[Git][security-tracker-team/security-tracker][master] Add tracking bug for perl issues fixed in 5.30.3-1
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cf7075f by Salvatore Bonaccorso at 2020-06-02T06:38:49+02:00 Add tracking bug for perl issues fixed in 5.30.3-1 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2322,7 +2322,7 @@ CVE-2020-12724 RESERVED CVE-2020-12723 [Buffer overflow caused by a crafted regular expression] RESERVED - - perl 5.30.3-1 + - perl 5.30.3-1 (bug #962005) [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) @@ -8088,7 +8088,7 @@ CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a craft NOT-FOR-US: rConfig CVE-2020-10878 [Integer overflow via malformed bytecode produced by a crafted regular expression] RESERVED - - perl 5.30.3-1 + - perl 5.30.3-1 (bug #962005) [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) @@ -9233,7 +9233,7 @@ CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, whe NOT-FOR-US: Invision Power Board CVE-2020-10543 [Buffer overflow caused by a crafted regular expression] RESERVED - - perl 5.30.3-1 + - perl 5.30.3-1 (bug #962005) [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cf7075fc64bd7729a09b1cc8ad2d42c67ae02bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cf7075fc64bd7729a09b1cc8ad2d42c67ae02bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: reclaim libmatio
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e3ffa04 by Adrian Bunk at 2020-06-02T07:29:42+03:00 dla: reclaim libmatio - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -56,7 +56,7 @@ imagemagick (Markus Koschany) libdatetime-timezone-perl NOTE: 20200514: LTS update must wait on oldstable update first to prevent newer version in LTS (roberto) -- -libmatio +libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. NOTE: 20190428: most patches can be applied after context adaption View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e3ffa04718ffe2b86fbd95cb6dd4e15e21c6e61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e3ffa04718ffe2b86fbd95cb6dd4e15e21c6e61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] perl: CVE-2020-12723, CVE-2020-10878 and CVE-2020-10543 fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c3554cc by Salvatore Bonaccorso at 2020-06-02T06:16:09+02:00 perl: CVE-2020-12723, CVE-2020-10878 and CVE-2020-10543 fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2322,7 +2322,7 @@ CVE-2020-12724 RESERVED CVE-2020-12723 [Buffer overflow caused by a crafted regular expression] RESERVED - - perl + - perl 5.30.3-1 [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) @@ -8088,7 +8088,7 @@ CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a craft NOT-FOR-US: rConfig CVE-2020-10878 [Integer overflow via malformed bytecode produced by a crafted regular expression] RESERVED - - perl + - perl 5.30.3-1 [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) @@ -9233,7 +9233,7 @@ CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, whe NOT-FOR-US: Invision Power Board CVE-2020-10543 [Buffer overflow caused by a crafted regular expression] RESERVED - - perl + - perl 5.30.3-1 [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3554cc070e97faaf5eb1a3a2d11cb571da5762 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3554cc070e97faaf5eb1a3a2d11cb571da5762 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-10737/oddjob via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c08b4406 by Salvatore Bonaccorso at 2020-06-02T06:13:31+02:00 Track fixed version for CVE-2020-10737/oddjob via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8624,7 +8624,7 @@ CVE-2020-10739 CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) - moodle CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...) - - oddjob (bug #960089) + - oddjob 0.34.6-1 (bug #960089) [buster] - oddjob (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042 NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08b4406787324d58899afad38c1910719e87969 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08b4406787324d58899afad38c1910719e87969 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2020-12740
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e6e86210 by Salvatore Bonaccorso at 2020-06-02T06:11:36+02:00 Update notes for CVE-2020-12740 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2284,6 +2284,8 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer ov - tcpreplay (unimportant) [jessie] - tcpreplay (Vulnerable code added later) NOTE: https://github.com/appneta/tcpreplay/issues/576 + NOTE: https://github.com/appneta/tcpreplay/pull/590 + NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578 NOTE: --fuzz-seed in PoC not present until version 4.2.0 NOTE: Crash in CLI tool, no security impact CVE-2020-12739 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e8621066c481aa5091bee088bc4724e749394a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6e8621066c481aa5091bee088bc4724e749394a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove note from CVE-2019-9374
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3daf6227 by Salvatore Bonaccorso at 2020-06-02T06:06:53+02:00 Remove note from CVE-2019-9374 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -66290,7 +66290,6 @@ CVE-2019-9375 (In hostapd, there is a possible out of bounds write due to a race NOT-FOR-US: Android CVE-2019-9374 REJECTED - NOT-FOR-US: Android CVE-2019-9373 (In JobStore, there is a mismatched serialization/deserialization for t ...) NOT-FOR-US: Android CVE-2019-9372 (In libskia, there is a possible crash due to a missing null check. Thi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3daf62273c6bbfd463acefe8e05a02616c478bf0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3daf62273c6bbfd463acefe8e05a02616c478bf0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a10e9c42 by security tracker role at 2020-06-01T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,115 @@ +CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...) + TODO: check +CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphert ...) + TODO: check +CVE-2020-13756 + RESERVED +CVE-2020-13755 + RESERVED +CVE-2020-13753 + RESERVED +CVE-2020-13752 + RESERVED +CVE-2020-13751 + RESERVED +CVE-2020-13750 + RESERVED +CVE-2020-13749 + RESERVED +CVE-2020-13748 + RESERVED +CVE-2020-13747 + RESERVED +CVE-2020-13746 + RESERVED +CVE-2020-13745 + RESERVED +CVE-2020-13744 + RESERVED +CVE-2020-13743 + RESERVED +CVE-2020-13742 + RESERVED +CVE-2020-13741 + RESERVED +CVE-2020-13740 + RESERVED +CVE-2020-13739 + RESERVED +CVE-2020-13738 + RESERVED +CVE-2020-13737 + RESERVED +CVE-2020-13736 + RESERVED +CVE-2020-13735 + RESERVED +CVE-2020-13734 + RESERVED +CVE-2020-13733 + RESERVED +CVE-2020-13732 + RESERVED +CVE-2020-13731 + RESERVED +CVE-2020-13730 + RESERVED +CVE-2020-13729 + RESERVED +CVE-2020-13728 + RESERVED +CVE-2020-13727 + RESERVED +CVE-2020-13726 + RESERVED +CVE-2020-13725 + RESERVED +CVE-2020-13724 + RESERVED +CVE-2020-13723 + RESERVED +CVE-2020-13722 + RESERVED +CVE-2020-13721 + RESERVED +CVE-2020-13720 + RESERVED +CVE-2020-13719 + RESERVED +CVE-2020-13718 + RESERVED +CVE-2020-13717 + RESERVED +CVE-2020-13716 + RESERVED +CVE-2020-13715 + RESERVED +CVE-2020-13714 + RESERVED +CVE-2020-13713 + RESERVED +CVE-2020-13712 + RESERVED +CVE-2020-13711 + RESERVED +CVE-2020-13710 + RESERVED +CVE-2020-13709 + RESERVED +CVE-2020-13708 + RESERVED +CVE-2020-13707 + RESERVED +CVE-2020-13706 + RESERVED +CVE-2020-13705 + RESERVED +CVE-2020-13704 + RESERVED +CVE-2020-13703 + RESERVED +CVE-2019-20809 + RESERVED CVE-2020-13754 [msix: OOB access during mmio operations may lead to DoS] RESERVED - qemu @@ -16,10 +128,10 @@ CVE-2020-13697 RESERVED CVE-2020-13696 RESERVED -CVE-2020-13695 - RESERVED -CVE-2020-13694 - RESERVED +CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) + TODO: check +CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) + TODO: check CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...) NOT-FOR-US: bbPress plugin for WordPress CVE-2020-13692 @@ -542,8 +654,8 @@ CVE-2020-13450 RESERVED CVE-2020-13449 RESERVED -CVE-2020-13448 - RESERVED +CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...) + TODO: check CVE-2020-13447 RESERVED CVE-2020-13446 @@ -749,8 +861,8 @@ CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is [buster] - linux 4.19.118-1 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528 -CVE-2019-20805 - RESERVED +CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...) + TODO: check CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...) NOT-FOR-US: Gila CMS CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...) @@ -1803,8 +1915,7 @@ CVE-2020-12869 RESERVED CVE-2020-12868 RESERVED -CVE-2020-12867 - RESERVED +CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends th ...) {DLA-2231-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) @@ -3785,8 +3896,8 @@ CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3 NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12 NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals -CVE-2020-12062 - RESERVED +CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...) + TODO: check CVE-2020-12061 RESERVED CVE-2020-12060 @@ -7285,6 +7396,7 @@ CVE-2020-11080 CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...) TODO: check CVE-2020-11078 (In httplib2 before ve
[Git][security-tracker-team/security-tracker][master] Sync CVE-2020-10732 with kernel-sec triage
