[Git][security-tracker-team/security-tracker][master] buster/stretch triage

Thu, 13 Feb 2020 01:47:13 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
59629278 by Moritz Muehlenhoff at 2020-02-13T10:46:19+01:00
buster/stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1021,7 +1021,9 @@ CVE-2020-8493 (A stored XSS vulnerability in Kronos Web 
Time and Attendance (web
 CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 
3.6.10, 3.7  ...)
        - python3.8 <unfixed>
        - python3.7 <unfixed>
+       [buster] - python3.7 <no-dsa> (Minor issue)
        - python3.5 <removed>
+       [stretch] - python3.5 <no-dsa> (Minor issue)
        - python3.4 <removed>
        - python2.7 <unfixed>
        [buster] - python2.7 <no-dsa> (Minor issue)
@@ -2080,9 +2082,11 @@ CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 
has a buffer over-read f
        NOTE: Recommended additionally: 
https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
 CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in 
virglrenderer throu ...)
        - virglrenderer 0.8.2-1 (bug #949954)
+       [buster] - virglrenderer <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
 CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer 
throug ...)
        - virglrenderer 0.8.2-1 (bug #949954)
+       [buster] - virglrenderer <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5
 CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a 
hardcoded pass ...)
        NOT-FOR-US: Intellian Aptus application for Android
@@ -15206,6 +15210,7 @@ CVE-2020-2586 (Vulnerability in the Oracle Human 
Resources product of Oracle E-B
        NOT-FOR-US: Oracle
 CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE 
(component: Jav ...)
        - openjfx 11+26-1
+       [stretch] - openjfx <no-dsa> (Minor issue)
        NOTE: This only affects JavaFX 8, so marking the first post 8 version 
as fixed
 CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-5.7 <unfixed> (bug #949994)
@@ -22945,19 +22950,23 @@ CVE-2019-18392
        RESERVED
 CVE-2019-18391 (A heap-based buffer overflow in the 
vrend_renderer_transfer_write_iov  ...)
        - virglrenderer 0.8.1-1 (bug #946942)
+       [buster] - virglrenderer <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
 CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function 
in vrend ...)
        - virglrenderer 0.8.1-1
+       [buster] - virglrenderer <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
 CVE-2019-18389 (A heap-based buffer overflow in the 
vrend_renderer_transfer_write_iov  ...)
        - virglrenderer 0.8.1-1 (bug #946942)
+       [buster] - virglrenderer <no-dsa> (Minor issue)
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
 CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in 
virglrenderer throug ...)
        - virglrenderer 0.8.1-1
+       [buster] - virglrenderer <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
        NOTE: 
https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/596292786a59bf96d8c565d903a00f8d455dfbeb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/596292786a59bf96d8c565d903a00f8d455dfbeb
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to