oldstable)

Moritz Muehlenhoff Wed, 27 May 2020 04:17:24 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fc292439 by Moritz Muehlenhoff at 2020-05-27T13:15:47+02:00
new vlc issue (already fixed in stable/oldstable)
firefox n/a
NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2020-13617
 CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 
lacks TLS ...)
        NOT-FOR-US: pichi
 CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname 
verification  ...)
-       TODO: check
+       NOT-FOR-US: Qore
 CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The 
TLS implem ...)
        - axel 2.17.8-1
        NOTE: https://github.com/axel-download-accelerator/axel/issues/262
@@ -780,6 +780,7 @@ CVE-2020-13253 [sd: OOB access could crash the guest 
resulting in DoS]
        [buster] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
        [stretch] - qemu <postponed> (Minor issue, can be fixed along in next 
DSA)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
+       NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2
 CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute 
arbitrary  ...)
        - centreon-web <itp> (bug #913903)
 CVE-2020-13251
@@ -12143,7 +12144,7 @@ CVE-2020-9048
 CVE-2020-9047
        RESERVED
 CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions 
could po ...)
-       TODO: check
+       NOT-FOR-US: Kantech
 CVE-2020-9045 (During installation or upgrade to Software House C&#8226;CURE 
9000 v2. ...)
        NOT-FOR-US: Software House
 CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web 
Services ...)
@@ -15458,9 +15459,9 @@ CVE-2020-7649
 CVE-2020-7648
        RESERVED
 CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 
inclusive and b ...)
-       TODO: check
+       NOT-FOR-US: jooby
 CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary 
commands.It is ...)
-       TODO: check
+       NOT-FOR-US: Noed curlrequest
 CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary 
commands, ...)
        NOT-FOR-US: Node chrome-launcher
 CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The 
functi ...)
@@ -17354,7 +17355,7 @@ CVE-2020-6831 (A buffer overflow could occur when 
parsing and validating SCTP ch
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
 CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to 
be passe ...)
-       TODO: check
+       - firefox <not-affected> (Firefox on iOS)
 CVE-2020-6829
        RESERVED
 CVE-2020-6828 (A malicious Android application could craft an Intent that 
would have  ...)
@@ -27231,7 +27232,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker 
can crash a push-notifica
        NOTE: 
https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b
        NOTE: 
https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432
 CVE-2019-19721 (An off-by-one error in the DecodeBlock function in 
codec/sdl_image.c i ...)
-       TODO: check
+       - vlc 3.0.10-1
+       NOTE: 
https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b
 CVE-2020-3109
        RESERVED
 CVE-2020-3108


=====================================
data/DSA/list
=====================================
@@ -83,7 +83,7 @@
        {CVE-2019-17559 CVE-2019-17565 CVE-2020-1944 CVE-2020-9481}
        [buster] - trafficserver 8.0.2+ds-1+deb10u2
 [30 Apr 2020] DSA-4671-1 vlc - security update
-       {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 
CVE-2020-6079 CVE-2020-6080}
+       {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 
CVE-2020-6079 CVE-2020-6080 CVE-2019-19721}
        [stretch] - vlc 3.0.10-0+deb9u1
        [buster] - vlc 3.0.10-0+deb10u1
 [29 Apr 2020] DSA-4670-1 tiff - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc29243967706f55c33512049b7b5de98c478d5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc29243967706f55c33512049b7b5de98c478d5e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new vlc issue (already fixed in stable/oldstable)

Reply via email to