Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa0982d1 by security tracker role at 2020-08-12T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the
databas ...)
+ TODO: check
+CVE-2020-17494
+ RESERVED
+CVE-2020-17493
+ RESERVED
+CVE-2020-17492
+ RESERVED
+CVE-2020-17491
+ RESERVED
+CVE-2020-17490
+ RESERVED
+CVE-2020-17489 (An issue was discovered in certain configurations of GNOME
gnome-shell ...)
+ TODO: check
+CVE-2020-17488
+ RESERVED
+CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files,
causing a s ...)
+ TODO: check
CVE-2020-17486
RESERVED
CVE-2020-17485
@@ -2652,8 +2670,8 @@ CVE-2020-16172
RESERVED
CVE-2020-16171
RESERVED
-CVE-2020-16170
- RESERVED
+CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has
hard-coded ...)
+ TODO: check
CVE-2020-16169 (Temi Robox OS 117.21 through 119.24 allows Authentication
Bypass via a ...)
NOT-FOR-US: Temi Robox OS
CVE-2020-16168 (Temi firmware 20190419.165201 does not properly verify that
the source ...)
@@ -2705,7 +2723,7 @@ CVE-2020-16146
RESERVED
CVE-2020-16145 [Fix cross-site scripting (XSS) via HTML messages with
malicious svg content]
RESERVED
- {DLA-2322-1}
+ {DSA-4744-1 DLA-2322-1}
- roundcube 1.4.8+dfsg.1-1 (bug #968216)
NOTE:
https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4
(1.4.8)
NOTE:
https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b
(1.3.15)
@@ -22330,10 +22348,10 @@ CVE-2020-8914
RESERVED
CVE-2020-8913
RESERVED
-CVE-2020-8912
- RESERVED
-CVE-2020-8911
- RESERVED
+CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the
AWS S3 Cr ...)
+ TODO: check
+CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK
for GoL ...)
+ TODO: check
CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library
versions ...)
NOT-FOR-US: Google Closure Library
CVE-2020-8909
@@ -26887,8 +26905,8 @@ CVE-2020-7031
RESERVED
CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered
in the ...)
NOT-FOR-US: IP Office
-CVE-2020-7029
- RESERVED
+CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was
discovered in th ...)
+ TODO: check
CVE-2020-7028
RESERVED
CVE-2020-7027
@@ -47719,20 +47737,15 @@ CVE-2020-0262
RESERVED
CVE-2020-0261
RESERVED
-CVE-2020-0260
- RESERVED
+CVE-2020-0260 (There is a possible out of bounds read due to an incorrect
bounds chec ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0259
- RESERVED
+CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a
possible way ...)
NOT-FOR-US: Android
-CVE-2020-0258
- RESERVED
+CVE-2020-0258 (In stopZygoteLocked of AppZygote.java, there is an insufficient
cleanu ...)
NOT-FOR-US: Android
-CVE-2020-0257
- RESERVED
+CVE-2020-0257 (In SpecializeCommon of com_android_internal_os_Zygote.cpp,
there is a ...)
NOT-FOR-US: Android
-CVE-2020-0256
- RESERVED
+CVE-2020-0256 (In LoadPartitionTable of gpt.cc, there is a possible out of
bounds wri ...)
NOT-FOR-US: Android
CVE-2020-0255
RESERVED
@@ -47743,29 +47756,21 @@ CVE-2020-0255
NOTE: https://android.googlesource.com/kernel/common/+/fb73974172ff
NOTE: https://source.android.com/security/bulletin/2020-08-01
NOTE: Duplicate of CVE-2020-10751
-CVE-2020-0254
- RESERVED
+CVE-2020-0254 (There is a possible out of bounds read due to an incorrect
bounds chec ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0253
- RESERVED
+CVE-2020-0253 (There is a possible memory corruption due to a use after
free.Product: ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0252
- RESERVED
+CVE-2020-0252 (There is a possible memory corruption due to a use after
free.Product: ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0251
- RESERVED
+CVE-2020-0251 (There is a possible out of bounds read due to an incorrect
bounds chec ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0250
- RESERVED
+CVE-2020-0250 (In requestCellInfoUpdateInternal of PhoneInterfaceManager.java,
there ...)
NOT-FOR-US: Android
-CVE-2020-0249
- RESERVED
+CVE-2020-0249 (In postInstantAppNotif of InstantAppNotifier.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2020-0248
- RESERVED
+CVE-2020-0248 (In postInstantAppNotif of InstantAppNotifier.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2020-0247
- RESERVED
+CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is
a poss ...)
NOT-FOR-US: Android
CVE-2020-0246
RESERVED
@@ -47773,23 +47778,17 @@ CVE-2020-0245
RESERVED
CVE-2020-0244
RESERVED
-CVE-2020-0243
- RESERVED
+CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a
possible use-a ...)
NOT-FOR-US: Android media framework
-CVE-2020-0242
- RESERVED
+CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible
use-after-free due ...)
NOT-FOR-US: Android media framework
-CVE-2020-0241
- RESERVED
+CVE-2020-0241 (In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there
is poss ...)
NOT-FOR-US: Android media framework
-CVE-2020-0240
- RESERVED
+CVE-2020-0240 (In NewFixedDoubleArray of factory.cc, there is a possible out
of bound ...)
NOT-FOR-US: Android
-CVE-2020-0239
- RESERVED
+CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2020-0238
- RESERVED
+CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader,
there is a ...)
NOT-FOR-US: Android
CVE-2020-0237
RESERVED
@@ -48066,8 +48065,7 @@ CVE-2020-0110 (In psi_write of psi.c, there is a
possible out of bounds write du
NOTE:
https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2)
CVE-2020-0109 (In simulatePackageSuspendBroadcast of
NotificationManagerService.java, ...)
NOT-FOR-US: Android
-CVE-2020-0108
- RESERVED
+CVE-2020-0108 (In postNotification of ServiceRecord.java, there is a possible
bypass ...)
NOT-FOR-US: Android
CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a
possible ...)
NOT-FOR-US: Android
@@ -50463,8 +50461,8 @@ CVE-2019-17353 (An issue discovered on D-Link DIR-615
devices with firmware vers
NOT-FOR-US: D-Link
CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there
is a vul ...)
NOT-FOR-US: JFinal
-CVE-2019-17339
- RESERVED
+CVE-2019-17339 (The VirtualRouter component of TIBCO Software Inc.'s TIBCO
Silver Fabr ...)
+ TODO: check
CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO
Patterns - ...)
NOT-FOR-US: TIBCO
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0982d131faf364e2ed6b2678d9f9c5e7f29719
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0982d131faf364e2ed6b2678d9f9c5e7f29719
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
