[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 25 Jul 2020 13:10:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
594753c3 by security tracker role at 2020-07-25T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182,6 +182,7 @@ CVE-2020-15864
        RESERVED
 CVE-2020-15863 [stack-based overflow in  xgmac_enet_send() in hw/net/xgmac.c]
        RESERVED
+       {DLA-2288-1}
        - qemu 1:5.0-12
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
@@ -5458,7 +5459,7 @@ CVE-2020-13767
 CVE-2020-13766
        RESERVED
 CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate 
the rel ...)
-       {DSA-4728-1 DLA-2262-1}
+       {DSA-4728-1 DLA-2288-1 DLA-2262-1}
        - qemu 1:4.2-1
        NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
@@ -5611,7 +5612,7 @@ CVE-2020-13703
 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance 
Compound Price ...)
        NOT-FOR-US: Compound Finance Compound Price Oracle
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger 
an out-of ...)
-       {DSA-4728-1}
+       {DSA-4728-1 DLA-2288-1}
        - qemu 1:5.0-6
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the 
Apple/Goog ...)
@@ -5718,7 +5719,7 @@ CVE-2020-13661
 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File 
Picker pr ...)
        NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL 
pointer d ...)
-       {DSA-4728-1}
+       {DSA-4728-1 DLA-2288-1}
        - qemu 1:5.0-6
        NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
@@ -6396,11 +6397,11 @@ CVE-2020-13364
 CVE-2020-13363
        RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in 
hw/scsi/megasas.c h ...)
-       {DSA-4728-1 DLA-2262-1}
+       {DSA-4728-1 DLA-2288-1 DLA-2262-1}
        - qemu 1:5.0-6 (bug #961887)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in 
hw/audio/es1370.c  ...)
-       {DSA-4728-1 DLA-2262-1}
+       {DSA-4728-1 DLA-2288-1 DLA-2262-1}
        - qemu 1:5.0-6 (bug #961888)
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There 
is a NUL ...)
@@ -14402,7 +14403,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in 
versions after 4.5-rc1 i
        [jessie] - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP 
networking  ...)
-       {DSA-4728-1}
+       {DSA-4728-1 DLA-2288-1}
        - libslirp 4.3.1-1
        - qemu 1:4.1-2
        - slirp4netns 1.0.1-1
@@ -19620,7 +19621,7 @@ CVE-2020-8610
 CVE-2020-8609
        RESERVED
 CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses 
snprintf  ...)
-       {DSA-4733-1 DLA-2144-1 DLA-2142-1}
+       {DSA-4733-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
        - libslirp 4.2.0-1
        - qemu 1:4.1-2
        - qemu-kvm <removed>
@@ -21877,20 +21878,20 @@ CVE-2020-7689 (Data is truncated wrong when its 
length is greater than 255 bytes
        NOT-FOR-US: Node bcrypt
 CVE-2020-7688 (The issue occurs because tagName user input is formatted inside 
the ex ...)
        NOT-FOR-US: Node mversion
-CVE-2020-7687
-       RESERVED
-CVE-2020-7686
-       RESERVED
+CVE-2020-7687 (This affects all versions of package fast-http. There is no 
path sanit ...)
+       TODO: check
+CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. 
There i ...)
+       TODO: check
 CVE-2020-7685
        RESERVED
 CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There 
is no  ...)
        TODO: check
-CVE-2020-7683
-       RESERVED
-CVE-2020-7682
-       RESERVED
-CVE-2020-7681
-       RESERVED
+CVE-2020-7683 (This affects all versions of package rollup-plugin-server. 
There is no ...)
+       TODO: check
+CVE-2020-7682 (This affects all versions of package marked-tree. There is no 
path san ...)
+       TODO: check
+CVE-2020-7681 (This affects all versions of package marscode. There is no path 
saniti ...)
+       TODO: check
 CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting 
(XSS).  ...)
        TODO: check
 CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility 
function ...)
@@ -22857,7 +22858,7 @@ CVE-2019-20384 (Gentoo Portage through 2.3.84 allows 
local users to place a Troj
 CVE-2019-20383
        RESERVED
 CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in 
ui/vnc-enc-zrle. ...)
-       {DSA-4665-1}
+       {DSA-4665-1 DLA-2288-1}
        - qemu 1:4.2-1
        [jessie] - qemu <postponed> (Minor, can be fixed along in future DLA)
        - qemu-kvm <removed>
@@ -36691,7 +36692,7 @@ CVE-2020-1985 (Incorrect Default Permissions on 
C:\Programdata\Secdo\Logs folder
 CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, 
which  ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of 
libslirp ...)
-       {DSA-4665-1 DLA-2262-1}
+       {DSA-4665-1 DLA-2288-1 DLA-2262-1}
        - qemu 1:4.1-2
        - qemu-kvm <removed>
        - libslirp 4.2.0-2
@@ -63887,7 +63888,7 @@ CVE-2019-12070
 CVE-2019-12069
        RESERVED
 CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 
1:3.1+dfsg ...)
-       {DSA-4665-1 DLA-1927-1}
+       {DSA-4665-1 DLA-2288-1 DLA-1927-1}
        - qemu 1:4.1-2 (low)
        - qemu-kvm <removed>
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
@@ -175705,7 +175706,7 @@ CVE-2017-9505 (Atlassian Confluence starting with 
4.3.0 before 6.2.1 did not che
 CVE-2017-9504
        REJECTED
 CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 
Host B ...)
-       {DLA-1497-1}
+       {DLA-2288-1 DLA-1497-1}
        - qemu 1:2.10.0-1 (low; bug #865754)
        [wheezy] - qemu <not-affected> (Vulnerable code not present)
        - qemu-kvm <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/594753c3b3c72b077c67a3bbac510b31c7d76725

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/594753c3b3c72b077c67a3bbac510b31c7d76725
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to