Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5582d01f by Moritz Muehlenhoff at 2020-07-15T11:14:09+02:00
new ansible, google-oauth-client-java, golang issues
Red Hat NFUs, concludes external check
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -417,6 +417,9 @@ CVE-2020-15587
RESERVED
CVE-2020-15586
RESERVED
+ - golang-1.14 <unfixed>
+ - golang-1.11 <removed>
+ NOTE:
https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ
CVE-2020-15585
RESERVED
CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0)
softwar ...)
@@ -3438,12 +3441,17 @@ CVE-2020-14331
RESERVED
CVE-2020-14330
RESERVED
+ - ansible <unfixed>
+ NOTE: https://github.com/ansible/ansible/issues/68400
CVE-2020-14329
RESERVED
+ NOT-FOR-US: Ansible Tower
CVE-2020-14328
RESERVED
+ NOT-FOR-US: Ansible Tower
CVE-2020-14327
RESERVED
+ NOT-FOR-US: Ansible Tower
CVE-2020-14326
RESERVED
- resteasy <undetermined>
@@ -4166,6 +4174,10 @@ CVE-2020-14040 (The x/text package before 0.3.3 for Go
has a vulnerability in en
NOTE:
https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
CVE-2020-14039
RESERVED
+ - golang-1.14 <not-affected> (Windows-specific)
+ - golang-1.11 <not-affected> (Windows-specific)
+ NOTE:
https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ
+ TODO: check older versions than golang-1.11
CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public
posts]
- wordpress 5.4.2+dfsg1-1 (bug #962685)
[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
@@ -21324,7 +21336,10 @@ CVE-2020-7694
CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket
leads in ...)
TODO: check
CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for
OAuth 2 ...)
- TODO: check
+ - google-oauth-client-java <unfixed>
+ NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
+ NOTE: https://github.com/googleapis/google-oauth-java-client/issues/469
+ NOTE:
https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824
CVE-2020-7691 (In all versions of the package jspdf, it is possible to use
<<sc ...)
TODO: check
CVE-2020-7690 (In all versions of package jspdf, it is possible to inject
JavaScript ...)
@@ -40369,7 +40384,7 @@ CVE-2020-1149 (An elevation of privilege vulnerability
exists when the Windows R
CVE-2020-1148 (A spoofing vulnerability exists when Microsoft SharePoint
Server does ...)
NOT-FOR-US: Microsoft
CVE-2020-1147 (A remote code execution vulnerability exists in .NET Framework,
Micros ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET
CVE-2020-1146
RESERVED
CVE-2020-1145 (An information disclosure vulnerability exists in the way that
the Win ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5582d01fcdcba1b86be908725d090247282e3f0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5582d01fcdcba1b86be908725d090247282e3f0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
