[Git][security-tracker-team/security-tracker][master] 3 commits: Add new GRUB2 issues

Wed, 29 Jul 2020 10:05:15 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bba4198d by Salvatore Bonaccorso at 2020-07-29T18:03:53+02:00
Add new GRUB2 issues

- - - - -
d69e0ef8 by Salvatore Bonaccorso at 2020-07-29T18:08:57+02:00
Reserve DSA number for grub2 update

- - - - -
257a156b by Salvatore Bonaccorso at 2020-07-29T18:37:52+02:00
Demote CVE-2020-15705 to unimportant

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -920,10 +920,14 @@ CVE-2020-15708
        RESERVED
 CVE-2020-15707
        RESERVED
+       - grub2 <unfixed>
 CVE-2020-15706
        RESERVED
+       - grub2 <unfixed>
 CVE-2020-15705
        RESERVED
+       - grub2 <unfixed> (unimportant)
+       NOTE: Issue does not affect standard SB Debian setup.
 CVE-2020-15704
        RESERVED
 CVE-2020-15703
@@ -4409,12 +4413,16 @@ CVE-2020-14312
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
 CVE-2020-14311
        RESERVED
+       - grub2 <unfixed>
 CVE-2020-14310
        RESERVED
+       - grub2 <unfixed>
 CVE-2020-14309
        RESERVED
+       - grub2 <unfixed>
 CVE-2020-14308
        RESERVED
+       - grub2 <unfixed>
 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans 
(EJB) ver ...)
        - wildfly <itp> (bug #752018)
 CVE-2020-14306
@@ -15008,6 +15016,8 @@ CVE-2020-10714
        NOT-FOR-US: WildFly Elytron
 CVE-2020-10713
        RESERVED
+       - grub2 <unfixed>
+       NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
 CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 
and later ...)
        NOT-FOR-US: image registry operator in OpenShift Container Platform
 CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux 
kernel's SELinu ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Jul 2020] DSA-4735-1 grub2 - security update
+       {CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 
CVE-2020-14311 CVE-2020-15706 CVE-2020-15707}
+       [buster] - grub2 2.02+dfsg1-20+deb10u1
 [26 Jul 2020] DSA-4734-1 openjdk-11 - security update
        {CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 
CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 
CVE-2020-14621}
        [buster] - openjdk-11 11.0.8+10-1~deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430b76f50c00ff468d7b961ef756101253349360...257a156b1eeead4dd658ccfbf3d97026e57f50fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430b76f50c00ff468d7b961ef756101253349360...257a156b1eeead4dd658ccfbf3d97026e57f50fa
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to