[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 30 Jun 2020 01:10:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
90b2e2a2 by security tracker role at 2020-06-30T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in 
drivers/usb/m ...)
+       TODO: check
+CVE-2020-15392
+       RESERVED
+CVE-2020-15391
+       RESERVED
+CVE-2020-15390
+       RESERVED
+CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a 
use-after-free th ...)
+       TODO: check
+CVE-2020-15388
+       RESERVED
+CVE-2020-15387
+       RESERVED
+CVE-2020-15386
+       RESERVED
+CVE-2020-15385
+       RESERVED
+CVE-2020-15384
+       RESERVED
+CVE-2020-15383
+       RESERVED
+CVE-2020-15382
+       RESERVED
+CVE-2020-15381
+       RESERVED
+CVE-2020-15380
+       RESERVED
+CVE-2020-15379
+       RESERVED
+CVE-2020-15378
+       RESERVED
+CVE-2020-15377
+       RESERVED
+CVE-2020-15376
+       RESERVED
+CVE-2020-15375
+       RESERVED
+CVE-2020-15374
+       RESERVED
+CVE-2020-15373
+       RESERVED
+CVE-2020-15372
+       RESERVED
+CVE-2020-15371
+       RESERVED
+CVE-2020-15370
+       RESERVED
+CVE-2020-15369
+       RESERVED
+CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly 
restrict acce ...)
+       TODO: check
 CVE-2020-15367
        RESERVED
 CVE-2020-15366
@@ -3937,6 +3989,7 @@ CVE-2020-13767
 CVE-2020-13766
        RESERVED
 CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate 
the rel ...)
+       {DLA-2262-1}
        - qemu 1:4.2-1
        NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
@@ -4180,7 +4233,7 @@ CVE-2020-13664
        NOTE: https://www.drupal.org/sa-core-2020-005
 CVE-2020-13663 [Drupal SA 2020-004]
        RESERVED
-       {DSA-4706-1}
+       {DSA-4706-1 DLA-2263-1}
        - drupal7 <removed>
        NOTE: https://www.drupal.org/sa-core-2020-004
        NOTE: 
https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006
@@ -4864,9 +4917,11 @@ CVE-2020-13364
 CVE-2020-13363
        RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in 
hw/scsi/megasas.c h ...)
+       {DLA-2262-1}
        - qemu <unfixed> (bug #961887)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in 
hw/audio/es1370.c  ...)
+       {DLA-2262-1}
        - qemu <unfixed> (bug #961888)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There 
is a NUL ...)
@@ -19611,10 +19666,10 @@ CVE-2019-20418
        RESERVED
 CVE-2019-20417
        RESERVED
-CVE-2019-20416
-       RESERVED
-CVE-2019-20415
-       RESERVED
+CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
+       TODO: check
+CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions 
allows remo ...)
+       TODO: check
 CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
        TODO: check
 CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
@@ -28850,8 +28905,7 @@ CVE-2020-4069
        RESERVED
 CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is 
likely to r ...)
        TODO: check
-CVE-2020-4067 [STUN response buffer not initialized properly]
-       RESERVED
+CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby 
STUN/TURN  ...)
        {DSA-4711-1}
        - coturn 4.5.1.3-1
        NOTE: 
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
@@ -28908,8 +28962,8 @@ CVE-2020-4039
        RESERVED
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before 
versio ...)
        TODO: check
-CVE-2020-4037
-       RESERVED
+CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, 
users  ...)
+       TODO: check
 CVE-2020-4036
        RESERVED
 CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before 
versions 0. ...)
@@ -34866,7 +34920,7 @@ CVE-2020-1985 (Incorrect Default Permissions on 
C:\Programdata\Secdo\Logs folder
 CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, 
which  ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of 
libslirp ...)
-       {DSA-4665-1}
+       {DSA-4665-1 DLA-2262-1}
        - qemu 1:4.1-2
        - qemu-kvm <removed>
        - libslirp 4.2.0-2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2e2a2a70735f42dae873b1b1960cca43bca1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2e2a2a70735f42dae873b1b1960cca43bca1f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to