Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a6ef9a8 by security tracker role at 2020-07-27T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3
communicati ...)
+ TODO: check
+CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3
and other ...)
+ TODO: check
+CVE-2020-15952
+ RESERVED
+CVE-2020-15951
+ RESERVED
+CVE-2020-15950
+ RESERVED
+CVE-2020-15949
+ RESERVED
+CVE-2020-15948
+ RESERVED
CVE-2020-XXXX [RUSTSEC-2020-0026]
- rust-linked-hash-map <unfixed> (bug #966246)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html
@@ -904,6 +918,7 @@ CVE-2020-15571
CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through
0.2.69 m ...)
NOT-FOR-US: Whoopsie
CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a
use-after-free ...)
+ {DLA-2292-1}
- milkytracker <unfixed> (bug #964797)
[buster] - milkytracker <no-dsa> (Minor issue)
NOTE:
https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
@@ -5044,7 +5059,7 @@ CVE-2020-13906 (IrfanView 4.54 allows a user-mode write
access violation startin
CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
NOT-FOR-US: IrfanView
CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF
duration in an ...)
- {DSA-4722-1}
+ {DSA-4722-1 DLA-2291-1}
- ffmpeg <unfixed>
NOTE:
https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
@@ -26944,8 +26959,8 @@ CVE-2020-5613
RESERVED
CVE-2020-5612
RESERVED
-CVE-2020-5611
- RESERVED
+CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social
Sharing Plug ...)
+ TODO: check
CVE-2020-5610
RESERVED
CVE-2020-5609
@@ -46358,7 +46373,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based
buffer overflow in LZ4_write32
NOTE: https://github.com/lz4/lz4/pull/756
NOTE: https://github.com/lz4/lz4/pull/760
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in
vqa_decode_chunk ...)
- {DSA-4722-1 DLA-2021-1}
+ {DSA-4722-1 DLA-2291-1 DLA-2021-1}
- ffmpeg 7:4.2.1-1
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
- libav <removed>
@@ -55608,14 +55623,14 @@ CVE-2019-14498 (A divide-by-zero error exists in the
Control function of demux/c
[jessie] - vlc <end-of-life>
(https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in
MilkyTr ...)
- {DLA-1961-1}
+ {DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
[buster] - milkytracker <no-dsa> (Minor issue)
[stretch] - milkytracker <no-dsa> (Minor issue)
NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
NOTE:
https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker
1.02.00 ha ...)
- {DLA-1961-1}
+ {DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
[buster] - milkytracker <no-dsa> (Minor issue)
[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -55733,7 +55748,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in
Schism Tracker 20190722 has a
NOTE: https://github.com/schismtracker/schismtracker/issues/198
NOTE:
https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker
1.02.00 has a ...)
- {DLA-1961-1}
+ {DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
[buster] - milkytracker <no-dsa> (Minor issue)
[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -60247,7 +60262,7 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16,
ComplexImages in MagickCore/fourier
NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
NOTE: which seems to be the actual patch for this issue.
CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at
adx_write_trailer in l ...)
- {DSA-4722-1}
+ {DSA-4722-1 DLA-2291-1}
- ffmpeg 7:4.2.1-1 (low; bug #932535)
[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x
branch)
NOTE: https://trac.ffmpeg.org/ticket/7979
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6ef9a8bbcd4f910d78e38d009f3c2c3f332d7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6ef9a8bbcd4f910d78e38d009f3c2c3f332d7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
