Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 90b2e2a2 by security tracker role at 2020-06-30T08:10:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,55 @@ +CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...) + TODO: check +CVE-2020-15392 + RESERVED +CVE-2020-15391 + RESERVED +CVE-2020-15390 + RESERVED +CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) + TODO: check +CVE-2020-15388 + RESERVED +CVE-2020-15387 + RESERVED +CVE-2020-15386 + RESERVED +CVE-2020-15385 + RESERVED +CVE-2020-15384 + RESERVED +CVE-2020-15383 + RESERVED +CVE-2020-15382 + RESERVED +CVE-2020-15381 + RESERVED +CVE-2020-15380 + RESERVED +CVE-2020-15379 + RESERVED +CVE-2020-15378 + RESERVED +CVE-2020-15377 + RESERVED +CVE-2020-15376 + RESERVED +CVE-2020-15375 + RESERVED +CVE-2020-15374 + RESERVED +CVE-2020-15373 + RESERVED +CVE-2020-15372 + RESERVED +CVE-2020-15371 + RESERVED +CVE-2020-15370 + RESERVED +CVE-2020-15369 + RESERVED +CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...) + TODO: check CVE-2020-15367 RESERVED CVE-2020-15366 @@ -3937,6 +3989,7 @@ CVE-2020-13767 CVE-2020-13766 RESERVED CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...) + {DLA-2262-1} - qemu 1:4.2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319 @@ -4180,7 +4233,7 @@ CVE-2020-13664 NOTE: https://www.drupal.org/sa-core-2020-005 CVE-2020-13663 [Drupal SA 2020-004] RESERVED - {DSA-4706-1} + {DSA-4706-1 DLA-2263-1} - drupal7 <removed> NOTE: https://www.drupal.org/sa-core-2020-004 NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006 @@ -4864,9 +4917,11 @@ CVE-2020-13364 CVE-2020-13363 RESERVED CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) + {DLA-2262-1} - qemu <unfixed> (bug #961887) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...) + {DLA-2262-1} - qemu <unfixed> (bug #961888) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...) @@ -19611,10 +19666,10 @@ CVE-2019-20418 RESERVED CVE-2019-20417 RESERVED -CVE-2019-20416 - RESERVED -CVE-2019-20415 - RESERVED +CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + TODO: check +CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...) + TODO: check CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) TODO: check CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) @@ -28850,8 +28905,7 @@ CVE-2020-4069 RESERVED CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...) TODO: check -CVE-2020-4067 [STUN response buffer not initialized properly] - RESERVED +CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN ...) {DSA-4711-1} - coturn 4.5.1.3-1 NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm @@ -28908,8 +28962,8 @@ CVE-2020-4039 RESERVED CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...) TODO: check -CVE-2020-4037 - RESERVED +CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users ...) + TODO: check CVE-2020-4036 RESERVED CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...) @@ -34866,7 +34920,7 @@ CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...) - {DSA-4665-1} + {DSA-4665-1 DLA-2262-1} - qemu 1:4.1-2 - qemu-kvm <removed> - libslirp 4.2.0-2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2e2a2a70735f42dae873b1b1960cca43bca1f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2e2a2a70735f42dae873b1b1960cca43bca1f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits