Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73cbb8c7 by security tracker role at 2020-07-09T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1249,10 +1249,10 @@ CVE-2020-15075
RESERVED
CVE-2020-15074
RESERVED
-CVE-2020-15073
- RESERVED
-CVE-2020-15072
- RESERVED
+CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS
vulnerability ...)
+ TODO: check
+CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An
error-based SQL I ...)
+ TODO: check
CVE-2020-15071
RESERVED
CVE-2020-15070
@@ -2523,7 +2523,7 @@ CVE-2020-14474 (The Cellebrite UFED physical device 5.0
through 7.5.0.845 relies
NOT-FOR-US: Cellebrite
CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900,
Vigor2960, and ...)
NOT-FOR-US: DrayTek
-CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware
before 1.5.1 ...)
+CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before
1.5.1.1 ...)
NOT-FOR-US: DrayTek
CVE-2020-14471
RESERVED
@@ -4195,6 +4195,7 @@ CVE-2020-13906 (IrfanView 4.54 allows a user-mode write
access violation startin
CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
NOT-FOR-US: IrfanView
CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF
duration in an ...)
+ {DSA-4722-1}
- ffmpeg <unfixed>
NOTE:
https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
@@ -8228,6 +8229,7 @@ CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and
2020 before 2020.1.12, th
CVE-2020-12285
RESERVED
CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg
4.2.2 has a ...)
+ {DSA-4722-1}
- ffmpeg 7:4.2.3-1
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
@@ -22357,7 +22359,7 @@ CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29,
7.3.x below 7.3.16 and 7.4.x
NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
NOTE: PHP Bug: https://bugs.php.net/79329
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
-CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34,
while using ...)
+CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while
using ...)
{DSA-4719-1}
- php7.4 7.4.5-1
- php7.3 <removed>
@@ -25197,8 +25199,8 @@ CVE-2020-5976
RESERVED
CVE-2020-5975
RESERVED
-CVE-2020-5974
- RESERVED
+CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a
vulnerability in i ...)
+ TODO: check
CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a
vulnerabili ...)
NOT-FOR-US: NVIDIA Virtual GPU Manager
CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU
plugin ...)
@@ -25969,8 +25971,8 @@ CVE-2020-5606
RESERVED
CVE-2020-5605
RESERVED
-CVE-2020-5604
- RESERVED
+CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0
allows a ...)
+ TODO: check
CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi
Electori ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module
Logging Confi ...)
@@ -45341,7 +45343,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based
buffer overflow in LZ4_write32
NOTE: https://github.com/lz4/lz4/pull/756
NOTE: https://github.com/lz4/lz4/pull/760
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in
vqa_decode_chunk ...)
- {DLA-2021-1}
+ {DSA-4722-1 DLA-2021-1}
- ffmpeg 7:4.2.1-1
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
- libav <removed>
@@ -45369,6 +45371,7 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a
heap-based buffer overflow in
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c
allows a NUL ...)
+ {DSA-4722-1}
- ffmpeg 7:4.2.1-1 (low)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
- libav <removed> (low)
@@ -59206,6 +59209,7 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16,
ComplexImages in MagickCore/fourier
NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
NOTE: which seems to be the actual patch for this issue.
CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at
adx_write_trailer in l ...)
+ {DSA-4722-1}
- ffmpeg 7:4.2.1-1 (low; bug #932535)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
NOTE: https://trac.ffmpeg.org/ticket/7979
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73cbb8c76ed00afa6d546e927624e330522f1a96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73cbb8c76ed00afa6d546e927624e330522f1a96
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
