[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2020-24978/nasm as no-dsa for stretch
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 0054e4c5 by Utkarsh Gupta at 2020-09-05T05:56:12+05:30 Mark CVE-2020-24978/nasm as no-dsa for stretch - - - - - 44908002 by Utkarsh Gupta at 2020-09-05T05:57:39+05:30 Mark CVE-2020-25073/plinth as no-dsa for stretch - - - - - 1a98ddfe by Utkarsh Gupta at 2020-09-05T06:00:04+05:30 Add fixing commit for CVE-2020-25073/plinth - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -263,7 +263,9 @@ CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to e CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...) - plinth [buster] - plinth (Minor issue) + [stretch] - plinth (Minor issue) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935 + NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2 CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...) NOT-FOR-US: Setelsa Conacwin CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...) @@ -459,6 +461,7 @@ CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - nasm [buster] - nasm (Minor issue) + [stretch] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32a79f20eea6721a5e289bf980b2fb230d0066ce...1a98ddfea69077d06225a89abf7ddf3ae4920267 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32a79f20eea6721a5e289bf980b2fb230d0066ce...1a98ddfea69077d06225a89abf7ddf3ae4920267 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2018-10910/bluez via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 32a79f20 by Salvatore Bonaccorso at 2020-09-05T00:37:03+02:00 Add fixed version for CVE-2018-10910/bluez via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -141053,7 +141053,7 @@ CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterf NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657 NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...) - - bluez (low; bug #925369) + - bluez 5.54-1 (low; bug #925369) [buster] - bluez (Minor issue) [stretch] - bluez (Minor issue, does not affected Gnome Bluetooth in stretch) [jessie] - bluez (Minor issue because in gnome-bluetooth <= 3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no actual affect) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32a79f20eea6721a5e289bf980b2fb230d0066ce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32a79f20eea6721a5e289bf980b2fb230d0066ce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2278-3 squid3.
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f254665 by Markus Koschany at 2020-09-04T23:44:52+02:00 Reserve DLA-2278-3 squid3. - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,5 @@ +[04 Sep 2020] DLA-2278-3 squid3 - regression update + [stretch] - squid3 3.5.23-5+deb9u4 [04 Sep 2020] DLA-2365-1 netty-3.9 - security update {CVE-2019-16869 CVE-2019-20444 CVE-2019-20445} [stretch] - netty-3.9 3.9.9.Final-1+deb9u1 = data/dla-needed.txt = @@ -171,9 +171,6 @@ slirp snmptt -- squid3 (Markus Koschany) - NOTE: 20200831: I have backported the HttpHeader parsing code now and - NOTE: incorporated the fixes for the latest CVE. I will send a RFT to - NOTE: debian-lts again before uploading. -- sympa NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f25466596b1bac2e07e2eae465ecf42b0d28d67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f25466596b1bac2e07e2eae465ecf42b0d28d67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2020-13822/node-elliptic via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 00af49b1 by Salvatore Bonaccorso at 2020-09-04T22:33:10+02:00 Track proposed update for CVE-2020-13822/node-elliptic via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -60,3 +60,5 @@ CVE-2020-14367 [buster] - chrony 3.4-4+deb10u1 CVE-2020-8124 [buster] - node-url-parse 1.2.0-2+deb10u1 +CVE-2020-13822 + [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00af49b139af7681d97042907b16a90ce4fb0cb3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00af49b139af7681d97042907b16a90ce4fb0cb3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2020-8124/node-url-parse via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05f08593 by Salvatore Bonaccorso at 2020-09-04T22:31:53+02:00 Track proposed update for CVE-2020-8124/node-url-parse via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -58,3 +58,5 @@ CVE-2020-8244 [buster] - node-bl 1.1.2-1+deb10u1 CVE-2020-14367 [buster] - chrony 3.4-4+deb10u1 +CVE-2020-8124 + [buster] - node-url-parse 1.2.0-2+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05f08593b7a2fade16bdb529a5fa8d2754c392ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05f08593b7a2fade16bdb529a5fa8d2754c392ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7729/grunt
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b29bce8 by Salvatore Bonaccorso at 2020-09-04T22:28:24+02:00 Add CVE-2020-7729/grunt - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41315,7 +41315,9 @@ CVE-2020-7731 CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) - TODO: check + - grunt + NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 + NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546 CVE-2020-7728 RESERVED CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b29bce86440664a6cb5d36ee69a0d701a2b6f7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b29bce86440664a6cb5d36ee69a0d701a2b6f7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-6279
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b2283d1 by Salvatore Bonaccorso at 2020-09-04T22:25:49+02:00 Remove notes from CVE-2020-6279 The CVE was withdrawn by its CNA. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45106,7 +45106,6 @@ CVE-2020-6280 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, NOT-FOR-US: SAP CVE-2020-6279 REJECTED - NOT-FOR-US: SAP CVE-2020-6278 (SAP Business Objects Business Intelligence Platform (BI Launchpad and ...) NOT-FOR-US: SAP CVE-2020-6277 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2283d1f7de97666e8d4ee12144a3b944539ee0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2283d1f7de97666e8d4ee12144a3b944539ee0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-23938
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 75a8d043 by Salvatore Bonaccorso at 2020-09-04T22:24:47+02:00 Remove notes from CVE-2020-23938 MITRE says: This candidate was erroneously published without a public reference containing the required information. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2647,7 +2647,6 @@ CVE-2020-23939 RESERVED CVE-2020-23938 REJECTED - NOT-FOR-US: AnnLab V3 Lite CVE-2020-23937 RESERVED CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75a8d0436acb063d356ab03b8602b3f8ce7b7ba8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75a8d0436acb063d356ab03b8602b3f8ce7b7ba8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-24212
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ace641c0 by Salvatore Bonaccorso at 2020-09-04T22:23:47+02:00 Remove notes from CVE-2020-24212 MITRE says: his candidate was erroneously published without a public reference containing the required information. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2099,7 +2099,6 @@ CVE-2020-24213 RESERVED CVE-2020-24212 REJECTED - NOT-FOR-US: Kaldin CVE-2020-24211 RESERVED CVE-2020-24210 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ace641c0783e565ca341ee04d6dcfb2cec052570 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ace641c0783e565ca341ee04d6dcfb2cec052570 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 683ed1a0 by Salvatore Bonaccorso at 2020-09-04T22:22:18+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -499,7 +499,7 @@ CVE-2020-24965 CVE-2020-24964 RESERVED CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...) - TODO: check + NOT-FOR-US: Best Support System CVE-2020-24962 RESERVED CVE-2020-24961 @@ -2856,7 +2856,7 @@ CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.p CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Tailor Management System CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...) - TODO: check + NOT-FOR-US: Real Time Logic BarracudaDrive CVE-2020-23833 RESERVED CVE-2020-23832 @@ -23952,7 +23952,7 @@ CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS CVE-2020-14009 RESERVED CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) @@ -41315,7 +41315,7 @@ CVE-2020-7732 CVE-2020-7731 RESERVED CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) - TODO: check + NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) TODO: check CVE-2020-7728 @@ -42083,9 +42083,9 @@ CVE-2020-7384 CVE-2020-7383 RESERVED CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...) - TODO: check + NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...) - TODO: check + NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7380 RESERVED CVE-2020-7379 @@ -42249,7 +42249,7 @@ CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...) NOT-FOR-US: McAfee CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) - TODO: check + NOT-FOR-US: McAfee CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...) NOT-FOR-US: McAfee CVE-2020-7297 @@ -42668,7 +42668,7 @@ CVE-2020-7121 CVE-2020-7120 RESERVED CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based ...) - TODO: check + NOT-FOR-US: Aruba CVE-2020-7118 RESERVED CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...) @@ -47102,13 +47102,13 @@ CVE-2020-5381 CVE-2020-5380 RESERVED CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...) NOT-FOR-US: EMC CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5375 RESERVED CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) @@ -49062,7 +49062,7 @@ CVE-2020-4704 CVE-2020-4703 RESERVED CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4701 RESERVED CVE-2020-4700 @@ -49202,7 +49202,7 @@ CVE-2020-4634 CVE-2020-4633 RESERVED CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...) NOT-FOR-US: IBM CVE-2020-4630 @@ -49376,7 +49376,7 @@ CVE-2020-4547 CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4544 RESERVED CVE-2020-4543 @@ -52572,19 +52572,19 @@ CVE-2020-3549 CVE-2020-3548 RESERVED CVE-2020-3547 (A vulnerability in the
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eae7d5d1 by security tracker role at 2020-09-04T20:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,103 @@ +CVE-2020-25199 + RESERVED +CVE-2020-25198 + RESERVED +CVE-2020-25197 + RESERVED +CVE-2020-25196 + RESERVED +CVE-2020-25195 + RESERVED +CVE-2020-25194 + RESERVED +CVE-2020-25193 + RESERVED +CVE-2020-25192 + RESERVED +CVE-2020-25191 + RESERVED +CVE-2020-25190 + RESERVED +CVE-2020-25189 + RESERVED +CVE-2020-25188 + RESERVED +CVE-2020-25187 + RESERVED +CVE-2020-25186 + RESERVED +CVE-2020-25185 + RESERVED +CVE-2020-25184 + RESERVED +CVE-2020-25183 + RESERVED +CVE-2020-25182 + RESERVED +CVE-2020-25181 + RESERVED +CVE-2020-25180 + RESERVED +CVE-2020-25179 + RESERVED +CVE-2020-25178 + RESERVED +CVE-2020-25177 + RESERVED +CVE-2020-25176 + RESERVED +CVE-2020-25175 + RESERVED +CVE-2020-25174 + RESERVED +CVE-2020-25173 + RESERVED +CVE-2020-25172 + RESERVED +CVE-2020-25171 + RESERVED +CVE-2020-25170 + RESERVED +CVE-2020-25169 + RESERVED +CVE-2020-25168 + RESERVED +CVE-2020-25167 + RESERVED +CVE-2020-25166 + RESERVED +CVE-2020-25165 + RESERVED +CVE-2020-25164 + RESERVED +CVE-2020-25163 + RESERVED +CVE-2020-25162 + RESERVED +CVE-2020-25161 + RESERVED +CVE-2020-25160 + RESERVED +CVE-2020-25159 + RESERVED +CVE-2020-25158 + RESERVED +CVE-2020-25157 + RESERVED +CVE-2020-25156 + RESERVED +CVE-2020-25155 + RESERVED +CVE-2020-25154 + RESERVED +CVE-2020-25153 + RESERVED +CVE-2020-25152 + RESERVED +CVE-2020-25151 + RESERVED +CVE-2020-25150 + RESERVED CVE-2020-25149 RESERVED CVE-2020-25148 @@ -398,8 +498,8 @@ CVE-2020-24965 RESERVED CVE-2020-24964 RESERVED -CVE-2020-24963 - RESERVED +CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...) + TODO: check CVE-2020-24962 RESERVED CVE-2020-24961 @@ -1014,8 +1114,7 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate veri NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866 CVE-2020-24660 RESERVED -CVE-2020-24659 [GNUTLS-SA-2020-09-04] - RESERVED +CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...) - gnutls28 (bug #969547) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071 @@ -1029,6 +1128,7 @@ CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...) CVE-2020-24655 RESERVED CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...) + {DSA-4759-1} - ark 4:20.08.1-1 (bug #969437) NOTE: https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd NOTE: https://kde.org/info/security/advisory-20200827-1.txt @@ -22844,13 +22944,13 @@ CVE-2020-14363 [Double free in libX11 locale handling code] NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d CVE-2020-14362 RESERVED - {DLA-2359-1} + {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc CVE-2020-14361 RESERVED - {DLA-2359-1} + {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787 @@ -22901,19 +23001,19 @@ CVE-2020-14348 RESERVED NOT-FOR-US: AMQ Online CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...) - {DLA-2359-1} + {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 (bug #968986) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 CVE-2020-14346 RESERVED - {DLA-2359-1} + {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff CVE-2020-14345 RESERVED - {DLA-2359-1} + {DSA-4758-1 DLA-2359-1} - xorg-server
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for ark update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2fc63944 by Salvatore Bonaccorso at 2020-09-04T21:08:20+02:00 Reserve DSA number for ark update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[04 Sep 2020] DSA-4759-1 ark - security update + {CVE-2020-24654} + [buster] - ark 4:18.08.3-1+deb10u2 [04 Sep 2020] DSA-4758-1 xorg-server - security update {CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362} [buster] - xorg-server 2:1.20.4-1+deb10u1 = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -ark (carnil) -- chromium -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fc63944935fd9d28722c4e40700fff0b9666813 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fc63944935fd9d28722c4e40700fff0b9666813 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for xorg-server update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5bc4f176 by Salvatore Bonaccorso at 2020-09-04T20:46:42+02:00 Reserve DSA number for xorg-server update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[04 Sep 2020] DSA-4758-1 xorg-server - security update + {CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362} + [buster] - xorg-server 2:1.20.4-1+deb10u1 [31 Aug 2020] DSA-4757-1 apache2 - security update {CVE-2020-1927 CVE-2020-1934 CVE-2020-9490 CVE-2020-11984 CVE-2020-11993} [buster] - apache2 2.4.38-3+deb10u4 = data/dsa-needed.txt = @@ -34,5 +34,3 @@ teeworlds (jmm) xcftools Hugo proposed to work on this update -- -xorg-server (carnil) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bc4f1760f81b3b5e7ab97bf768e174a39469af2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bc4f1760f81b3b5e7ab97bf768e174a39469af2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-24659/gnutls28
