[Git][security-tracker-team/security-tracker][master] Several chromium issues fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62fbf02c by Salvatore Bonaccorso at 2020-04-09T06:49:27+02:00 Several chromium issues fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12404,15 +12404,15 @@ CVE-2020-6457 RESERVED CVE-2020-6456 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6455 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6454 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6453 RESERVED @@ -12437,79 +12437,79 @@ CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 a [stretch] - chromium (see DSA 4562) CVE-2020-6448 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6447 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6446 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6445 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6444 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6443 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6442 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6441 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6440 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6439 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6438 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6437 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6436 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6435 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6434 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6433 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6432 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6431 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6430 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} @@ -12537,7 +12537,7 @@ CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 a [stretch] - chromium (see DSA 4562) CVE-2020-6423 RESERVED - - chromium + - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62fbf02c571274ed794f7edbd2dc31569f082cbf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62fbf02c571274ed794f7edbd2dc31569f082cbf You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95714648 by Salvatore Bonaccorso at 2020-04-08T22:24:58+02:00 Process some NFUs - - - - - 671be1be by Salvatore Bonaccorso at 2020-04-08T22:31:00+02:00 Add CVE-2019-20636/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,10 @@ CVE-2020-11638 CVE-2020-11637 RESERVED CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) - TODO: check + - linux 5.4.13-1 + [buster] - linux 4.19.98-1 + [stretch] - linux 4.9.210-1 + NOTE: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784 CVE-2020-11636 RESERVED CVE-2020-11635 @@ -93,131 +96,131 @@ CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. driver - linux NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21092 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21091 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21090 (An issue was discovered on Samsung mobile devices with software throug ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21089 (An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/ ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21088 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21087 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21086 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21085 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21084 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21083 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21082 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21081 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21080 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21079 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21078 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21077 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21076 (An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2018-21075 (An issue
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 71441c1d by security tracker role at 2020-04-08T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,25 @@ +CVE-2020-11646 + RESERVED +CVE-2020-11645 + RESERVED +CVE-2020-11644 + RESERVED +CVE-2020-11643 + RESERVED +CVE-2020-11642 + RESERVED +CVE-2020-11641 + RESERVED +CVE-2020-11640 + RESERVED +CVE-2020-11639 + RESERVED +CVE-2020-11638 + RESERVED +CVE-2020-11637 + RESERVED +CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) + TODO: check CVE-2020-11636 RESERVED CVE-2020-11635 @@ -70,132 +92,132 @@ CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux ke CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) - linux NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 -CVE-2020-11607 - RESERVED -CVE-2020-11606 - RESERVED -CVE-2020-11605 - RESERVED -CVE-2020-11604 - RESERVED -CVE-2020-11603 - RESERVED -CVE-2020-11602 - RESERVED -CVE-2020-11601 - RESERVED -CVE-2020-11600 - RESERVED -CVE-2018-21092 - RESERVED -CVE-2018-21091 - RESERVED -CVE-2018-21090 - RESERVED -CVE-2018-21089 - RESERVED -CVE-2018-21088 - RESERVED -CVE-2018-21087 - RESERVED -CVE-2018-21086 - RESERVED -CVE-2018-21085 - RESERVED -CVE-2018-21084 - RESERVED -CVE-2018-21083 - RESERVED -CVE-2018-21082 - RESERVED -CVE-2018-21081 - RESERVED -CVE-2018-21080 - RESERVED -CVE-2018-21079 - RESERVED -CVE-2018-21078 - RESERVED -CVE-2018-21077 - RESERVED -CVE-2018-21076 - RESERVED -CVE-2018-21075 - RESERVED -CVE-2018-21074 - RESERVED -CVE-2018-21073 - RESERVED -CVE-2018-21072 - RESERVED -CVE-2018-21071 - RESERVED -CVE-2018-21070 - RESERVED -CVE-2018-21069 - RESERVED -CVE-2018-21068 - RESERVED -CVE-2018-21067 - RESERVED -CVE-2018-21066 - RESERVED -CVE-2018-21065 - RESERVED -CVE-2018-21064 - RESERVED -CVE-2018-21063 - RESERVED -CVE-2018-21062 - RESERVED -CVE-2018-21061 - RESERVED -CVE-2018-21060 - RESERVED -CVE-2018-21059 - RESERVED -CVE-2018-21058 - RESERVED -CVE-2018-21057 - RESERVED -CVE-2018-21056 - RESERVED -CVE-2018-21055 - RESERVED -CVE-2018-21054 - RESERVED -CVE-2018-21053 - RESERVED -CVE-2018-21052 - RESERVED -CVE-2018-21051 - RESERVED -CVE-2018-21050 - RESERVED -CVE-2018-21049 - RESERVED -CVE-2018-21048 - RESERVED -CVE-2018-21047 - RESERVED -CVE-2018-21046 - RESERVED -CVE-2018-21045 - RESERVED -CVE-2018-21044 - RESERVED -CVE-2018-21043 - RESERVED -CVE-2018-21042 - RESERVED -CVE-2018-21041 - RESERVED -CVE-2018-21040 - RESERVED -CVE-2018-21039 - RESERVED -CVE-2018-21038 - RESERVED +CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + TODO: check +CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + TODO: check +CVE-2018-21092 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + TODO: check +CVE-2018-21091 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + TODO: check +CVE-2018-21090 (An issue was discovered on Samsung mobile devices with software throug ...) + TODO: check +CVE-2018-21089 (An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/ ...) + TODO: check +CVE-2018-21088 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + TODO: check +CVE-2018-21087 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), ...) + TODO: check +CVE-2018-21086 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) + TODO: check +CVE-2018-21085 (An issue was discovered on Samsung mobile devices
[Git][security-tracker-team/security-tracker][master] Mark several jackson-databind issues as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5eefa4e6 by Salvatore Bonaccorso at 2020-04-08T22:01:49+02:00 Mark several jackson-databind issues as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -32,11 +32,15 @@ CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. @@ -1363,16 +1367,22 @@ CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid m NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 CVE-2020-3 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-2 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-1 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. @@ -1676,11 +1686,15 @@ CVE-2020-10970 RESERVED CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. @@ -2608,12 +2622,16 @@ CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows at CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind + [buster] - jackson-databind (Minor issue; can be fixed via a point release) + [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20f18bf6 by Salvatore Bonaccorso at 2020-04-08T21:55:41+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,17 +9,17 @@ CVE-2020-11633 CVE-2020-11632 RESERVED CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) - TODO: check + NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) - TODO: check + NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) - TODO: check + NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) - TODO: check + NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) - TODO: check + NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) - TODO: check + NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11625 RESERVED CVE-2020-11624 @@ -445,9 +445,9 @@ CVE-2020-11563 CVE-2020-11562 RESERVED CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) - TODO: check + NOT-FOR-US: NCH Express Invoice CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) - TODO: check + NOT-FOR-US: NCH Express Invoice CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) @@ -484,7 +484,7 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11543 (OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password ...) - TODO: check + NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 @@ -546,7 +546,7 @@ CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unaut CVE-2020-11513 RESERVED CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) - TODO: check + NOT-FOR-US: IMPress for IDX Broker WordPress plugin CVE-2020-11511 RESERVED CVE-2020-11510 @@ -2742,7 +2742,7 @@ CVE-2020-10635 CVE-2020-10634 RESERVED CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) - TODO: check + NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 RESERVED CVE-2020-10631 @@ -5750,7 +5750,7 @@ CVE-2020-9288 CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) NOT-FOR-US: Fortiguard CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2020-9285 RESERVED CVE-2020-9284 @@ -8454,7 +8454,7 @@ CVE-2020-8098 CVE-2020-8097 RESERVED CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) NOT-FOR-US: Bitdefender Total Security CVE-2020-8094 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f18bf654791f6ef9a6211e44b25a98bfaab11b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20f18bf654791f6ef9a6211e44b25a98bfaab11b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-116{19,20}/jackson-databind
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a752986b by Salvatore Bonaccorso at 2020-04-08T21:44:06+02:00 Add CVE-2020-116{19,20}/jackson-databind - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,9 +31,15 @@ CVE-2020-11622 CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - TODO: check + - jackson-databind + NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - TODO: check + - jackson-databind + NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 RESERVED CVE-2020-11617 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a752986b5305dd4e8e7094b213996b8f640a8e4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a752986b5305dd4e8e7094b213996b8f640a8e4f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] firefox DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 79eb7169 by Moritz Muehlenhoff at 2020-04-08T17:46:16+02:00 firefox DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[08 Apr 2020] DSA-4655-1 firefox-esr - security update + {CVE-2020-6821 CVE-2020-6822 CVE-2020-6825} + [stretch] - firefox-esr 68.7.0esr-1~deb9u1 + [buster] - firefox-esr 68.7.0esr-1~deb10u1 [07 Apr 2020] DSA-4654-1 chromium - security update {CVE-2020-6450 CVE-2020-6451 CVE-2020-6452} [buster] - chromium 80.0.3987.162-1~deb10u1 = data/dsa-needed.txt = @@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium -- -firefox-esr (jmm) --- jruby/oldstable -- libopenmpt View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79eb71694ca6d4ece2cdcffc948330816fa0715d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79eb71694ca6d4ece2cdcffc948330816fa0715d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-1712/systemd as no-dsa for buster and stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: da588704 by Salvatore Bonaccorso at 2020-04-08T17:37:06+02:00 Mark CVE-2020-1712/systemd as no-dsa for buster and stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25137,6 +25137,8 @@ CVE-2020-1713 RESERVED CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...) - systemd 244.2-1 (bug #950732) + [buster] - systemd (Can be fixed via point release) + [stretch] - systemd (Can be fixed via point release) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation) NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da588704b3ca88b2571525fe19fb8638d1f19c04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da588704b3ca88b2571525fe19fb8638d1f19c04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed fix for CVE-2020-1712 via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58277840 by Salvatore Bonaccorso at 2020-04-08T17:36:19+02:00 Track proposed fix for CVE-2020-1712 via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -69,3 +69,5 @@ CVE-2019-15522 [buster] - csync2 2.0-22-gce67c55-1+deb10u1 CVE-2019-15690 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 +CVE-2020-1712 + [buster] - systemd 241-7~deb10u4 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58277840e6a9e9665f7c16f9651e47ea5771905e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58277840e6a9e9665f7c16f9651e47ea5771905e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track upstream report for CVE-2020-10188/inetutils
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2651a053 by Salvatore Bonaccorso at 2020-04-08T17:34:51+02:00 Track upstream report for CVE-2020-10188/inetutils - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3690,6 +3690,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 + NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - libusrsctp 0.9.3.0+20200312-1 (bug #953270) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2651a0534129d56e85637c9210bdb060e739ae42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2651a0534129d56e85637c9210bdb060e739ae42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b663217b by Moritz Muehlenhoff at 2020-04-08T16:12:42+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44134,8 +44134,10 @@ CVE-2019-14136 RESERVED CVE-2019-14135 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14134 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14133 RESERVED CVE-2019-14132 @@ -44152,6 +44154,7 @@ CVE-2019-14128 RESERVED CVE-2019-14127 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14126 RESERVED CVE-2019-14125 @@ -44202,6 +44205,7 @@ CVE-2019-14106 RESERVED CVE-2019-14105 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14104 RESERVED NOT-FOR-US: Qualcomm components for Android @@ -44263,6 +44267,7 @@ CVE-2019-14076 RESERVED CVE-2019-14075 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14074 RESERVED CVE-2019-14073 @@ -44348,6 +44353,7 @@ CVE-2019-14034 (Use after free while processing eeprom query as there is a chanc NOT-FOR-US: Qualcomm components for Android CVE-2019-14033 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14032 (Memory use after free issue in audio due to lack of resource control i ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14031 (Buffer overflow can occur while parsing RSN IE containing list of PMK ...) @@ -44370,14 +44376,19 @@ CVE-2019-14023 (String format issue will occur while processing HLOS data as the NOT-FOR-US: Qualcomm components for Android CVE-2019-14022 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14021 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14020 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14019 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14018 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14017 (Heap buffer overflow can occur while parsing invalid MKV clip which is ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14016 (Integer overflow occurs while playing the clip which is nonstandard in ...) @@ -44390,16 +44401,20 @@ CVE-2019-14013 (While parsing invalid super index table, elements within super i NOT-FOR-US: Qualcomm components for Android CVE-2019-14012 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14011 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14010 (The device may enter into error state when some tool or application ge ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14009 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14008 (Possible null pointer dereference issue in location assistance data pr ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14007 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14006 (Buffer overflow occur while playing the clip which is nonstandard due ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14005 (Buffer overflow occur while playing the clip which is nonstandard due ...) @@ -44412,6 +44427,7 @@ CVE-2019-14002 (APKs without proper permission may bind to CallEnhancementServic NOT-FOR-US: Qualcomm components for Android CVE-2019-14001 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-13999 @@ -54960,11 +54976,13 @@ CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of c NOT-FOR-US: Qualcomm components for Android CVE-2019-10610 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10609 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2019-10608 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL characte ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10606 (Out-of-bound access will occur in USB driver due to lack of check to v ...) @@ -55003,6 +55021,7 @@ CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standar NOT-FOR-US: Snapdragon CVE-2019-10589 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10588 RESERVED NOT-FOR-US: Qualcomm components for Android @@ -55083,6 +55102,7 @@ CVE-2019-10552 (Multiple Buffer Over-read issue can happen due to imp
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-6817/python-bleach
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8c57eaf by Salvatore Bonaccorso at 2020-04-08T14:45:06+02:00 Mark CVE-2020-6817/python-bleach The issue is minor (considering the DOS potential) and there is quite some regression potenial with invasive fixes. Mark the issue no-dsa for buster and stretch. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11473,10 +11473,13 @@ CVE-2020-6817 [Regular expression denial of service] RESERVED {DLA-2167-1} - python-bleach 3.1.4-1 (bug #955388) + [buster] - python-bleach (Minor issue; some regression potential) + [stretch] - python-bleach (Minor issue; some regression potential) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 + NOTE: Regression report: https://github.com/mozilla/bleach/pull/530 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8c57eaf82368f937bf4af33666588c26cb66e91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8c57eaf82368f937bf4af33666588c26cb66e91 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark libconvert-asn1-perl as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2731c0a2 by Salvatore Bonaccorso at 2020-04-08T14:42:05+02:00 Mark libconvert-asn1-perl as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -358,6 +358,8 @@ CVE-2015-9544 (An issue was discovered in xdLocalStorage through 2.0.5. The rece TODO: check CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...) - libconvert-asn1-perl (bug #956186) + [buster] - libconvert-asn1-perl (Minor issue) + [stretch] - libconvert-asn1-perl (Minor issue) NOTE: https://github.com/gbarr/perl-Convert-ASN1/issues/14 CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731c0a2d26890c8ac5f209ba1d60c266f0bf1f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2731c0a2d26890c8ac5f209ba1d60c266f0bf1f4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: claim inetutils in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: c462c9a6 by Roberto C. Sánchez at 2020-04-08T08:26:30-04:00 LTS: claim inetutils in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -20,7 +20,7 @@ ceph (Chris Lamb) -- graphicsmagick (Roberto C. Sánchez) -- -inetutils +inetutils (Roberto C. Sánchez) NOTE: 20200408: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) -- jackson-databind (Utkarsh Gupta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c462c9a65d2977f5043aa7baf71b8da08d18b409 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c462c9a65d2977f5043aa7baf71b8da08d18b409 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 4bf5279a by Moritz Muehlenhoff at 2020-04-08T13:45:41+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19631,6 +19631,7 @@ CVE-2020-3652 RESERVED CVE-2020-3651 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-3650 RESERVED CVE-2020-3649 @@ -31509,30 +31510,40 @@ CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible NOT-FOR-US: Android CVE-2020-0082 RESERVED + NOT-FOR-US: Android CVE-2020-0081 RESERVED + NOT-FOR-US: Android CVE-2020-0080 RESERVED + NOT-FOR-US: Android CVE-2020-0079 RESERVED CVE-2020-0078 RESERVED CVE-2020-0077 RESERVED + NOT-FOR-US: Android CVE-2020-0076 RESERVED + NOT-FOR-US: Android CVE-2020-0075 RESERVED + NOT-FOR-US: Android CVE-2020-0074 RESERVED CVE-2020-0073 RESERVED + NOT-FOR-US: Android CVE-2020-0072 RESERVED + NOT-FOR-US: Android CVE-2020-0071 RESERVED + NOT-FOR-US: Android CVE-2020-0070 RESERVED + NOT-FOR-US: Android CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0068 @@ -44124,8 +44135,10 @@ CVE-2019-14133 RESERVED CVE-2019-14132 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14131 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14130 RESERVED CVE-2019-14129 @@ -44144,6 +44157,7 @@ CVE-2019-14123 RESERVED CVE-2019-14122 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14121 RESERVED CVE-2019-14120 @@ -44160,14 +44174,19 @@ CVE-2019-14115 RESERVED CVE-2019-14114 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14113 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14112 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14111 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14110 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14109 RESERVED CVE-2019-14108 @@ -44180,6 +44199,7 @@ CVE-2019-14105 RESERVED CVE-2019-14104 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14103 RESERVED CVE-2019-14102 @@ -44248,6 +44268,7 @@ CVE-2019-14071 (Compromised reset handler may bypass access control due to AC co NOT-FOR-US: Qualcomm components for Android CVE-2019-14070 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-14069 RESERVED CVE-2019-14068 (Out of bound access in msm routing due to lack of check of size before ...) @@ -54936,6 +54957,7 @@ CVE-2019-10610 RESERVED CVE-2019-10609 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10608 RESERVED CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL characte ...) @@ -54978,6 +55000,7 @@ CVE-2019-10589 RESERVED CVE-2019-10588 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10587 (Possible Stack overflow can occur when processing a large SDP body or ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10586 (Filling media attribute tag names without validating the destination b ...) @@ -55004,6 +55027,7 @@ CVE-2019-10576 RESERVED CVE-2019-10575 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10574 RESERVED NOT-FOR-US: Qualcomm components for Android @@ -55192,6 +55216,7 @@ CVE-2019-10484 (Use after free issue occurs when command destructors access dyna NOT-FOR-US: Qualcomm components for Android CVE-2019-10483 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10482 (Due to the use of non-time-constant comparison functions there is issu ...) NOT-FOR-US: Snapdragon CVE-2019-10481 (Out of bound access occurs while handling the WMI FW event due to lack ...) @@ -79292,6 +79317,7 @@ CVE-2019-2057 RESERVED CVE-2019-2056 RESERVED + NOT-FOR-US: Android CVE-2019-2055 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2054 (In the seccomp implementation prior to kernel version 4.8, there is a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf5279a29b77ca4b8ac16dd8957990fd0e1f1f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf5279a29b77ca4b8ac16dd8957990fd0e1f1f4 You're
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 85949e62 by Moritz Muehlenhoff at 2020-04-08T13:40:45+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -54898,17 +54898,22 @@ CVE-2019-10626 RESERVED CVE-2019-10625 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10624 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10623 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2019-10622 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10621 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10620 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10619 RESERVED CVE-2019-10618 (Driver may access an invalid address while processing IO control due t ...) @@ -55001,6 +55006,7 @@ CVE-2019-10575 RESERVED CVE-2019-10574 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10573 RESERVED CVE-2019-10572 (Improper check in video driver while processing data from video firmwa ...) @@ -55037,6 +55043,7 @@ CVE-2019-10557 (Out-of-bound read in the wireless driver in the Linux kernel due NOT-FOR-US: Qualcomm components for Android CVE-2019-10556 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and missing l ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10554 (Multiple Read overflows issue due to improper length check while decod ...) @@ -55055,6 +55062,7 @@ CVE-2019-10548 (While trying to obtain datad ipc handle during DPL initializatio NOT-FOR-US: Qualcomm components for Android CVE-2019-10547 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10546 (Buffer overflow can occur in WLAN firmware while parsing beacon/probe_ ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check related ...) @@ -55103,6 +55111,7 @@ CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrong NOT-FOR-US: Snapdragon CVE-2019-10523 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow can occur ...) NOT-FOR-US: Snapdragon CVE-2019-10521 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85949e62914fcce8f56399320b9faf2ec8fdf8c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85949e62914fcce8f56399320b9faf2ec8fdf8c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2170-1 for firefox-esr
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: 11530d89 by Emilio Pozuelo Monfort at 2020-04-08T13:25:27+02:00 Reserve DLA-2170-1 for firefox-esr - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[08 Apr 2020] DLA-2170-1 firefox-esr - security update + {CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825} + [jessie] - firefox-esr 68.7.0esr-1~deb8u1 [05 Apr 2020] DLA-2169-1 libmtp - security update {CVE-2017-9831 CVE-2017-9832} [jessie] - libmtp 1.1.8-1+deb8u1 = data/dla-needed.txt = @@ -18,8 +18,6 @@ bluez (Emilio) -- ceph (Chris Lamb) -- -firefox-esr (Emilio) --- graphicsmagick (Roberto C. Sánchez) -- inetutils View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11530d894678fa7139640ca683142423ee175eab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11530d894678fa7139640ca683142423ee175eab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Triage netty for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: a2827446 by Chris Lamb at 2020-04-08T11:00:14+01:00 data/dla-needed.txt: Triage netty for jessie LTS. - - - - - c300b893 by Chris Lamb at 2020-04-08T11:01:14+01:00 data/dla-needed.txt: Update notes, etc. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -23,7 +23,7 @@ firefox-esr (Emilio) graphicsmagick (Roberto C. Sánchez) -- inetutils - NOTE: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) + NOTE: 20200408: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) -- jackson-databind (Utkarsh Gupta) -- @@ -50,8 +50,12 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- mumble (Abhijith PA) - NOTE:20200325: Regression in last upload, forgot to follow up. - NOTE:20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) + NOTE: 20200325: Regression in last upload, forgot to follow up. + NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) +-- +netty + NOTE: 20200408: Upstream patch looks fairly invasive and maybe incomplete + NOTE: 20200408: ("This should probably be reopened.") (lamby) -- opendmarc (Thorsten Alteholz) NOTE: 20200406: still testing package, original patch does not seem to be enough, still ongoing @@ -73,12 +77,12 @@ shiro (Chris Lamb) -- squid3 (Markus Koschany) NOTE: 20200330: There is still an issue with CVE-2019-12523 but the rest - NOTE: looks good now. (apo) + NOTE: 20200330: looks good now. (apo) -- thunderbird (Emilio) -- tomcat8 (Markus Koschany) - NOTE: I am reviewing a patch for Abhijith currently. + NOTE: 20200330: I am reviewing a patch for Abhijith currently. -- wireshark (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd42039533df3498fe2906cf7d3deb5ed6feecf8...c300b893c6289dff1556630a2a4a1ee887f61e6f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd42039533df3498fe2906cf7d3deb5ed6feecf8...c300b893c6289dff1556630a2a4a1ee887f61e6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage inetutils for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: fd420395 by Chris Lamb at 2020-04-08T10:55:14+01:00 data/dla-needed.txt: Triage inetutils for jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,9 @@ firefox-esr (Emilio) -- graphicsmagick (Roberto C. Sánchez) -- +inetutils + NOTE: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) +-- jackson-databind (Utkarsh Gupta) -- libconvert-asn1-perl (Utkarsh Gupta) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42039533df3498fe2906cf7d3deb5ed6feecf8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd42039533df3498fe2906cf7d3deb5ed6feecf8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim ceph.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 389115b4 by Chris Lamb at 2020-04-08T10:47:49+01:00 data/dla-needed.txt: Claim ceph. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -16,7 +16,7 @@ ansible bluez (Emilio) NOTE: 20200330: wip -- -ceph +ceph (Chris Lamb) -- firefox-esr (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389115b4caed1636658cea993b79a6aa49eff502 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/389115b4caed1636658cea993b79a6aa49eff502 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage ceph for jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c426af5 by Chris Lamb at 2020-04-08T10:47:29+01:00 data/dla-needed.txt: Triage ceph for jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -16,6 +16,8 @@ ansible bluez (Emilio) NOTE: 20200330: wip -- +ceph +-- firefox-esr (Emilio) -- graphicsmagick (Roberto C. Sánchez) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c426af5fd34bb122b1c17b95de4d2a690763229 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c426af5fd34bb122b1c17b95de4d2a690763229 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e9b02415 by security tracker role at 2020-04-08T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,43 @@ +CVE-2020-11636 + RESERVED +CVE-2020-11635 + RESERVED +CVE-2020-11634 + RESERVED +CVE-2020-11633 + RESERVED +CVE-2020-11632 + RESERVED +CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + TODO: check +CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + TODO: check +CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + TODO: check +CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + TODO: check +CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + TODO: check +CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + TODO: check +CVE-2020-11625 + RESERVED +CVE-2020-11624 + RESERVED +CVE-2020-11623 + RESERVED +CVE-2020-11622 + RESERVED +CVE-2020-11621 + RESERVED +CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + TODO: check +CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + TODO: check +CVE-2020-11618 + RESERVED +CVE-2020-11617 + RESERVED CVE-2020-11616 RESERVED CVE-2020-11615 @@ -288,7 +328,6 @@ CVE-2016-11038 (An issue was discovered on Samsung mobile devices with software NOT-FOR-US: Samsung mobile devices CVE-2016-11037 REJECTED - TODO: check CVE-2016-11036 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2016-11035 (An issue was discovered on Samsung mobile devices with software throug ...) @@ -436,8 +475,8 @@ CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to mul NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 -CVE-2020-11543 - RESERVED +CVE-2020-11543 (OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password ...) + TODO: check CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 @@ -2694,8 +2733,8 @@ CVE-2020-10635 RESERVED CVE-2020-10634 RESERVED -CVE-2020-10633 - RESERVED +CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) + TODO: check CVE-2020-10632 RESERVED CVE-2020-10631 @@ -3261,8 +3300,8 @@ CVE-2020-10368 RESERVED CVE-2020-10367 RESERVED -CVE-2020-10366 - RESERVED +CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) + TODO: check CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) @@ -12313,14 +12352,17 @@ CVE-2020-6453 RESERVED CVE-2020-6452 RESERVED + {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6451 RESERVED + {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6450 RESERVED + {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) @@ -38062,8 +38104,8 @@ CVE-2019-15791 CVE-2019-15790 RESERVED NOT-FOR-US: Apport -CVE-2019-15789 - RESERVED +CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege ...) + TODO: check CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9b02415224c59c3511f4fbc4eeb57f0538722f2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9b02415224c59c3511f4fbc4eeb57f0538722f2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mail
[Git][security-tracker-team/security-tracker][master] Add and claim libconvert-asn1-perl
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 6830ee7c by Utkarsh Gupta at 2020-04-08T12:37:48+05:30 Add and claim libconvert-asn1-perl - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,8 @@ graphicsmagick (Roberto C. Sánchez) -- jackson-databind (Utkarsh Gupta) -- +libconvert-asn1-perl (Utkarsh Gupta) +-- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6830ee7c8cb2398fc8d9ae95651a5062b49fdf00 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6830ee7c8cb2398fc8d9ae95651a5062b49fdf00 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits