[Git][security-tracker-team/security-tracker][master] dla: update package status
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker Commits: e230812b by Emilio Pozuelo Monfort at 2020-10-12T01:00:01+02:00 dla: update package status - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -97,6 +97,7 @@ libonig (Markus Koschany) NOTE: 20201002: and the other 6/7 CVEs tagged as no-dsa in stretch but fixed in jessie. (utkarsh) -- libproxy (Emilio) + NOTE: 20201012: patch not sanctioned upstream yet (Emilio) -- linux (Ben Hutchings) -- @@ -189,6 +190,7 @@ sympa NOTE: 20201007: I won't have time to do more this month (Beuc) -- thunderbird (Emilio) + NOTE: 20201012: update now in buster, working on the stretch backport (Emilio) -- tinymce (Abhijith PA) NOTE: 20201003: relevant commits are hard to chase down (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e230812b113fb68459704b6cf3a21cc2e4afe081 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e230812b113fb68459704b6cf3a21cc2e4afe081 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version of rails for CVE-2020-8264
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: b740da50 by Utkarsh Gupta at 2020-10-12T01:42:02+05:30 Track fixed version of rails for CVE-2020-8264 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44013,7 +44013,7 @@ CVE-2020-8265 RESERVED CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode] RESERVED - - rails (bug #971988) + - rails 2:6.0.3.4+dfsg-1 (bug #971988) [buster] - rails (Vulnerable code not present) [stretch] - rails (Vulnerable code not present) NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b740da508ef107e7929fa733972c4b39a4311038 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b740da508ef107e7929fa733972c4b39a4311038 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5bd36052 by security tracker role at 2020-10-11T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -27011,6 +27011,7 @@ CVE-2020-14356 (A flaw null pointer dereference in the
Linux kernel cgroupv2 sub
[buster] - linux 4.19.146-1
NOTE: Fixed by:
https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the
QUIC image ...)
+ {DSA-4771-1}
- spice (bug #971750)
- spice-gtk (bug #971751)
[buster] - spice-gtk (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bd360524689392a266ca0d7a0b36cd7648d75eb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bd360524689392a266ca0d7a0b36cd7648d75eb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: still ongoing
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 721d0e5a by Adrian Bunk at 2020-10-11T22:39:58+03:00 dla: still ongoing - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -206,5 +206,5 @@ xcftools NOTE: 20200605: Patch https://salsa.debian.org/lts-team/packages/xcftools/-/blob/fix/test-CVE-2019-5087/debian/patches/CVE-2019-5087.patch (gladk) -- zeromq3 (Adrian Bunk) - NOTE: 20200928: testing fixed package (bunk) + NOTE: 20201011: testing fixed package (bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/721d0e5a2b18dafd9a01051e7f1f6d57f1e51c10 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/721d0e5a2b18dafd9a01051e7f1f6d57f1e51c10 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] opensc bugs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: acc1453c by Moritz Muehlenhoff at 2020-10-11T19:15:17+02:00 opensc bugs older undertow issue fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -788,13 +788,13 @@ CVE-2019-20923 CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...) - glibc 2.2-1 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) - - opensc + - opensc (bug #972035) [buster] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) - - opensc + - opensc (bug #972036) [buster] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 @@ -78197,7 +78197,7 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v NOTE: https://bugs.debian.org/947129 NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...) - - undertow + - undertow 2.0.28-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464 CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...) - wildfly (bug #752018) @@ -133634,16 +133634,16 @@ CVE-2018-15163 CVE-2018-15162 RESERVED CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...) - - libesedb + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in libese ...) - - libesedb + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...) - - libesedb + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...) - - libesedb + NOTE: Disputed libesedb issues NOTE: https://github.com/libyal/libesedb/issues/43 CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c ...) NOT-FOR-US: libfsclfs View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc1453cff2e3eaaee2ce4eebe420f8ae6921358 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc1453cff2e3eaaee2ce4eebe420f8ae6921358 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2018-20243 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cbaabfd by Salvatore Bonaccorso at 2020-10-11T16:04:35+02:00 Add CVE-2018-20243 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -112897,6 +112897,7 @@ CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could ed - airflow (bug #819700) CVE-2018-20243 RESERVED + NOT-FOR-US: Apache Fineract CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...) - jspwiki CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and Crucibl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cbaabfda9d41fc33f23e01a0cd84041058a2ca9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8cbaabfda9d41fc33f23e01a0cd84041058a2ca9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-26935/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f106fc42 by Salvatore Bonaccorso at 2020-10-11T15:56:53+02:00 Add Debian bug reference for CVE-2020-26935/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,7 +27,7 @@ CVE-2020-26937 CVE-2020-26936 RESERVED CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...) - - phpmyadmin + - phpmyadmin (bug #972000) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2 CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f106fc427f8794d050e2f96e8bed07357cdb86e0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f106fc427f8794d050e2f96e8bed07357cdb86e0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-26934/phpmyadmin
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c3feca7 by Salvatore Bonaccorso at 2020-10-11T15:56:08+02:00 Add Debian bug reference for CVE-2020-26934/phpmyadmin - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,7 @@ CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2 CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...) - - phpmyadmin + - phpmyadmin (bug #971999) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523 CVE-2020-26933 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3feca74aa43b9b7c16f4dcb2b7c048f63d2b42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c3feca74aa43b9b7c16f4dcb2b7c048f63d2b42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] stretch triage
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 47e7d5a4 by Abhijith PA at 2020-10-11T19:22:58+05:30 stretch triage - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1653,6 +1653,7 @@ CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular ex CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...) - node-handlebars 3:4.7.2-1 - libjs-handlebars + [stretch] - libjs-handlebars (Only reverse depends was diaspora which not in stretch) NOTE: https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 NOTE: https://www.npmjs.com/advisories/1300 @@ -1661,6 +1662,7 @@ CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS) CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...) - node-handlebars 3:4.5.3-1 - libjs-handlebars + [stretch] - libjs-handlebars (Only reverse depends was diaspora which not in stretch) NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 NOTE: https://www.npmjs.com/advisories/1316 NOTE: https://www.npmjs.com/advisories/1324 = data/dla-needed.txt = @@ -74,6 +74,8 @@ golang-1.7 -- golang-1.8 -- +golang-github-dgrijalva-jwt-go +-- golang-golang-x-net-dev -- guacamole-server (Markus Koschany) @@ -87,6 +89,8 @@ jupyter-notebook lemonldap-ng NOTE: 20200910: Released a DLA for CVE-2020-24660 a few days ago, so could defer. (lamby) -- +kdeconnect +-- libonig (Markus Koschany) NOTE: 20201002: Fix for CVE-2020-26159 is too trivial. Besides that, please consider NOTE: 20201002: fixing other errors mentioned in https://github.com/kkos/oniguruma/issues/207 @@ -116,8 +120,13 @@ php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- +phpmyadmin (Abhijith PA) +-- python3.5 (Thorsten Alteholz) -- +pluxml + NOTE: 20201011: issue is still open upstream. Also low priority for us (abhijith) +-- qtsvg-opensource-src (Adrian Bunk) -- reel View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e7d5a422a065693233318b1817832d77faf5c8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47e7d5a422a065693233318b1817832d77faf5c8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for spice update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8688c410 by Salvatore Bonaccorso at 2020-10-11T15:35:40+02:00
Reserve DSA number for spice update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[11 Oct 2020] DSA-4771-1 spice - security update
+ {CVE-2020-14355}
+ [buster] - spice 0.14.0-1.3+deb10u1
[06 Oct 2020] DSA-4770-1 thunderbird - security update
{CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
[buster] - thunderbird 1:78.3.1-2~deb10u2
=
data/dsa-needed.txt
=
@@ -29,8 +29,6 @@ netty
python-flask-cors
Maintainer working on an update, cf. #969362
--
-spice (carnil)
---
xcftools
Hugo proposed to work on this update
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8688c41027733c7dbc0313694192ac1d84256576
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8688c41027733c7dbc0313694192ac1d84256576
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-8264/rails
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53462fc4 by Salvatore Bonaccorso at 2020-10-11T10:19:56+02:00 Add Debian bug reference for CVE-2020-8264/rails - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -44010,7 +44010,7 @@ CVE-2020-8265 RESERVED CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode] RESERVED - - rails + - rails (bug #971988) [buster] - rails (Vulnerable code not present) [stretch] - rails (Vulnerable code not present) NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53462fc47681e1a942b1b6356daf7b0c93e5d82a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53462fc47681e1a942b1b6356daf7b0c93e5d82a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4465870e by Salvatore Bonaccorso at 2020-10-11T10:13:15+02:00 Process two NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2020-26949 RESERVED CVE-2020-26948 (Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ...) - TODO: check + NOT-FOR-US: Emby Server CVE-2020-26947 (monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in a ...) TODO: check CVE-2020-26946 RESERVED CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object streams. ...) - TODO: check + NOT-FOR-US: MyBatis CVE-2020-26944 RESERVED CVE-2020-26943 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4465870eb7b9859c43be9bcb754f27babde2397b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4465870eb7b9859c43be9bcb754f27babde2397b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ed53de33 by security tracker role at 2020-10-11T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,19 @@ +CVE-2020-26949 + RESERVED +CVE-2020-26948 (Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ...) + TODO: check +CVE-2020-26947 (monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in a ...) + TODO: check +CVE-2020-26946 + RESERVED +CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object streams. ...) + TODO: check +CVE-2020-26944 + RESERVED +CVE-2020-26943 + RESERVED +CVE-2020-26942 + RESERVED CVE-2020-26941 RESERVED CVE-2020-26940 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed53de3338ed3a2097d6f56dde0664dc4aaed634 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed53de3338ed3a2097d6f56dde0664dc4aaed634 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] flashplugin-nonfree removed from everywhere
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d460a83 by Salvatore Bonaccorso at 2020-10-11T10:09:34+02:00 flashplugin-nonfree removed from everywhere - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -806,3 +806,4 @@ weboob libperlspeak-perl golang-github-unknwon-cae am-utils +flashplugin-nonfree View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d460a830e19c6e1ae3812141a042fc880fab7e2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d460a830e19c6e1ae3812141a042fc880fab7e2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add am-utils to removed packages
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0327aaf3 by Salvatore Bonaccorso at 2020-10-11T10:08:58+02:00 Add am-utils to removed packages - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -805,3 +805,4 @@ ksh93 weboob libperlspeak-perl golang-github-unknwon-cae +am-utils View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0327aaf3571c529aa5b41e3b73bf2ff27c1ba394 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0327aaf3571c529aa5b41e3b73bf2ff27c1ba394 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6c4fa2bc by Salvatore Bonaccorso at 2020-10-11T10:07:53+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -42785,9 +42785,9 @@ CVE-2019-20449
CVE-2019-20448
RESERVED
CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and
4.14.0 al ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS
4.11 an ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2020-8780
RESERVED
CVE-2020-8779
@@ -62698,7 +62698,7 @@ CVE-2019-19117
(/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2
CVE-2019-19116
RESERVED
CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO
Software Compo ...)
- TODO: check
+ NOT-FOR-US: Nahimic APO Software Component Driver
CVE-2019-19114
RESERVED
CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall
(aka Ne ...)
@@ -63109,7 +63109,7 @@ CVE-2019-18991 (A partial authentication bypass
vulnerability exists on Atheros
CVE-2019-18990 (A partial authentication bypass vulnerability exists on
Realtek RTL881 ...)
TODO: check
CVE-2019-18989 (A partial authentication bypass vulnerability exists on
Mediatek MT762 ...)
- TODO: check
+ NOT-FOR-US: Mediatek devices
CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of
remote-login a ...)
NOT-FOR-US: TeamViewer
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through
1.34 for ...)
@@ -66431,7 +66431,7 @@ CVE-2020-0573
CVE-2020-0572
RESERVED
CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation
Intel(R) ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0,
5.12.7 and 5 ...)
- qtbase-opensource-src 5.12.5+dfsg-8
[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
@@ -74143,7 +74143,7 @@ CVE-2019-16162 (Onigmo through 6.2.0 has an
out-of-bounds read in parse_char_cla
CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in
onig_error_code ...)
NOT-FOR-US: Onigmo (fork of Oniguruma)
CVE-2019-16160 (An integer underflow in the SMB server of MikroTik RouterOS
before 6.4 ...)
- TODO: check
+ NOT-FOR-US: MikroTik RouterOS
CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x
through 2.0.5 ...)
- bird 1.6.8-1 (bug #939990)
[buster] - bird 1.6.6-1+deb10u1
@@ -79274,9 +79274,9 @@ CVE-2019-14558 (Insufficient control flow management in
BIOS firmware for 8th, 9
NOTE:
https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387
NOTE:
https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d
CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation
Intel(R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th
Generation ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14555
RESERVED
CVE-2019-14554
@@ -109255,9 +109255,9 @@ CVE-2019-4328
CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can
be explo ...)
NOT-FOR-US: HCL AppScan Enterprise
CVE-2019-4326 ("HCL AppScan Enterprise security rules update administration
section o ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2019-4325 ("HCL AppScan Enterprise makes use of broken or risky
cryptographic alg ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting
while i ...)
NOT-FOR-US: HCL
CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is
susceptible to c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c4fa2bcb2dcfb5835fb810df9d2edb203b24873
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c4fa2bcb2dcfb5835fb810df9d2edb203b24873
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
