Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7f5e2ed0 by Moritz Muehlenhoff at 2020-07-02T22:14:07+02:00
NFU
one IM fixup in CVE list
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -977,7 +977,7 @@ CVE-2020-15048
CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores
certificate-verification er ...)
- trojita <itp> (bug #795701)
CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for
Node.js ...)
- TODO: check
+ NOT-FOR-US: Node traceroute
CVE-2018-21267
RESERVED
CVE-2018-21266
@@ -14490,7 +14490,8 @@ CVE-2020-10253
CVE-2020-10252
RESERVED
CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability
exists withi ...)
- - imagemagick <unfixed> (bug #953741)
+ - imagemagick <unfixed> (low; bug #953741)
+ [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <not-affected> (Vulnerable code introduced
later with HEIC image format support)
[jessie] - imagemagick <not-affected> (Vulnerable code introduced later
with HEIC image format support)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859
@@ -20332,7 +20333,7 @@ CVE-2020-7818
CVE-2020-7817
RESERVED
CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView
Indy, DaVa+ ...)
- TODO: check
+ NOT-FOR-US: DaView
CVE-2020-7815
RESERVED
CVE-2020-7814
@@ -20586,9 +20587,9 @@ CVE-2020-7691
CVE-2020-7690
RESERVED
CVE-2020-7689 (Data is truncated wrong when its length is greater than 255
bytes. ...)
- TODO: check
+ NOT-FOR-US: Node bcrypt
CVE-2020-7688 (The issue occurs because tagName user input is formatted inside
the ex ...)
- TODO: check
+ NOT-FOR-US: Node mversion
CVE-2020-7687
RESERVED
CVE-2020-7686
@@ -20606,7 +20607,7 @@ CVE-2020-7681
CVE-2020-7680
RESERVED
CVE-2020-7679 (The mergeObjects utility function is susceptible to Prototype
Pollutio ...)
- TODO: check
+ NOT-FOR-US: Node casperjs
CVE-2020-7678
RESERVED
CVE-2020-7677
@@ -20619,9 +20620,9 @@ CVE-2020-7676 (angular.js prior to 1.8.0 allows cross
site scripting. The regex-
NOTE: https://github.com/angular/angular.js/pull/17028
NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code
Execution. ...)
- TODO: check
+ NOT-FOR-US: Node cd-messenger
CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code
Execution. ...)
- TODO: check
+ NOT-FOR-US: Node access-policy
CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code
Execution. U ...)
TODO: check
CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution.
User inp ...)
@@ -59014,8 +59015,8 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory
leaks at AcquireMagickMemory
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in
MagickCor ...)
{DSA-4712-1}
- - imagemagick <unfixed> (bug #931447)
- [stretch] - imagemagick <postponed> (Needs further clarification on
patch)
+ - imagemagick <unfixed> (low; bug #931447)
+ [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear
patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
=====================================
data/DSA/list
=====================================
@@ -12,7 +12,7 @@
[stretch] - firefox-esr 68.10.0esr-1~deb9u1
[buster] - firefox-esr 68.10.0esr-1~deb10u1
[30 Jun 2020] DSA-4712-1 imagemagick - security update
- {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398
CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598
CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978
CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297
CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306
CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454
CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710
CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949}
+ {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398
CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598
CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978
CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297
CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306
CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454
CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710
CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-13391}
[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1
[29 Jun 2020] DSA-4711-1 coturn - security update
{CVE-2020-4067 CVE-2020-6061 CVE-2020-6062}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f5e2ed0fddc73403b6f6f665006727c6ed559cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f5e2ed0fddc73403b6f6f665006727c6ed559cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
