Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2ef64054 by Moritz Muehlenhoff at 2020-06-09T11:45:10+02:00
new QT, libreoffice, VLC issues
pam-tacplus no-dsa
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,7 +20,13 @@ CVE-2020-13966
CVE-2020-13963
RESERVED
CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of
Mumble 1.3.0 ...)
- TODO: check
+ - qtbase-opensource-src <unfixed>
+ [buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2
and later)
+ [stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.2
and later)
+ [jessie] - qtbase-opensource-src <not-affected> (Only affects 5.12.2
and later)
+ NOTE: https://bugreports.qt.io/browse/QTBUG-83450
+ NOTE: https://github.com/mumble-voip/mumble/issues/3679
+ NOTE: https://github.com/mumble-voip/mumble/pull/4032
CVE-2020-13961
RESERVED
CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04
devices have t ...)
@@ -126,7 +132,7 @@ CVE-2020-13911
CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds
read in nf ...)
NOT-FOR-US: Pengutronix Barebox
CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals,
_get, _ ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2020-13908
RESERVED
CVE-2020-13907
@@ -187,7 +193,9 @@ CVE-2020-13882
RESERVED
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+
shared se ...)
{DLA-2239-1}
- - libpam-tacplus <unfixed>
+ - libpam-tacplus <unfixed> (low)
+ [buster] - libpam-tacplus <no-dsa> (Minor issue)
+ [stretch] - libpam-tacplus <no-dsa> (Minor issue)
NOTE:
https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
NOTE: https://github.com/kravietz/pam_tacplus/issues/149
CVE-2020-13880
@@ -1287,7 +1295,7 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer
overflow in sqlite3_str_vap
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the
editPlayer.php h ...)
NOT-FOR-US: Jason2605 AdminPanel
CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when
virtual file ...)
- TODO: check
+ NOT-FOR-US: Rejetto HTTP File Server
CVE-2020-13431
RESERVED
CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB
datasource. ...)
@@ -1296,7 +1304,9 @@ CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS
via the OpenTSDB datas
CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin
before 1. ...)
NOT-FOR-US: piechart-panel plugin for Grafana
CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC
function in mod ...)
- TODO: check
+ - vlc <unfixed>
+ NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
+ NOTE:
http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
CVE-2020-13427
RESERVED
CVE-2020-13426
@@ -2707,9 +2717,11 @@ CVE-2020-12805
CVE-2020-12804
RESERVED
CVE-2020-12803 (ODF documents can contain forms to be filled out by the user.
Similar ...)
- TODO: check
+ - libreoffice 1:6.4.4-1 (low)
+ NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803
CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from
location ...)
- TODO: check
+ - libreoffice 1:6.4.4-1 (low)
+ NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes,
that docume ...)
- libreoffice 1:6.4.3-1 (low)
[buster] - libreoffice <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef6405486bc8da4e908b5aab27ec18a66c3c6e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef6405486bc8da4e908b5aab27ec18a66c3c6e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
