[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Mon, 03 Aug 2020 08:09:46 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a0d3a9a by Moritz Muehlenhoff at 2020-08-03T17:09:04+02:00
buster triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -801,8 +801,9 @@ CVE-2020-15891
        RESERVED
 CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because 
__gc hand ...)
        {DLA-2296-1}
-       - luajit <unfixed> (bug #966148)
+       - luajit <unfixed> (unimportant; bug #966148)
        NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
+       NOTE: No security impact, only "exploitable" with untrusted Lua code
 CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read 
because ...)
        - lua5.4 5.4.0-2
        - lua5.3 <undetermined>
@@ -9582,12 +9583,14 @@ CVE-2020-12402 (During RSA key generation, bignum 
implementations used a variati
 CVE-2020-12401 [ECDSA timing attack mitigation bypass]
        RESERVED
        - nss 2:3.55-1
+       [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
 CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable 
modular inversion function]
        RESERVED
        - nss 2:3.55-1
+       [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
@@ -20020,6 +20023,7 @@ CVE-2017-18641 (In LXC 2.0, many template scripts 
download code over cleartext H
        NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template.
 CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to 
execute a ...)
        - cacti 1.2.10+ds1-1 (bug #951832)
+       [buster] - cacti <no-dsa> (Minor issue)
        [stretch] - cacti <not-affected> (Vulnerable code not present)
        [jessie] - cacti <not-affected> (Vulnerable code not present)
        NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
@@ -24746,6 +24750,7 @@ CVE-2020-6830 (For native-to-JS bridging, the app 
requires a unique token to be
 CVE-2020-6829 [Side channel attack on ECDSA signature generation]
        RESERVED
        - nss 2:3.55-1
+       [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
        NOTE: 
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0d3a9a2e4f7c1c2602bfaf4c98507e455524a1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0d3a9a2e4f7c1c2602bfaf4c98507e455524a1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to