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 85502bd3 by Salvatore Bonaccorso at 2020-09-04T20:43:37+02:00 Add Debian bug reference for CVE-2020-24659/gnutls28 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1016,7 +1016,7 @@ CVE-2020-24660 RESERVED CVE-2020-24659 [GNUTLS-SA-2020-09-04] RESERVED - - gnutls28 + - gnutls28 (bug #969547) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85502bd30a4a9c18a8a2532c9a02c6f58013150c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85502bd30a4a9c18a8a2532c9a02c6f58013150c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2365-1 for netty-3.9
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: e4ceb712 by Roberto C. Sánchez at 2020-09-04T14:33:58-04:00 Reserve DLA-2365-1 for netty-3.9 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[04 Sep 2020] DLA-2365-1 netty-3.9 - security update + {CVE-2019-16869 CVE-2019-20444 CVE-2019-20445} + [stretch] - netty-3.9 3.9.9.Final-1+deb9u1 [04 Sep 2020] DLA-2364-1 netty - security update {CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612} [stretch] - netty 1:4.1.7-2+deb9u2 = data/dla-needed.txt = @@ -99,8 +99,6 @@ mumble NOTE: 20200504: discussion going on with t...@security.debian.org and mumble maintainer (abhijith) NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg8.html (abhijith) -- -netty-3.9 (Roberto C. Sánchez) --- nss (Adrian Bunk) NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc) NOTE: 20200810: packages are being tested (bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4ceb7127675ae3ed29d45e3f933edb55cbe1071 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e4ceb7127675ae3ed29d45e3f933edb55cbe1071 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2364-1 for netty
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 720a28d0 by Roberto C. Sánchez at 2020-09-04T14:33:14-04:00 Reserve DLA-2364-1 for netty - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[04 Sep 2020] DLA-2364-1 netty - security update + {CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612} + [stretch] - netty 1:4.1.7-2+deb9u2 [03 Sep 2020] DLA-2363-1 asyncpg - security update {CVE-2020-17446} [stretch] - asyncpg 0.8.4-1+deb9u1 = data/dla-needed.txt = @@ -99,8 +99,6 @@ mumble NOTE: 20200504: discussion going on with t...@security.debian.org and mumble maintainer (abhijith) NOTE: 20200723: https://lists.debian.org/debian-lts/2020/05/msg8.html (abhijith) -- -netty (Roberto C. Sánchez) --- netty-3.9 (Roberto C. Sánchez) -- nss (Adrian Bunk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/720a28d099ac3ab61d2aa2e3a324aee4442bdf46 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/720a28d099ac3ab61d2aa2e3a324aee4442bdf46 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24659/gnutls28
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f68a002 by Salvatore Bonaccorso at 2020-09-04T19:32:14+02:00 Add CVE-2020-24659/gnutls28 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1014,8 +1014,12 @@ CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate veri NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866 CVE-2020-24660 RESERVED -CVE-2020-24659 +CVE-2020-24659 [GNUTLS-SA-2020-09-04] RESERVED + - gnutls28 + NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071 + NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a CVE-2020-24658 RESERVED CVE-2020-24657 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f68a0022ada2b9da1e41962068fac29a8e220db -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f68a0022ada2b9da1e41962068fac29a8e220db You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-24978/nasm as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2dab035c by Salvatore Bonaccorso at 2020-09-04T19:27:48+02:00 Mark CVE-2020-24978/nasm as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -358,6 +358,7 @@ CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU NOTE: Crash in CLI tool, no security impact CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - nasm + [buster] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dab035c6570758cd9597f20499cf7fcc5947a9d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dab035c6570758cd9597f20499cf7fcc5947a9d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-249{79,80}/bison as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d5c45bdf by Salvatore Bonaccorso at 2020-09-04T19:25:49+02:00 Mark CVE-2020-249{79,80}/bison as unimportant - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -347,13 +347,15 @@ CVE-2020-24982 CVE-2020-24981 RESERVED CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...) - - bison + - bison (unimportant) NOTE: https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8 NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg9.html + NOTE: Crash in CLI tool, no security impact CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...) - - bison + - bison (unimportant) NOTE: https://github.com/akimd/bison/commit/b7aab2dbad43aaf14eebe78d54aafa245a000988 NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg8.html + NOTE: Crash in CLI tool, no security impact CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - nasm NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c45bdfd7e1b13a4c481fd9424caa573d5f3be4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5c45bdfd7e1b13a4c481fd9424caa573d5f3be4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] References commits from master branch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4b2656da by Salvatore Bonaccorso at 2020-09-04T19:23:16+02:00 References commits from master branch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -352,7 +352,7 @@ CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg9.html CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...) - bison - NOTE: https://github.com/akimd/bison/commit/bfd851e2d621734886c66c0af26e861e718510b2 + NOTE: https://github.com/akimd/bison/commit/b7aab2dbad43aaf14eebe78d54aafa245a000988 NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg8.html CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - nasm View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b2656da529a19b6576fa4c387eb3e3ea975aa27 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b2656da529a19b6576fa4c387eb3e3ea975aa27 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-14387/rsync
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 55a148a1 by Salvatore Bonaccorso at 2020-09-04T15:05:42+02:00 Add Debian bug reference for CVE-2020-14387/rsync - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22740,7 +22740,7 @@ CVE-2020-14388 NOT-FOR-US: 3scale CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED - - rsync + - rsync (bug #969530) [buster] - rsync (Vulnerable code introduced later) [stretch] - rsync (Vulnerable code introduced later) NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55a148a1abfbbd3b63041e6e4c6afd93d5731ba7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55a148a1abfbbd3b63041e6e4c6afd93d5731ba7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-14387/rsync
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 68c22d49 by Salvatore Bonaccorso at 2020-09-04T14:48:06+02:00 Update information on CVE-2020-14387/rsync - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22741,10 +22741,11 @@ CVE-2020-14388 CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED - rsync + [buster] - rsync (Vulnerable code introduced later) + [stretch] - rsync (Vulnerable code introduced later) NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 - TODO: check affected version range CVE-2020-14386 [af_packet memory corruption] RESERVED - linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68c22d4911d0bd05181e076fd7fc82725bc57c2c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68c22d4911d0bd05181e076fd7fc82725bc57c2c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct information on CVE-2020-14387/rsync in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfde2f4b by Salvatore Bonaccorso at 2020-09-04T14:46:44+02:00 Correct information on CVE-2020-14387/rsync in unstable The issue is actually not yet fixed and the upstream commit is not included in neither upstream version 3.2.3 nor in the Debian packaging. Fixes: b2d66d11252b (Add CVE-2020-14387/rsync) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22740,7 +22740,7 @@ CVE-2020-14388 NOT-FOR-US: 3scale CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED - - rsync 3.2.3-1 + - rsync NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfde2f4b00fd5c8e81b58d81878d64ac228269e4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfde2f4b00fd5c8e81b58d81878d64ac228269e4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-14387/rsync: Add information on introducing commit
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9e147158 by Salvatore Bonaccorso at 2020-09-04T14:44:41+02:00 CVE-2020-14387/rsync: Add information on introducing commit - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22741,7 +22741,8 @@ CVE-2020-14388 CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED - rsync 3.2.3-1 - NOTE: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 + NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) + NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 TODO: check affected version range CVE-2020-14386 [af_packet memory corruption] View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e147158951d9d7aa5d07308c0cf7d88d059cafc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e147158951d9d7aa5d07308c0cf7d88d059cafc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-24977/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82ad74bc by Salvatore Bonaccorso at 2020-09-04T14:12:55+02:00 Add Debian bug reference for CVE-2020-24977/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -359,7 +359,7 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) - - libxml2 + - libxml2 (bug #969529) [buster] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ad74bc21bdb25cece72e550f55165477e9ddef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82ad74bc21bdb25cece72e550f55165477e9ddef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add ark to dsa-needed list
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: de6f8b75 by Salvatore Bonaccorso at 2020-09-04T14:12:07+02:00 Add ark to dsa-needed list - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +ark (carnil) -- chromium -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de6f8b7559a313ad5a087c8bf034536c9cf73fba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de6f8b7559a313ad5a087c8bf034536c9cf73fba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24977/libxml2
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 20dbdc5d by Salvatore Bonaccorso at 2020-09-04T14:00:02+02:00 Add CVE-2020-24977/libxml2 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -359,7 +359,14 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) - TODO: check + - libxml2 + [buster] - libxml2 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 + NOTE: The issue is specific and restricted to xmllint: + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545 + NOTE: and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and + NOTE: provide pivot buffer.") commit itself. CVE-2020-24976 RESERVED CVE-2020-24975 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20dbdc5d2da1c5047cfd54dfcfb8fa9a3d6016a5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20dbdc5d2da1c5047cfd54dfcfb8fa9a3d6016a5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24978/nasm
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77465095 by Salvatore Bonaccorso at 2020-09-04T13:46:02+02:00 Add CVE-2020-24978/nasm - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -355,7 +355,9 @@ CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU NOTE: https://github.com/akimd/bison/commit/bfd851e2d621734886c66c0af26e861e718510b2 NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg8.html CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - TODO: check + - nasm + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 + NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) TODO: check CVE-2020-24976 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77465095b2e23fbf82c2acaea6b7fb805e0d29cb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77465095b2e23fbf82c2acaea6b7fb805e0d29cb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-249{79,80}/bison
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 984aa2ea by Salvatore Bonaccorso at 2020-09-04T13:19:30+02:00 Add CVE-2020-249{79,80}/bison - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -347,9 +347,13 @@ CVE-2020-24982 CVE-2020-24981 RESERVED CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...) - TODO: check + - bison + NOTE: https://github.com/akimd/bison/commit/b801b7b670872b8a31d11b3683b4afc3e45a07f8 + NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg9.html CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...) - TODO: check + - bison + NOTE: https://github.com/akimd/bison/commit/bfd851e2d621734886c66c0af26e861e718510b2 + NOTE: https://lists.gnu.org/r/bug-bison/2020-08/msg8.html CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) TODO: check CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/984aa2eaed7abe17f59ffb55489318b2e2860770 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/984aa2eaed7abe17f59ffb55489318b2e2860770 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] References to forum entries for CVE-2020-2499{6,9}/xpdf
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b038296 by Salvatore Bonaccorso at 2020-09-04T13:08:55+02:00 References to forum entries for CVE-2020-2499{6,9}/xpdf - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -306,12 +306,15 @@ CVE-2020-25000 RESERVED CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) - xpdf + NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3=42029 + TODO: check CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) - xpdf + NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3=42028 TODO: check CVE-2020-24995 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b038296810c9fba599465397bcb418a2abe7183 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b038296810c9fba599465397bcb418a2abe7183 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ae892f3 by Moritz Muehlenhoff at 2020-09-04T11:23:15+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22721,6 +22721,7 @@ CVE-2020-14389 RESERVED CVE-2020-14388 RESERVED + NOT-FOR-US: 3scale CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED - rsync 3.2.3-1 @@ -22738,6 +22739,7 @@ CVE-2020-14385 [xfs: fix boundary test in xfs_attr_shortform_verify] NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 CVE-2020-14384 RESERVED + NOT-FOR-US: JBossWeb CVE-2020-14383 RESERVED CVE-2020-14382 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ae892f32f686924d355931cbdb3694b2ff1d582 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ae892f32f686924d355931cbdb3694b2ff1d582 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] haskell-cmark-gfm switched to system lib, not that one isn't fixed yet
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0623a23b by Moritz Muehlenhoff at 2020-09-04T11:11:53+02:00 haskell-cmark-gfm switched to system lib, not that one isnt fixed yet - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47356,6 +47356,7 @@ CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0. [buster] - r-cran-commonmark (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 + NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1 CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...) NOT-FOR-US: oneup/uploader-bundle CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0623a23bc5932f02840f7dacee4199140f4491a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0623a23bc5932f02840f7dacee4199140f4491a4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 77e47aee by Moritz Muehlenhoff at 2020-09-04T11:08:35+02:00 NFUs libetpan no-dsa new xpdf issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -85,13 +85,13 @@ CVE-2020-25107 CVE-2020-25106 RESERVED CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...) - TODO: check + NOT-FOR-US: eramba CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...) - TODO: check + NOT-FOR-US: eramba CVE-2020-25103 RESERVED CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...) - TODO: check + NOT-FOR-US: silverstripe-advancedreports CVE-2020-25101 RESERVED CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...) @@ -259,11 +259,11 @@ CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8 CVE-2020-25024 RESERVED CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...) - TODO: check + NOT-FOR-US: Noise-Java CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...) - TODO: check + NOT-FOR-US: Noise-Java CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...) - TODO: check + NOT-FOR-US: Noise-Java CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...) NOT-FOR-US: MPXJ CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...) @@ -291,11 +291,11 @@ CVE-2020-25008 CVE-2020-25007 RESERVED CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...) - TODO: check + NOT-FOR-US: Heybbs CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...) - TODO: check + NOT-FOR-US: Heybbs CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...) - TODO: check + NOT-FOR-US: Heybbs CVE-2020-25003 RESERVED CVE-2020-25002 @@ -305,12 +305,13 @@ CVE-2020-25001 CVE-2020-25000 RESERVED CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) - TODO: check + - xpdf CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) + - xpdf TODO: check CVE-2020-24995 RESERVED @@ -423,9 +424,9 @@ CVE-2020-24943 CVE-2020-24942 RESERVED CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...) - TODO: check + NOT-FOR-US: Laravel CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...) - TODO: check + NOT-FOR-US: Laravel CVE-2020-24939 RESERVED CVE-2020-24938 @@ -553,7 +554,7 @@ CVE-2020-24878 CVE-2020-24877 RESERVED CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions 4.13.29 ...) - TODO: check + NOT-FOR-US: Pancake CVE-2020-24875 RESERVED CVE-2020-24874 @@ -579,7 +580,7 @@ CVE-2020-24865 CVE-2020-24864 RESERVED CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...) - TODO: check + NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24862 RESERVED CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...) @@ -1579,7 +1580,7 @@ CVE-2020-24387 CVE-2020-24386 RESERVED CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...) - TODO: check + NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24384 RESERVED CVE-2020-24383 @@ -2083,7 +2084,7 @@ CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijack CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...) NOT-FOR-US: NetEase Youdao Dictionary CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...) - TODO: check + NOT-FOR-US: 360 Speed Browser CVE-2020-24157 RESERVED CVE-2020-24156 @@ -2772,13 +2773,13 @@ CVE-2020-23816 CVE-2020-23815 RESERVED CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...) - TODO: check + NOT-FOR-US: xxl-job CVE-2020-23813 RESERVED CVE-2020-23812 RESERVED CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...) - TODO: check + NOT-FOR-US: xxl-job CVE-2020-23810 RESERVED CVE-2020-23809 @@ -18672,6
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90064e3d by security tracker role at 2020-09-04T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,51 @@ +CVE-2020-25149 + RESERVED +CVE-2020-25148 + RESERVED +CVE-2020-25147 + RESERVED +CVE-2020-25146 + RESERVED +CVE-2020-25145 + RESERVED +CVE-2020-25144 + RESERVED +CVE-2020-25143 + RESERVED +CVE-2020-25142 + RESERVED +CVE-2020-25141 + RESERVED +CVE-2020-25140 + RESERVED +CVE-2020-25139 + RESERVED +CVE-2020-25138 + RESERVED +CVE-2020-25137 + RESERVED +CVE-2020-25136 + RESERVED +CVE-2020-25135 + RESERVED +CVE-2020-25134 + RESERVED +CVE-2020-25133 + RESERVED +CVE-2020-25132 + RESERVED +CVE-2020-25131 + RESERVED +CVE-2020-25130 + RESERVED +CVE-2020-25129 + RESERVED +CVE-2020-25128 + RESERVED +CVE-2020-25127 + RESERVED +CVE-2020-25126 + RESERVED CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...) NOT-FOR-US: vBulletin CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...) @@ -210,12 +258,12 @@ CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8 NOT-FOR-US: Typo extension CVE-2020-25024 RESERVED -CVE-2020-25023 - RESERVED -CVE-2020-25022 - RESERVED -CVE-2020-25021 - RESERVED +CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...) + TODO: check +CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...) + TODO: check +CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...) + TODO: check CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...) NOT-FOR-US: MPXJ CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...) @@ -242,12 +290,12 @@ CVE-2020-25008 RESERVED CVE-2020-25007 RESERVED -CVE-2020-25006 - RESERVED -CVE-2020-25005 - RESERVED -CVE-2020-25004 - RESERVED +CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...) + TODO: check +CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...) + TODO: check +CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...) + TODO: check CVE-2020-25003 RESERVED CVE-2020-25002 @@ -256,14 +304,14 @@ CVE-2020-25001 RESERVED CVE-2020-25000 RESERVED -CVE-2020-24999 - RESERVED +CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) + TODO: check CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED -CVE-2020-24996 - RESERVED +CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) + TODO: check CVE-2020-24995 RESERVED CVE-2020-24994 @@ -294,14 +342,14 @@ CVE-2020-24982 RESERVED CVE-2020-24981 RESERVED -CVE-2020-24980 - RESERVED -CVE-2020-24979 - RESERVED -CVE-2020-24978 - RESERVED -CVE-2020-24977 - RESERVED +CVE-2020-24980 (An assertion failure was found in src/parse-gram.c in GNU bison 3.7.1. ...) + TODO: check +CVE-2020-24979 (A Buffer Overflow vulnerability was found in src/symtab.c in GNU bison ...) + TODO: check +CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) + TODO: check +CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...) + TODO: check CVE-2020-24976 RESERVED CVE-2020-24975 @@ -374,10 +422,10 @@ CVE-2020-24943 RESERVED CVE-2020-24942 RESERVED -CVE-2020-24941 - RESERVED -CVE-2020-24940 - RESERVED +CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...) + TODO: check +CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...) + TODO: check CVE-2020-24939 RESERVED CVE-2020-24938 @@ -2683,8 +2731,8 @@ CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.p NOT-FOR-US: OSWAPP Warehouse Inventory System CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Tailor Management System -CVE-2020-23834 - RESERVED +CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...) + TODO: check CVE-2020-23833 RESERVED CVE-2020-23832 @@ -28356,10 +28404,10 @@ CVE-2020-12250 RESERVED CVE-2020-12249
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14387/rsync
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b2d66d11 by Salvatore Bonaccorso at 2020-09-04T08:28:43+02:00 Add CVE-2020-14387/rsync - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22671,8 +22671,12 @@ CVE-2020-14389 RESERVED CVE-2020-14388 RESERVED -CVE-2020-14387 +CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED + - rsync 3.2.3-1 + NOTE: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 + TODO: check affected version range CVE-2020-14386 [af_packet memory corruption] RESERVED - linux View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d66d11252baa30b47c0e42470caf6c9e7c4cf2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2d66d11252baa30b47c0e42470caf6c9e7c4cf2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-14382/cryptsetup via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a4e379c5 by Salvatore Bonaccorso at 2020-09-04T08:25:22+02:00 Track fixed version for CVE-2020-14382/cryptsetup via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22688,7 +22688,7 @@ CVE-2020-14383 RESERVED CVE-2020-14382 RESERVED - - cryptsetup (bug #969471) + - cryptsetup 2:2.3.4-1 (bug #969471) [buster] - cryptsetup (Vulnerable code not present) [stretch] - cryptsetup (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874712 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4e379c5e11cdf4e3ef6f730d0968775a00397b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4e379c5e11cdf4e3ef6f730d0968775a00397b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits