Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfddf435 by Moritz Muehlenhoff at 2020-06-26T21:47:23+02:00
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3143,6 +3143,7 @@ CVE-2020-14000
RESERVED
CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234
Metafile Libr ...)
- libemf <unfixed>
+ [buster] - libemf <no-dsa> (Minor issue)
NOTE: Fixed upstream in 1.0.13
CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5,
when 2FA ...)
NOT-FOR-US: Citrix
@@ -3448,7 +3449,9 @@ CVE-2020-13869 (An issue was discovered in the Comments
plugin before 1.5.6 for
CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5
for Craft ...)
NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions
for /etc/t ...)
- - targetcli-fb <unfixed> (bug #962331)
+ - targetcli-fb <unfixed> (low; bug #962331)
+ [buster] - targetcli-fb <no-dsa> (Minor issue)
+ [stretch] - targetcli-fb <no-dsa> (Minor issue)
NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172
CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the
installation dire ...)
NOT-FOR-US: WinGate
@@ -11311,7 +11314,9 @@ CVE-2016-11023 (odata4j 0.7.0 allows
ExecuteCountQueryCommand.java SQL injection
NOT-FOR-US: odata4j
CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds
read in lic ...)
- freerdp2 <unfixed>
+ [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read
in glyp ...)
- freerdp2 <unfixed>
@@ -12625,7 +12630,9 @@ CVE-2020-10756 [slirp: networking out-of-bounds read
information disclosure vuln
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that
version as fixed.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder
version ...)
- - cinder <unfixed>
+ - cinder 2:16.1.0-1 (low)
+ [buster] - cinder <no-dsa> (Minor issue)
+ [stretch] - cinder <no-dsa> (Minor issue)
[jessie] - cinder <end-of-life> (OpenStack component, not supported in
jessie LTS)
NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfddf435b465c2e7f9136cfe8424bc1dc8db53ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfddf435b465c2e7f9136cfe8424bc1dc8db53ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
