[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 19 Jul 2020 13:11:02 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eb6e401a by security tracker role at 2020-07-19T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4060,6 +4060,7 @@ CVE-2020-14148 (The Server-Server protocol implementation 
in ngIRCd before 26~rc
        NOTE: https://github.com/ngircd/ngircd/pull/276
        NOTE: 
https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
 CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in 
Redis be ...)
+       {DSA-4731-1}
        - redis 5:6.0.0-1
        [stretch] - redis <not-affected> (Vulnerable code reintroduced later)
        [jessie] - redis <not-affected> (Vulnerable code reintroduced later)
@@ -5289,6 +5290,7 @@ CVE-2020-13703
 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance 
Compound Price ...)
        NOT-FOR-US: Compound Finance Compound Price Oracle
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger 
an out-of ...)
+       {DSA-4728-1}
        - qemu 1:5.0-6
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the 
Apple/Goog ...)
@@ -5395,6 +5397,7 @@ CVE-2020-13661
 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File 
Picker pr ...)
        NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL 
pointer d ...)
+       {DSA-4728-1}
        - qemu 1:5.0-6
        [stretch] - qemu <postponed> (Minor issue)
        NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
@@ -6072,11 +6075,11 @@ CVE-2020-13364
 CVE-2020-13363
        RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in 
hw/scsi/megasas.c h ...)
-       {DLA-2262-1}
+       {DSA-4728-1 DLA-2262-1}
        - qemu 1:5.0-6 (bug #961887)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in 
hw/audio/es1370.c  ...)
-       {DLA-2262-1}
+       {DSA-4728-1 DLA-2262-1}
        - qemu 1:5.0-6 (bug #961888)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There 
is a NUL ...)
@@ -14063,6 +14066,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in 
versions after 4.5-rc1 i
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP 
networking  ...)
+       {DSA-4728-1}
        - libslirp 4.3.1-1
        - qemu 1:4.1-2
        [stretch] - qemu <postponed> (Minor issue)
@@ -30368,6 +30372,7 @@ CVE-2020-4056
 CVE-2020-4055
        RESERVED
 CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 
and less ...)
+       {DSA-4730-1}
        - ruby-sanitize 4.6.6-2.1 (bug #963808)
        [stretch] - ruby-sanitize <not-affected> (Vulnerable code introduced 
later)
        [jessie] - ruby-sanitize <not-affected> (Vulnerable code introduced 
later)
@@ -47047,6 +47052,7 @@ CVE-2019-17115 (Multiple cross-site scripting (XSS) 
vulnerabilities in WiKID 2FA
 CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) 
vulnerability in WiK ...)
        NOT-FOR-US: WiKID 2FA Enterprise Server
 CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, 
ModPlug_Instrument ...)
+       {DSA-4729-1}
        - libopenmpt 0.4.9-1
        NOTE: 
https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
        NOTE: 
https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
@@ -56130,6 +56136,7 @@ CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash 
due to a NULL pointer der
        [stretch] - libopenmpt <not-affected> (Vulnerable code not present in 
0.2.x series)
        NOTE: 
https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/
 CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to 
an out-o ...)
+       {DSA-4729-1}
        - libopenmpt 0.4.5-1 (low)
        [stretch] - libopenmpt <not-affected> (Vulnerable code not present in 
0.2 branch)
        NOTE: 
https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to