Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d8949c0 by Moritz Muehlenhoff at 2020-02-12T12:03:25+01:00
firefox/firefox-esr fixed
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -535,10 +535,14 @@ CVE-2020-8633
RESERVED
CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in
cloudinit/config/cc_ ...)
- cloud-init <unfixed>
+ [buster] - cloud-init <no-dsa> (Minor issue)
+ [stretch] - cloud-init <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
NOTE: https://github.com/canonical/cloud-init/pull/189
CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random
passwo ...)
- cloud-init <unfixed>
+ [buster] - cloud-init <no-dsa> (Minor issue)
+ [stretch] - cloud-init <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
NOTE: https://github.com/canonical/cloud-init/pull/204
CVE-2020-8630
@@ -588,6 +592,8 @@ CVE-2020-8609
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses
snprintf ...)
- libslirp <unfixed>
- qemu 1:4.1-2
+ [buster] - qemu <postponed> (Minor issue)
+ [stretch] - qemu <postponed> (Minor issue)
- qemu-kvm <removed>
- slirp <unfixed>
- slirp4netns <unfixed>
@@ -845,6 +851,8 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through
3.5.9, 3.6 through 3.6.10,
- python3.5 <removed>
- python3.4 <removed>
- python2.7 <unfixed>
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39503
NOTE: https://github.com/python/cpython/pull/18284
NOTE:
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
@@ -4602,12 +4610,12 @@ CVE-2020-6802
RESERVED
CVE-2020-6801
RESERVED
- - firefox <unfixed>
+ - firefox 73.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800
RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox 73.0-1
+ - firefox-esr 68.5.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800
@@ -4620,8 +4628,8 @@ CVE-2020-6799
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798
RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox 73.0-1
+ - firefox-esr 68.5.0esr-1
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798
@@ -4636,8 +4644,8 @@ CVE-2020-6797
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
CVE-2020-6796
RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox 73.0-1
+ - firefox-esr 68.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796
CVE-2020-6795
@@ -8649,7 +8657,9 @@ CVE-2019-20164 (An issue was discovered in GPAC version
0.8.0 and 0.9.0-developm
NOTE:
https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80
(chunk #2)
CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac <unfixed> (low)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1335
NOTE:
https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80
(chunk #4)
CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and
0.9.0-development-20 ...)
@@ -17786,6 +17796,7 @@ CVE-2020-1701
NOT-FOR-US: KubeVirt
CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end
handles unexp ...)
- ceph 14.2.7-1
+ [buster] - ceph <no-dsa> (Minor issue)
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
[jessie] - ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://tracker.ceph.com/issues/42531
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d8949c0f9fbceb2b7bc9e0ef3a321e2be43c273
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d8949c0f9fbceb2b7bc9e0ef3a321e2be43c273
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