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 59bbff89 by Salvatore Bonaccorso at 2020-06-01T21:44:31+02:00 Sync CVE-2020-10732 with kernel-sec triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8533,6 +8533,7 @@ CVE-2020-10733 CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps] RESERVED - linux + [jessie] - linux (Does not affect supported architectures) NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 CVE-2020-10731 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59bbff89ff78344b362154389a293981209fc272 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59bbff89ff78344b362154389a293981209fc272 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add three new perl issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: da3760e4 by Salvatore Bonaccorso at 2020-06-01T21:41:19+02:00 Add three new perl issues All are intrusive and minor and after the unstable upload an update via point releases might be considered. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2207,8 +2207,12 @@ CVE-2020-12725 RESERVED CVE-2020-12724 RESERVED -CVE-2020-12723 +CVE-2020-12723 [Buffer overflow caused by a crafted regular expression] RESERVED + - perl + [buster] - perl (Minor issue) + [stretch] - perl (Minor issue) + NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) CVE-2020-12722 RESERVED CVE-2020-12721 @@ -7968,8 +7972,13 @@ CVE-2020-10880 RESERVED CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) NOT-FOR-US: rConfig -CVE-2020-10878 +CVE-2020-10878 [Integer overflow via malformed bytecode produced by a crafted regular expression] RESERVED + - perl + [buster] - perl (Minor issue) + [stretch] - perl (Minor issue) + NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) + NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3) CVE-2020-10877 RESERVED CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) @@ -9107,8 +9116,12 @@ CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek Pr NOT-FOR-US: PrimeTek PrimeFaces CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...) NOT-FOR-US: Invision Power Board -CVE-2020-10543 +CVE-2020-10543 [Buffer overflow caused by a crafted regular expression] RESERVED + - perl + [buster] - perl (Minor issue) + [stretch] - perl (Minor issue) + NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) CVE-2020-10542 RESERVED CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da3760e403b2e4b47fb58de63b76998ebd904b1a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da3760e403b2e4b47fb58de63b76998ebd904b1a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-861{6,7}/bind9 fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f4398a9 by Salvatore Bonaccorso at 2020-06-01T21:10:37+02:00 CVE-2020-861{6,7}/bind9 fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13524,12 +13524,12 @@ CVE-2020-8618 RESERVED CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) {DSA-4689-1 DLA-2227-1} - - bind9 (bug #961939) + - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8617 NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) {DSA-4689-1 DLA-2227-1} - - bind9 (bug #961939) + - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8616 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4398a9b32393949d36d0320d25f81869dc5ed1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4398a9b32393949d36d0320d25f81869dc5ed1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-13659/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f644fde6 by Salvatore Bonaccorso at 2020-06-01T21:06:14+02:00 Add CVE-2020-13659/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -86,8 +86,11 @@ CVE-2020-13661 RESERVED CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) NOT-FOR-US: CMS Made Simple -CVE-2020-13659 +CVE-2020-13659 [exec: address_space_map returns NULL without setting length to zero may lead to DoS] RESERVED + - qemu + NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html CVE-2020-13658 RESERVED CVE-2020-13657 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f644fde6de40ab8bdf50c5ce9eeed77dbc5383b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f644fde6de40ab8bdf50c5ce9eeed77dbc5383b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-13754/qemu
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: 12131d07 by Laszlo Boszormenyi (GCS) at 2020-06-01T20:56:42+02:00 Add CVE-2020-13754/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2020-13754 [msix: OOB access during mmio operations may lead to DoS] + RESERVED + - qemu + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg4.html CVE-2020-13702 RESERVED CVE-2020-13701 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12131d07b14b253fc557560cf66cc0d1e27fe31b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12131d07b14b253fc557560cf66cc0d1e27fe31b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reclaim imagemagick in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ba1c4b3 by Markus Koschany at 2020-06-01T16:13:21+02:00 Reclaim imagemagick in dla-needed.txt That will take a few more days to complete. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -51,7 +51,7 @@ graphicsmagick (Roberto C. Sánchez) NOTE: 20200514: no upstream patch available, yet, for CVE-2020-12672 (sunweaver) NOTE: 20200529: still no upstream patch available, yet, for CVE-2020-12672 (roberto) -- -imagemagick +imagemagick (Markus Koschany) -- libdatetime-timezone-perl NOTE: 20200514: LTS update must wait on oldstable update first to prevent newer version in LTS (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba1c4b3b41a2fb82db51af251535740a1c45972 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ba1c4b3b41a2fb82db51af251535740a1c45972 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Claim cups
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: eb3bd8a7 by Utkarsh Gupta at 2020-06-01T19:42:21+05:30 Claim cups - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,7 +38,7 @@ condor NOTE: 20200525: Fix: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8 (utkarsh) NOTE: 20200531: Patches are linked from https://security-tracker.debian.org/tracker/CVE-2019-18823 (bunk) -- -cups +cups (Utkarsh Gupta) NOTE: 20200514: Two open issues. Added on request from Anton Gladky. (sunweaver) -- drupal7 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3bd8a7be4890117f9a6107c62759f6158b1232 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3bd8a7be4890117f9a6107c62759f6158b1232 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: f20e8b38 by Holger Levsen at 2020-06-01T14:04:12+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen- - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -38,7 +38,7 @@ condor NOTE: 20200525: Fix: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8 (utkarsh) NOTE: 20200531: Patches are linked from https://security-tracker.debian.org/tracker/CVE-2019-18823 (bunk) -- -cups (Anton Gladky) +cups NOTE: 20200514: Two open issues. Added on request from Anton Gladky. (sunweaver) -- drupal7 @@ -51,12 +51,12 @@ graphicsmagick (Roberto C. Sánchez) NOTE: 20200514: no upstream patch available, yet, for CVE-2020-12672 (sunweaver) NOTE: 20200529: still no upstream patch available, yet, for CVE-2020-12672 (roberto) -- -imagemagick (Markus Koschany) +imagemagick -- libdatetime-timezone-perl NOTE: 20200514: LTS update must wait on oldstable update first to prevent newer version in LTS (roberto) -- -libmatio (Adrian Bunk) +libmatio NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. NOTE: 20190428: most patches can be applied after context adaption @@ -81,7 +81,7 @@ mumble netqmail (Utkarsh Gupta) NOTE: 20200531: Work ongoing. Probably should backport the version. (utkarsh) -- -nginx (Mike Gabriel) +nginx NOTE: 20200505: Patch for CVE-2020-11724 appears to be fairly invasive and, alas, no tests. (lamby) -- nss (Adrian Bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f20e8b38e6a923f64ab5c7e3858aae0c9ad4b8c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f20e8b38e6a923f64ab5c7e3858aae0c9ad4b8c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-10754 as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4be89666 by Salvatore Bonaccorso at 2020-06-01T10:55:33+02:00 Mark CVE-2020-10754 as unimportant The issue is present source-wise but it effectively only affects builds with the ifcfg-rh settings plugin enabled. This is (and cannot be) for Debian builds. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8446,9 +8446,12 @@ CVE-2020-10755 RESERVED CVE-2020-10754 [user configuration not honoured leaving the connection unauthenticated via insecure defaults] RESERVED - - network-manager + - network-manager (unimportant) NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4 + NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only + NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific + NOTE: plugin). CVE-2020-10753 RESERVED CVE-2020-10752 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be896667b2205e3e5b3f97ed3d6928cbbce3a24 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be896667b2205e3e5b3f97ed3d6928cbbce3a24 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2018-3741/ruby-rails-html-sanitizer as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d266c5f by Salvatore Bonaccorso at 2020-06-01T10:45:09+02:00 Mark CVE-2018-3741/ruby-rails-html-sanitizer as no-dsa - - - - - 9168297a by Salvatore Bonaccorso at 2020-06-01T10:46:07+02:00 Mark CVE-2018-1687{7,8}/pacemaker as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -98650,12 +98650,14 @@ CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel NOT-FOR-US: Ansible Tower CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...) - pacemaker 2.0.1-3 (bug #927714) + [stretch] - pacemaker (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...) - pacemaker 2.0.1-3 (bug #927714) + [stretch] - pacemaker (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) @@ -135076,6 +135078,7 @@ CVE-2018-3742 REJECTED CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem ...) - ruby-rails-html-sanitizer 1.0.4-1 (bug #893994) + [stretch] - ruby-rails-html-sanitizer (Minor issue; can be fixed via point release) NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to a ...) {DSA-4358-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03cbd54692f5b96204c490562e7869a6810ffca1...9168297aaf874ae06580779946e34db20a4d08f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03cbd54692f5b96204c490562e7869a6810ffca1...9168297aaf874ae06580779946e34db20a4d08f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Reference upstream commit for CVE-2020-10732/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c398c83 by Salvatore Bonaccorso at 2020-06-01T10:39:19+02:00 Reference upstream commit for CVE-2020-10732/linux - - - - - 03cbd546 by Salvatore Bonaccorso at 2020-06-01T10:40:29+02:00 Merge remote-tracking branch 'origin/master' - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -8515,6 +8515,7 @@ CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps] RESERVED - linux NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 + NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 CVE-2020-10731 RESERVED CVE-2020-10730 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e511206c46796007d86639c661418cdd4250be44...03cbd54692f5b96204c490562e7869a6810ffca1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e511206c46796007d86639c661418cdd4250be44...03cbd54692f5b96204c490562e7869a6810ffca1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2232-1 for python-httplib2
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: e511206c by Abhijith PA at 2020-06-01T14:09:35+05:30 Reserve DLA-2232-1 for python-httplib2 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[01 Jun 2020] DLA-2232-1 python-httplib2 - security update + {CVE-2020-11078} + [jessie] - python-httplib2 0.9+dfsg-2+deb8u1 [31 May 2020] DLA-2231-1 sane-backends - security update {CVE-2020-12867} [jessie] - sane-backends 1.0.24-8+deb8u3 = data/dla-needed.txt = @@ -95,8 +95,6 @@ php5 (Thorsten Alteholz) NOTE: 20200511: still trying to determine how this CVE affects php NOTE: 20200524: new CVE arrived (thorsten) -- -python-httplib2 (Abhijith PA) --- qemu (Adrian Bunk) NOTE: 20200531: waiting for CVE-2020-13362 fix to be applied upstream (bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e511206c46796007d86639c661418cdd4250be44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e511206c46796007d86639c661418cdd4250be44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-11078 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30288d7f by Salvatore Bonaccorso at 2020-06-01T10:23:06+02:00 Mark CVE-2020-11078 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7275,6 +7275,8 @@ CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows executi TODO: check CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...) - python-httplib2 0.18.1-1 + [buster] - python-httplib2 (Minor issue) + [stretch] - python-httplib2 (Minor issue) NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30288d7f5b205b401afcb72978e249a259b28773 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30288d7f5b205b401afcb72978e249a259b28773 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 59201973 by Salvatore Bonaccorso at 2020-06-01T10:16:59+02:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7285,7 +7285,7 @@ CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smu NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...) - TODO: check + NOT-FOR-US: Anchore Engine CVE-2020-11074 RESERVED CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) @@ -7323,7 +7323,7 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...) - TODO: check + NOT-FOR-US: AEgir CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) @@ -15463,7 +15463,7 @@ CVE-2020-7814 CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) - TODO: check + NOT-FOR-US: Kaoni ezHTTPTrans CVE-2020-7811 RESERVED CVE-2020-7810 @@ -24417,27 +24417,27 @@ CVE-2020-4025 CVE-2020-4024 RESERVED CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2020-4022 RESERVED CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4019 (The file editing functionality in the Atlassian Companion App before v ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4018 (The setup resources in Atlassian Fisheye and Crucible before version 4 ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4017 (The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jir ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4016 (The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4015 (The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Cru ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4014 (The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4013 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-4012 RESERVED CVE-2020-4011 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5920197339774079929ea836f7c3d7edf1edc8a7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5920197339774079929ea836f7c3d7edf1edc8a7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3502a473 by security tracker role at 2020-06-01T08:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1798,6 +1798,7 @@ CVE-2020-12868 RESERVED CVE-2020-12867 RESERVED + {DLA-2231-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 @@ -14827,6 +14828,7 @@ CVE-2020-8037 CVE-2020-8036 RESERVED CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) + {DLA-2230-1} - php-horde [buster] - php-horde (Minor issue; can be fixed via point release) [stretch] - php-horde (Minor issue; can be fixed via point release) @@ -24414,28 +24416,28 @@ CVE-2020-4025 RESERVED CVE-2020-4024 RESERVED -CVE-2020-4023 - RESERVED +CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before ...) + TODO: check CVE-2020-4022 RESERVED -CVE-2020-4021 - RESERVED -CVE-2020-4020 - RESERVED -CVE-2020-4019 - RESERVED -CVE-2020-4018 - RESERVED -CVE-2020-4017 - RESERVED -CVE-2020-4016 - RESERVED -CVE-2020-4015 - RESERVED -CVE-2020-4014 - RESERVED -CVE-2020-4013 - RESERVED +CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...) + TODO: check +CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...) + TODO: check +CVE-2020-4019 (The file editing functionality in the Atlassian Companion App before v ...) + TODO: check +CVE-2020-4018 (The setup resources in Atlassian Fisheye and Crucible before version 4 ...) + TODO: check +CVE-2020-4017 (The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jir ...) + TODO: check +CVE-2020-4016 (The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril ...) + TODO: check +CVE-2020-4015 (The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Cru ...) + TODO: check +CVE-2020-4014 (The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible ...) + TODO: check +CVE-2020-4013 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) + TODO: check CVE-2020-4012 RESERVED CVE-2020-4011 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3502a4734d3323a632d901d0004c7a5d53bcd959 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3502a4734d3323a632d901d0004c7a5d53bcd959 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Map specific GHSL issues for sane-backends directly to assigned CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f12e361 by Salvatore Bonaccorso at 2020-06-01T09:27:25+02:00 Map specific GHSL issues for sane-backends directly to assigned CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1801,6 +1801,7 @@ CVE-2020-12867 [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12866 RESERVED @@ -1808,6 +1809,7 @@ CVE-2020-12866 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12865 RESERVED @@ -1815,6 +1817,7 @@ CVE-2020-12865 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12864 RESERVED @@ -1822,6 +1825,7 @@ CVE-2020-12864 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12863 RESERVED @@ -1829,6 +1833,7 @@ CVE-2020-12863 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12862 RESERVED @@ -1836,6 +1841,7 @@ CVE-2020-12862 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12861 RESERVED @@ -1843,6 +1849,7 @@ CVE-2020-12861 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) NOT-FOR-US: COVIDSafe View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f12e3611ab7a319a611761f4a42c46df53b210d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f12e3611ab7a319a611761f4a42c46df53b210d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reference upstream issue for sane-backends
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ab9470ff by Salvatore Bonaccorso at 2020-06-01T09:19:25+02:00 Reference upstream issue for sane-backends - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1800,42 +1800,49 @@ CVE-2020-12867 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12866 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12865 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12864 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12863 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12862 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12861 RESERVED [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/41.html CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) NOT-FOR-US: COVIDSafe View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9470ffbb4f91cc2597b22a0c172a0665d3d9ac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab9470ffbb4f91cc2597b22a0c172a0665d3d9ac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits