Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
42a4a8fb by Salvatore Bonaccorso at 2020-05-25T11:26:33+02:00
Reference upstream commits for the three ticket for CVE-2019-18823
The issue(s) are fixed in 8.8.8 and 8.9.6, so filter out the changes to
for the release notes and build fixes separately covered in the
comparision between 8.8.7 and 8.8.8.
- - - - -
ca3a79aa by Salvatore Bonaccorso at 2020-05-25T11:27:58+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in
bmp.c. ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in
jfif_de ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode
in jfif.c ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-13437
RESERVED
CVE-2020-13436
@@ -13,7 +13,7 @@ CVE-2020-13435 (SQLite through 3.32.0 has a segmentation
fault in sqlite3ExprCod
CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in
sqlite3_str_vappendf ...)
TODO: check
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the
editPlayer.php h ...)
- TODO: check
+ NOT-FOR-US: Jason2605 AdminPanel
CVE-2020-13432
RESERVED
CVE-2020-13431
@@ -32570,7 +32570,11 @@ CVE-2019-18823 (HTCondor up to and including stable
series 8.8.6 and development
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
NOTE:
https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
- NOTE: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8
+ NOTE:
https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14
+ NOTE:
https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129
+ NOTE:
https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d
+ NOTE:
https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716
+ NOTE:
https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b
CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording
6.3.1 allo ...)
NOT-FOR-US: ZOOM Call Recording
CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting
at ExiCu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2...ca3a79aa6d550b7165b5c030279c9cd5c52d6a40
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6a5cecd1e67e0ed3fbc99596f0fbe389125e94c2...ca3a79aa6d550b7165b5c030279c9cd5c52d6a40
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
