[Git][security-tracker-team/security-tracker][master] drop stray no-dsa entry
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f1d79173 by Moritz Muehlenhoff at 2020-10-06T23:46:18+02:00 drop stray no-dsa entry - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61604,7 +61604,6 @@ CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentica NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...) - sqlite3 3.30.1+fossil191229-1 (unimportant; bug #946656) - [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code, i.e. window functions, not present) NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1d79173366553cc8dfa5125004ecb527ba6f3f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1d79173366553cc8dfa5125004ecb527ba6f3f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2396-1 for tigervnc
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 66716baa by Roberto C. Sánchez at 2020-10-06T17:08:15-04:00 Reserve DLA-2396-1 for tigervnc - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 Oct 2020] DLA-2396-1 tigervnc - security update + {CVE-2020-26117} + [stretch] - tigervnc 1.7.0+dfsg-7+deb9u2 [02 Oct 2020] DLA-2395-1 libvirt - security update {CVE-2020-25637} [stretch] - libvirt 3.0.0-4+deb9u5 = data/dla-needed.txt = @@ -190,8 +190,6 @@ sympa (Sylvain Beucler) -- thunderbird (Emilio) -- -tigervnc (Roberto C. Sánchez) --- tinymce (Abhijith PA) NOTE: 20201003: relevant commits are hard to chase down (abhijith) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66716baaabb52a747b340c17f808145a4f98db84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66716baaabb52a747b340c17f808145a4f98db84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2397-1 for php7.0
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 8ffd2315 by Roberto C. Sánchez at 2020-10-06T17:09:01-04:00 Reserve DLA-2397-1 for php7.0 - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[06 Oct 2020] DLA-2397-1 php7.0 - security update + {CVE-2020-7070} + [stretch] - php7.0 7.0.33-0+deb9u10 [06 Oct 2020] DLA-2396-1 tigervnc - security update {CVE-2020-26117} [stretch] - tigervnc 1.7.0+dfsg-7+deb9u2 = data/dla-needed.txt = @@ -117,8 +117,6 @@ opendmarc -- packagekit -- -php7.0 (Roberto C. Sánchez) --- php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ffd2315223b746b7910250b86da82c454dfd517 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ffd2315223b746b7910250b86da82c454dfd517 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] opensc no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: e3309143 by Moritz Muehlenhoff at 2020-10-06T22:49:46+02:00 opensc no-dsa sqlite3 triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -98,14 +98,17 @@ CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 la TODO: check CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) - opensc + [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) - opensc + [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 TODO: check, unclear fixing commit CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) - opensc + [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e CVE-2020-26569 @@ -28314,6 +28317,7 @@ CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL point [jessie] - sqlite3 (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/a4dd148928ea65bd + NOTE: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730 CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...) - sqlite3 3.32.0-1 [buster] - sqlite3 (Minor issue, too intrusive to backport) @@ -28327,6 +28331,7 @@ CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in [jessie] - sqlite3 (Vulnerable code not found) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/0d69f76f0865f962 + NOTE: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41 CVE-2020-13629 RESERVED CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) @@ -28749,6 +28754,7 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vap [buster] - sqlite3 (Minor issue) NOTE: https://www.sqlite.org/src/info/23439ea582241138 NOTE: https://www.sqlite.org/src/info/d08d3405878d394e + NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...) NOT-FOR-US: Jason2605 AdminPanel CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...) @@ -34226,7 +34232,7 @@ CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a u CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) {DLA-2340-1 DLA-2203-1} - sqlite3 3.31.1-5 - [buster] - sqlite3 (Minor issue) + [buster] - sqlite3 (Introduced/exploitable in 3.30 with 3251a2031bfd29f338a5fda1a08c18878296d354) NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 @@ -40699,7 +40705,7 @@ CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) - [buster] - sqlite3 (Minor issue) + [buster] - sqlite3 (Vulnerable code not present) [stretch] - sqlite3 (vulnerable code not present) [jessie] - sqlite3 (vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 @@ -61597,11 +61603,12 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...) NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...) - - sqlite3 3.30.1+fossil191229-1 (bug #946656) + - sqlite3 3.30.1+fossil191229-1 (unimportant; bug #946656) [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code, i.e. window functions, not present) NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348 + NOTE: Only triggera
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26575/wireshark
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 035b1201 by Salvatore Bonaccorso at 2020-10-06T22:34:13+02:00 Add CVE-2020-26575/wireshark - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63,7 +63,13 @@ CVE-2020-26577 CVE-2020-26576 RESERVED CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...) - TODO: check + - wireshark + NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887 + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/467 + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/471 + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/472 + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/473 CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...) NOT-FOR-US: Leostream CVE-2020-26573 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/035b12010e7a70080c9eb77d27b2c1cc9408ea0d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/035b12010e7a70080c9eb77d27b2c1cc9408ea0d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix CVE list for tb DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 0e78d994 by Moritz Muehlenhoff at 2020-10-06T22:31:48+02:00 fix CVE list for tb DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,4 +1,5 @@ [06 Oct 2020] DSA-4770-1 thunderbird - security update + {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678} [buster] - thunderbird 1:78.3.1-2~deb10u2 [02 Oct 2020] DSA-4769-1 xen - security update {CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e78d9942d995f5519d62aad6e09278e89474a58 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e78d9942d995f5519d62aad6e09278e89474a58 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 67a86008 by Moritz Muehlenhoff at 2020-10-06T22:29:19+02:00 thunderbird DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,5 @@ +[06 Oct 2020] DSA-4770-1 thunderbird - security update + [buster] - thunderbird 1:78.3.1-2~deb10u2 [02 Oct 2020] DSA-4769-1 xen - security update {CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604} [buster] - xen 4.11.4+37-g3263f257ca-1 = data/dsa-needed.txt = @@ -28,8 +28,6 @@ netty -- python-flask-cors -- -thunderbird (jmm) --- xcftools Hugo proposed to work on this update -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a86008ab36bef0b31dbf14aa709cb0cf337040 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a86008ab36bef0b31dbf14aa709cb0cf337040 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e393d30 by Salvatore Bonaccorso at 2020-10-06T22:28:14+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,9 +17,9 @@ CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) s CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2020-26596 RESERVED CVE-2020-26595 @@ -49,7 +49,7 @@ CVE-2020-26584 CVE-2020-26583 RESERVED CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...) - TODO: check + NOT-FOR-US: D-Link CVE-2020-26581 RESERVED CVE-2020-26580 @@ -65,7 +65,7 @@ CVE-2020-26576 CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...) TODO: check CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...) - TODO: check + NOT-FOR-US: Leostream CVE-2020-26573 RESERVED CVE-2019-20932 @@ -1336,9 +1336,9 @@ CVE-2020-25989 CVE-2020-25988 RESERVED CVE-2020-25987 (MonoCMS Blog version as of 29-09-2020 stores hard-coded admin hashes i ...) - TODO: check + NOT-FOR-US: MonoCMS Blog CVE-2020-25986 (Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog versio ...) - TODO: check + NOT-FOR-US: MonoCMS Blog CVE-2020-25985 RESERVED CVE-2020-25984 @@ -1740,9 +1740,9 @@ CVE-2020-25805 CVE-2020-25804 RESERVED CVE-2020-25803 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) - TODO: check + NOT-FOR-US: Crafter Studio of Crafter CMS CVE-2020-25802 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) - TODO: check + NOT-FOR-US: Crafter Studio of Crafter CMS CVE-2020-25801 RESERVED CVE-2020-25800 @@ -5268,17 +5268,17 @@ CVE-2020-24221 CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...) NOT-FOR-US: ShopXO CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...) - TODO: check + NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders CVE-2020-24218 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...) - TODO: check + NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders CVE-2020-24217 (An issue was discovered in the box application on HiSilicon based IPTV ...) - TODO: check + NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24216 (An issue was discovered in the box application on HiSilicon based IPTV ...) - TODO: check + NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24215 (An issue was discovered in the box application on HiSilicon based IPTV ...) - TODO: check + NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24214 (An issue was discovered in the box application on HiSilicon based IPTV ...) - TODO: check + NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...) NOT-FOR-US: ygocore CVE-2020-24212 @@ -6042,7 +6042,7 @@ CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...) NOT-FOR-US: Projectworlds House Rental CVE-2020-23832 (A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin ...) - TODO: check + NOT-FOR-US: Projectworlds Car Rental Management System CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Stock Management System CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...) @@ -21312,7 +21312,7 @@ CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, c CVE-2020-16268 RESERVED CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...) - mantis CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...) @@ -22072,7 +22072,7 @@ CVE-2020-15929 CVE-2020-15928
[Git][security-tracker-team/security-tracker][master] Reference proposed fix for CVE-2014-10401/libdbi-perl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6b05400c by Salvatore Bonaccorso at 2020-10-06T22:18:19+02:00 Reference proposed fix for CVE-2014-10401/libdbi-perl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2915,6 +2915,7 @@ CVE-2014-10401 (An issue was discovered in the DBI module before 1.632 for Perl. - libdbi-perl 1.633-1 NOTE: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508 + NOTE: Proposed fix: https://github.com/perl5-dbi/dbi/pull/93 CVE-2013-7491 (An issue was discovered in the DBI module before 1.628 for Perl. Stack ...) - libdbi-perl 1.628-1 NOTE: https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b05400c5c4c8f5cdd28eeb0808235530fd5fab5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b05400c5c4c8f5cdd28eeb0808235530fd5fab5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d3d3a488 by Salvatore Bonaccorso at 2020-10-06T22:16:44+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,21 +1,21 @@ CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26606 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26605 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26604 (An issue was discovered in SystemUI on Samsung mobile devices with O(8 ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26603 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26602 (An issue was discovered in EthernetNetwork on Samsung mobile devices w ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26601 (An issue was discovered in DirEncryptService on Samsung mobile devices ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) TODO: check CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...) @@ -52740,7 +52740,7 @@ CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process M CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...) NOT-FOR-US: IBM CVE-2020-4528 (IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 throug ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) @@ -107645,7 +107645,7 @@ CVE-2019-4727 CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...) NOT-FOR-US: IBM CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4724 RESERVED CVE-2019-4723 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3d3a488f6e4e1693e97a5a6a429fd4d55f40492 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3d3a488f6e4e1693e97a5a6a429fd4d55f40492 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e5cd48c by security tracker role at 2020-10-06T20:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,95 @@ +CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with ...) + TODO: check +CVE-2020-26606 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-26605 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...) + TODO: check +CVE-2020-26604 (An issue was discovered in SystemUI on Samsung mobile devices with O(8 ...) + TODO: check +CVE-2020-26603 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-26602 (An issue was discovered in EthernetNetwork on Samsung mobile devices w ...) + TODO: check +CVE-2020-26601 (An issue was discovered in DirEncryptService on Samsung mobile devices ...) + TODO: check +CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + TODO: check +CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + TODO: check +CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + TODO: check +CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...) + TODO: check +CVE-2020-26596 + RESERVED +CVE-2020-26595 + RESERVED +CVE-2020-26594 + RESERVED +CVE-2020-26593 + RESERVED +CVE-2020-26592 + RESERVED +CVE-2020-26591 + RESERVED +CVE-2020-26590 + RESERVED +CVE-2020-26589 + RESERVED +CVE-2020-26588 + RESERVED +CVE-2020-26587 + RESERVED +CVE-2020-26586 + RESERVED +CVE-2020-26585 + RESERVED +CVE-2020-26584 + RESERVED +CVE-2020-26583 + RESERVED +CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...) + TODO: check +CVE-2020-26581 + RESERVED +CVE-2020-26580 + RESERVED +CVE-2020-26579 + RESERVED +CVE-2020-26578 + RESERVED +CVE-2020-26577 + RESERVED +CVE-2020-26576 + RESERVED +CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...) + TODO: check +CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...) + TODO: check +CVE-2020-26573 + RESERVED +CVE-2019-20932 + RESERVED +CVE-2019-20931 + RESERVED +CVE-2019-20930 + RESERVED +CVE-2019-20929 + RESERVED +CVE-2019-20928 + RESERVED +CVE-2019-20927 + RESERVED +CVE-2019-20926 + RESERVED +CVE-2019-20925 + RESERVED +CVE-2019-20924 + RESERVED +CVE-2019-20923 + RESERVED +CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...) + TODO: check CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) - opensc NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 @@ -1243,10 +1335,10 @@ CVE-2020-25989 RESERVED CVE-2020-25988 RESERVED -CVE-2020-25987 - RESERVED -CVE-2020-25986 - RESERVED +CVE-2020-25987 (MonoCMS Blog version as of 29-09-2020 stores hard-coded admin hashes i ...) + TODO: check +CVE-2020-25986 (Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog versio ...) + TODO: check CVE-2020-25985 RESERVED CVE-2020-25984 @@ -1489,8 +1581,7 @@ CVE-2020-25868 RESERVED CVE-2020-25867 RESERVED -CVE-2020-25866 - RESERVED +CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...) - wireshark 3.2.7-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) @@ -1500,15 +1591,13 @@ CVE-2020-25865 RESERVED CVE-2020-25864 RESERVED -CVE-2020-25863 - RESERVED +CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) - wireshark 3.2.7-1 [buster] - wireshark (Minor issue, can be fixed along in next DSA) [stretch] - wireshark (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741 -CVE-2020-25862 - RESERVED +CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) - wireshark 3.2.7-1 [buster] - wireshark (Minor issue, can be fixed along in next DSA) [stretch] - wireshark (Minor issue, can be fixed along in next DLA) @@ -1650,10 +1739,10 @@ CVE-2020-25805 RESERVED CVE-2020-25804 RESERVED
[Git][security-tracker-team/security-tracker][master] Track fixes for etcd via experimental
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 368a2ee7 by Salvatore Bonaccorso at 2020-10-06T21:05:59+02:00 Track fixes for etcd via experimental - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24010,6 +24010,7 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) NOT-FOR-US: HoRNDIS CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd (bug #968752) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) @@ -24068,15 +24069,19 @@ CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashe CVE-2020-15116 RESERVED CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...) @@ -24094,6 +24099,7 @@ CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...) NOT-FOR-US: openenclave CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...) + [experimental] - etcd 3.3.25+dfsg-1 - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368a2ee7262931f5c230873fd0cc454cd7319850 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368a2ee7262931f5c230873fd0cc454cd7319850 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add notes for sympa
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ca9f7df by Utkarsh Gupta at 2020-10-07T00:17:36+05:30 Add notes for sympa - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -185,6 +185,8 @@ sympa (Sylvain Beucler) NOTE: 20200604: the upload is ready but has been put on hold for a while. (utkarsh) NOTE: 20200604: the non-public patch is being discussed internally. (utkarsh) NOTE: 20200604: shall process the upload once the confirmation is given. (utkarsh) + NOTE: 20201007: please note that the update is ready and tested on my end. (utkarsh) + NOTE: 20201007: waiting for some internal confirmation to release the update. (utkarsh) -- thunderbird (Emilio) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca9f7df5f84e7fc3268f3ac87f2c6a005df0a1b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ca9f7df5f84e7fc3268f3ac87f2c6a005df0a1b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-26541/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 17c5f1b6 by Salvatore Bonaccorso at 2020-10-06T20:45:43+02:00 Update status for CVE-2020-26541/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -70,6 +70,7 @@ CVE-2020-26542 RESERVED CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...) - linux + [stretch] - linux (Secure Boot key import not supported) NOTE: https://lkml.org/lkml/2020/9/15/1871 CVE-2020-26540 (An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on m ...) NOT-FOR-US: Foxit Reader View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c5f1b6714bb1152d1297e4ff3c0bba1140f0d3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17c5f1b6714bb1152d1297e4ff3c0bba1140f0d3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim sympa
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: baf229f7 by Sylvain Beucler at 2020-10-06T19:48:07+02:00 dla: claim sympa - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -175,7 +175,7 @@ slirp NOTE: CVE-2020-7039 to be applied patched first, as they both patch NOTE: the same lines of code in tcp_subr.c (bam). -- -sympa +sympa (Sylvain Beucler) NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh) NOTE: 20200525: But that is weird, given their announcement. (utkarsh) NOTE: 20200525: More discussion about this has been shared on the list. (utkarsh) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf229f75ceb2170aea610339a54865b5729197c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/baf229f75ceb2170aea610339a54865b5729197c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new nette issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c895ca68 by Moritz Muehlenhoff at 2020-10-06T15:07:21+02:00 new nette issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4877,7 +4877,7 @@ CVE-2020-24358 CVE-2020-24357 RESERVED CVE-2020-24356 (`cloudflared` versions prior to 2020.8.1 contain a local privilege esc ...) - TODO: check + NOT-FOR-US: cloudflared CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) NOT-FOR-US: Zyxel CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) @@ -22922,7 +22922,7 @@ CVE-2019-20905 CVE-2019-20904 RESERVED CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...) NOT-FOR-US: Atlassian CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...) @@ -23797,17 +23797,18 @@ CVE-2020-15234 (ORY Fosite is a security first OAuth2 & OpenID Connect frame CVE-2020-15233 (ORY Fosite is a security first OAuth2 & OpenID Connect framework f ...) NOT-FOR-US: ORY Fosite CVE-2020-15232 (In mapfish-print before version 3.24, a user can do to an XML External ...) - TODO: check + NOT-FOR-US: mapfish-print CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP support ...) - TODO: check + NOT-FOR-US: mapfish-print CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...) - TODO: check + NOT-FOR-US: Vapor CVE-2020-15229 RESERVED CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...) TODO: check CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...) - TODO: check + - php-nette + NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 CVE-2020-15226 RESERVED CVE-2020-15225 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c895ca68c629a9ba7c21d9020bd6a0fd3baa5ecd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c895ca68c629a9ba7c21d9020bd6a0fd3baa5ecd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug references for spice and spice-gtk issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e966555d by Salvatore Bonaccorso at 2020-10-06T14:30:41+02:00 Add Debian bug references for spice and spice-gtk issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26160,8 +26160,8 @@ CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 sub NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed CVE-2020-14355 RESERVED - - spice - - spice-gtk + - spice (bug #971750) + - spice-gtk (bug #971751) NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4 NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e966555d9bf1a63f86434fcfe1badbcea671f348 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e966555d9bf1a63f86434fcfe1badbcea671f348 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b7f7b9f by Salvatore Bonaccorso at 2020-10-06T10:32:08+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -49740,13 +49740,13 @@ CVE-2020-5636 CVE-2020-5635 RESERVED CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC ...) - TODO: check + NOT-FOR-US: ELECOM LAN routers CVE-2020-5633 RESERVED CVE-2020-5632 (InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and ...) - TODO: check + NOT-FOR-US: InfoCage SiteShell CVE-2020-5631 (Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 ...) - TODO: check + NOT-FOR-US: CMONOS.JP CVE-2020-5630 RESERVED CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7f7b9f9e149c41c3c65b9df8d0f0225f007af6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b7f7b9f9e149c41c3c65b9df8d0f0225f007af6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26571/opensc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8d8f6345 by Salvatore Bonaccorso at 2020-10-06T10:25:33+02:00 Add CVE-2020-26571/opensc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,9 @@ CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) - TODO: check + - opensc + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 + TODO: check, unclear fixing commit CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) TODO: check CVE-2020-26569 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d8f6345da69fde94095ad3a2ca66e09574bfe3a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d8f6345da69fde94095ad3a2ca66e09574bfe3a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-26572/opensc
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ce277e65 by Salvatore Bonaccorso at 2020-10-06T10:23:47+02:00 Add CVE-2020-26572/opensc - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,7 @@ CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) - TODO: check + - opensc + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 + NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) TODO: check CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce277e65d69eebb8bb62c3e545bcc15f1f28b3e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce277e65d69eebb8bb62c3e545bcc15f1f28b3e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4cfad288 by security tracker role at 2020-10-06T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,23 @@ +CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) + TODO: check +CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) + TODO: check +CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) + TODO: check +CVE-2020-26569 + RESERVED +CVE-2020-26568 + RESERVED +CVE-2020-26567 + RESERVED +CVE-2020-26566 + RESERVED +CVE-2020-26565 + RESERVED +CVE-2020-26564 + RESERVED +CVE-2020-26563 + RESERVED CVE-2020-26562 RESERVED CVE-2020-26561 @@ -4260,7 +4280,7 @@ CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exp NOT-FOR-US: Sonatype CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...) NOT-FOR-US: OpenMRS -CVE-2020-24620 (Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable ...) +CVE-2020-24620 (Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable ...) NOT-FOR-US: Unisys CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...) NOT-FOR-US: Shotcut @@ -49713,14 +49733,14 @@ CVE-2020-5636 RESERVED CVE-2020-5635 RESERVED -CVE-2020-5634 - RESERVED +CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC ...) + TODO: check CVE-2020-5633 RESERVED -CVE-2020-5632 - RESERVED -CVE-2020-5631 - RESERVED +CVE-2020-5632 (InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and ...) + TODO: check +CVE-2020-5631 (Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 ...) + TODO: check CVE-2020-5630 RESERVED CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cfad288361633045da430844f68f4627f727066 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cfad288361633045da430844f68f4627f727066 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits