Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6b41643b by Moritz Muehlenhoff at 2020-05-20T19:46:20+02:00 buster/stretch triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -213,6 +213,8 @@ CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee - cherokee <removed> CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer ...) - prboom-plus <unfixed> + [buster] - prboom-plus <no-dsa> (Minor issue) + [stretch] - prboom-plus <no-dsa> (Minor issue) [jessie] - prboom-plus <end-of-life> (games are not supported) NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/ @@ -822,7 +824,9 @@ CVE-2020-12830 RESERVED CVE-2020-12829 RESERVED - - qemu <unfixed> + - qemu <unfixed> (low) + [buster] - qemu <no-dsa> (Minor issue) + [stretch] - qemu <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 CVE-2020-12828 @@ -892,6 +896,8 @@ CVE-2020-12802 RESERVED CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...) - libreoffice 1:6.4.3-1 (low) + [buster] - libreoffice <no-dsa> (Minor issue) + [stretch] - libreoffice <no-dsa> (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 CVE-2020-12800 RESERVED @@ -1756,7 +1762,8 @@ CVE-2020-12431 RESERVED CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) [experimental] - libvirt 6.2.0-1 - - libvirt <unfixed> (bug #959447) + - libvirt <unfixed> (low; bug #959447) + [buster] - libvirt <no-dsa> (Minor issue) [stretch] - libvirt <not-affected> (Vulnerable code introduced later) [jessie] - libvirt <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) @@ -2202,6 +2209,8 @@ CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) - jbig2dec 0.18-1 + [buster] - jbig2dec <no-dsa> (Minor issue) + [stretch] - jbig2dec <no-dsa> (Minor issue) [jessie] - jbig2dec <no-dsa> (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e @@ -3708,12 +3717,16 @@ CVE-2020-11867 RESERVED CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...) - libemf 1.0.12-1 + [buster] - libemf <no-dsa> (Minor issue) CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...) - libemf 1.0.12-1 + [buster] - libemf <no-dsa> (Minor issue) CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 + [buster] - libemf <no-dsa> (Minor issue) CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 + [buster] - libemf <no-dsa> (Minor issue) CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...) NOT-FOR-US: LG mobile devices CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) @@ -8623,6 +8636,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - libusrsctp 0.9.3.0+20200312-1 (bug #953270) + [buster] - libusrsctp <no-dsa> (Minor issue) - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 @@ -18246,7 +18260,9 @@ CVE-2020-6098 CVE-2020-6097 RESERVED CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - - glibc <unfixed> + - glibc <unfixed> (low) + [buster] - glibc <no-dsa> (Minor issue) + [stretch] - glibc <no-dsa> (Minor issue) [jessie] - glibc <not-affected> (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 @@ -20160,6 +20176,8 @@ CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their NOT-FOR-US: PrestaShop CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...) - puma 3.12.4-1 (bug #953122) + [buster] - puma <no-dsa> (Minor issue) + [stretch] - puma <no-dsa> (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...) @@ -20169,6 +20187,8 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...) - puma 3.12.4-1 (bug #952766) + [buster] - puma <no-dsa> (Minor issue) + [stretch] - puma <no-dsa> (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) ===================================== data/dsa-needed.txt ===================================== @@ -14,10 +14,14 @@ If needed, specify the release by adding a slash after the name of the source pa -- chromium -- +dovecot/stable +-- jruby/oldstable -- libopenmpt -- +knot-resolver/stable +-- linux (carnil) Wait until more issues have piled up -- @@ -28,6 +32,10 @@ nss/oldstable (jmm) -- pdns-recursor (jmm) -- +php7.0/oldstable +-- +php7.3/stable +-- poppler (jmm) -- squid3/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b41643bccb5c7a78c7f2fae6d8ef2888fa12597 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b41643bccb5c7a78c7f2fae6d8ef2888fa12597 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits