Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11584f78 by Moritz Muehlenhoff at 2020-11-26T22:37:38+01:00
new kamailio, jupyter-server issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -320,7 +320,7 @@ CVE-2020-28984
(prive/formulaires/configurer_preferences.php in SPIP before 3.2.
- spip 3.2.8-1
NOTE:
https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324,
as used i ...)
- TODO: check
+ NOTE: disputed libsvm non issue
CVE-2020-28973
RESERVED
CVE-2020-28972
@@ -2797,7 +2797,9 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the
Linux kernel before 5.
NOTE:
https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2
CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in
Sippy So ...)
- TODO: check, this might be specific to Kamailio as used in the
specified product
+ - kamailio 5.4.0-1
+ [buster] - kamailio <no-dsa> (Minor issue)
+ NOTE:
https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html
CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below
insuffic ...)
NOT-FOR-US: Node private-ip
CVE-2020-28359
@@ -7523,7 +7525,7 @@ CVE-2020-27209
CVE-2020-27208
RESERVED
CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free,
related to sq ...)
- TODO: check
+ NOT-FOR-US: Zetetic SQLCipher
CVE-2020-27206
RESERVED
CVE-2020-27205
@@ -9660,11 +9662,11 @@ CVE-2020-26243 (Nanopb is a small code-size Protocol
Buffers implementation. In
NOTE:
https://github.com/nanopb/nanopb/commit/edf6dcbffee4d614ac0c2c1b258ab95185bdb6e9
(0.4.4)
NOTE: https://github.com/nanopb/nanopb/issues/615
CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
- TODO: check
+ NOT-FOR-US: Go Ethereum
CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
- TODO: check
+ NOT-FOR-US: Go Ethereum
CVE-2020-26240 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
- TODO: check
+ NOT-FOR-US: Go Ethereum
CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and
Firefox ...)
NOT-FOR-US: Scratch Addons
CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons
as well ...)
@@ -9682,7 +9684,9 @@ CVE-2020-26234
CVE-2020-26233
RESERVED
CVE-2020-26232 (Jupyter Server before version 1.0.6 has an Open redirect
vulnerability ...)
- TODO: check
+ - jupyter-server 1.0.7-1
+ NOTE:
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v
+ NOTE:
https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157
CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based
on the ...)
NOT-FOR-US: October CMS
CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app
for Spa ...)
@@ -39396,7 +39400,6 @@ CVE-2020-12912 (A potential vulnerability in the AMD
extension to Linux "hwmon"
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1897402
NOTE: https://support.lenovo.com/lu/uk/product_security/LEN-50481
NOTE: CONFIG_SENSORS_AMD_ENERGY not enabled in Debian builds
- TODO: check, correctness
CVE-2020-12911 (A denial of service vulnerability exists in the
D3DKMTCreateAllocation ...)
NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12910
@@ -41006,7 +41009,7 @@ CVE-2020-12340
CVE-2020-12339
RESERVED
CVE-2020-12338 (Insufficient control flow management in the Open WebRTC
Toolkit before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R)
NUCs may al ...)
NOT-FOR-US: Intel
CVE-2020-12336 (Insecure default variable initialization in firmware for some
Intel(R) ...)
@@ -54088,9 +54091,9 @@ CVE-2020-7781
CVE-2020-7780
RESERVED
CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular
Expressi ...)
- TODO: check
+ NOT-FOR-US: Node djvalidator
CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The
attacker ...)
- TODO: check
+ NOT-FOR-US: Node systeminformation
CVE-2020-7777 (This affects all versions of package jsen. If an attacker can
control ...)
NOT-FOR-US: Node jsen
CVE-2020-7776
@@ -276092,7 +276095,7 @@ CVE-2015-5438
CVE-2015-5437
REJECTED
CVE-2015-5436 (A potential security vulnerability has been identified with HP
Integra ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO)
firmware 3 ...)
NOT-FOR-US: HP
CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5,
Comware 7, H ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11584f78c23c0eef4d199818927254e8d2bf56f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11584f78c23c0eef4d199818927254e8d2bf56f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
