Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 659a7ad5 by security tracker role at 2020-03-20T20:10:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -219,8 +219,8 @@ CVE-2020-10599 RESERVED CVE-2020-10598 RESERVED -CVE-2020-10597 - RESERVED +CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...) + TODO: check CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...) @@ -373,6 +373,7 @@ CVE-2020-10533 CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) NOT-FOR-US: AD Helper component in WatchGuard Fireware CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) + {DLA-2151-1} [experimental] - icu 66.1-2 - icu 63.2-3 (bug #953747) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) @@ -1098,7 +1099,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html TODO: check further details CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - libusrsctp 0.9.3.0+20200312-1 (bug #953270) - firefox 74.0-1 - firefox-esr 68.6.0esr-1 @@ -3012,6 +3013,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Set NOT-FOR-US: fauzantrif eLection CVE-2020-6816 [mutation XSS vulnerability again] RESERVED + {DSA-4643-1} - python-bleach 3.1.3-1 (bug #954236) [stretch] - python-bleach <ignored> (Requires invasive changes to address issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) @@ -8779,7 +8781,7 @@ CVE-2020-6815 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 RESERVED - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -8792,7 +8794,7 @@ CVE-2020-6813 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 RESERVED - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -8801,7 +8803,7 @@ CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 RESERVED - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -8822,7 +8824,7 @@ CVE-2020-6808 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 RESERVED - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -8831,7 +8833,7 @@ CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 RESERVED - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -8840,7 +8842,7 @@ CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 RESERVED - {DSA-4642-1 DSA-4639-1 DLA-2140-1} + {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -9659,8 +9661,7 @@ CVE-2020-6451 RESERVED CVE-2020-6450 RESERVED -CVE-2020-6449 - RESERVED +CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6448 @@ -9701,40 +9702,33 @@ CVE-2020-6431 RESERVED CVE-2020-6430 RESERVED -CVE-2020-6429 - RESERVED +CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6428 - RESERVED +CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6427 - RESERVED +CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6426 - RESERVED +CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6425 RESERVED - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) -CVE-2020-6424 - RESERVED +CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6423 RESERVED -CVE-2020-6422 - RESERVED +CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...) - chromium 80.0.3987.149-1 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6421 RESERVED -CVE-2020-6420 - RESERVED +CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.132-1 [stretch] - chromium <end-of-life> (see DSA 4562) @@ -21640,10 +21634,10 @@ CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R NOT-FOR-US: Huawei CVE-2020-1880 RESERVED -CVE-2020-1879 - RESERVED -CVE-2020-1878 - RESERVED +CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...) + TODO: check +CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...) + TODO: check CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) @@ -21670,12 +21664,12 @@ CVE-2020-1866 RESERVED CVE-2020-1865 RESERVED -CVE-2020-1864 - RESERVED +CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...) + TODO: check CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...) NOT-FOR-US: Huawei -CVE-2020-1862 - RESERVED +CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local ...) + TODO: check CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...) NOT-FOR-US: Huawei CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) @@ -21806,14 +21800,14 @@ CVE-2020-1798 RESERVED CVE-2020-1797 RESERVED -CVE-2020-1796 - RESERVED -CVE-2020-1795 - RESERVED -CVE-2020-1794 - RESERVED -CVE-2020-1793 - RESERVED +CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...) + TODO: check +CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...) + TODO: check +CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...) + TODO: check +CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...) + TODO: check CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...) NOT-FOR-US: Huawei CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) @@ -22305,13 +22299,11 @@ CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3 CVE-2020-1710 RESERVED -CVE-2020-1709 - RESERVED +CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...) NOT-FOR-US: openshift CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...) NOT-FOR-US: openshift -CVE-2020-1707 - RESERVED +CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...) NOT-FOR-US: openshift CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...) NOT-FOR-US: openshift @@ -22347,8 +22339,7 @@ CVE-2020-1698 RESERVED CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak -CVE-2020-1696 - RESERVED +CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) - dogtag-pki <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707 CVE-2020-1695 @@ -22410,8 +22401,7 @@ CVE-2019-19347 CVE-2019-19346 RESERVED NOT-FOR-US: openshift -CVE-2019-19345 - RESERVED +CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x version ...) NOT-FOR-US: openshift CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...) - samba 2:4.11.5+dfsg-1 (bug #950499) @@ -38460,8 +38450,7 @@ CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451 NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4 -CVE-2019-14855 [WoT forgeries using SHA-1] - RESERVED +CVE-2019-14855 (A flaw was found in the way certificate signatures could be forged usi ...) - gnupg2 2.2.19-1 (low; bug #945859) [buster] - gnupg2 <no-dsa> (Minor issue) [stretch] - gnupg2 <no-dsa> (Minor issue) @@ -52917,8 +52906,7 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the NOTE: https://github.com/ceph/ceph/commit/6171399fdedd928b4249d135b4036e3de25079aa NOTE: 12.2.x installations only affected by the vulnerability if experimental NOTE: features are enabled. -CVE-2019-10221 - RESERVED +CVE-2019-10221 (A Reflected Cross Site Scripting vulnerability was found in all pki-co ...) - dogtag-pki <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1732565 CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...) @@ -53115,8 +53103,7 @@ CVE-2019-10180 RESERVED - dogtag-pki <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137 -CVE-2019-10179 - RESERVED +CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...) - dogtag-pki <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901 CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not properly ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659a7ad5a7cc612dc84bf247f1da8f4bd15b2354 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659a7ad5a7cc612dc84bf247f1da8f4bd15b2354 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits