10701/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dbed89c3 by Salvatore Bonaccorso at 2020-04-05T09:23:46+02:00 Update information on CVE-2020-10701/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2008,7 +2008,11 @@ CVE-2020-10702 [weak signature generation in Pointer Authentication support for CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED - libvirt - NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 + [buster] - libvirt (Vulnerable code introduced later) + [stretch] - libvirt (Vulnerable code introduced later) + [jessie] - libvirt (Vulnerable code introduced later) + NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) + NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) CVE-2020-10700 RESERVED CVE-2020-10699 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbed89c33c6f134fc801fe2b8716403d01f52578 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbed89c33c6f134fc801fe2b8716403d01f52578 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 3 commits: Add CVE-2020-10701/libvirt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8956797 by Salvatore Bonaccorso at 2020-04-05T08:56:32+02:00 Add CVE-2020-10701/libvirt - - - - - 7606723a by Salvatore Bonaccorso at 2020-04-05T08:57:26+02:00 Add CVE-2020-10702/qemu - - - - - 167b832a by Salvatore Bonaccorso at 2020-04-05T08:57:38+02:00 Add CVE-2020-10703/libvirt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1995,12 +1995,20 @@ CVE-2020-10705 RESERVED CVE-2020-10704 RESERVED -CVE-2020-10703 +CVE-2020-10703 [Potential denial of service via active pool without target path] RESERVED -CVE-2020-10702 + - libvirt + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f +CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] RESERVED -CVE-2020-10701 + - qemu + - qemu-kvm + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 +CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED + - libvirt + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 CVE-2020-10700 RESERVED CVE-2020-10699 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e2d19a78fad31755bb71950c3e0fcdbb71b54137...167b832a06965f2027a2ee23a50141412d85e917 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e2d19a78fad31755bb71950c3e0fcdbb71b54137...167b832a06965f2027a2ee23a50141412d85e917 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add back lost entry for CVE-2020-7619
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b48f494 by Salvatore Bonaccorso at 2020-04-05T08:48:09+02:00 Add back lost entry for CVE-2020-7619 - - - - - e2d19a78 by Salvatore Bonaccorso at 2020-04-05T08:49:36+02:00 mark CVE-2020-7619 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9069,6 +9069,8 @@ CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command In NOT-FOR-US: Node strong-nginx-controller CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...) NOT-FOR-US: Node pomelo-monitor +CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) + NOT-FOR-US: get-git-data node module CVE-2020-7618 RESERVED CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/903e9760c3ac5476ccdfb37a98fc038fa0692c43...e2d19a78fad31755bb71950c3e0fcdbb71b54137 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/903e9760c3ac5476ccdfb37a98fc038fa0692c43...e2d19a78fad31755bb71950c3e0fcdbb71b54137 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits