[Git][security-tracker-team/security-tracker][master] new wolfssl, curl issues

Moritz Muehlenhoff Fri, 21 Aug 2020 14:10:59 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
86b10086 by Moritz Muehlenhoff at 2020-08-21T23:09:50+02:00
new wolfssl, curl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,9 @@ CVE-2020-24587
 CVE-2020-24586
        RESERVED
 CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation 
in wolfSS ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/pull/3219
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
 CVE-2020-24584
        RESERVED
 CVE-2020-24583
@@ -19086,7 +19088,8 @@ CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via 
the downloadmp3.php downloa
 CVE-2020-15310
        RESERVED
 CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single 
precision ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
 CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 
allows post-a ...)
        NOT-FOR-US: Support Incident Tracker
 CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve 
stored XSS ( ...)
@@ -26329,7 +26332,9 @@ CVE-2020-12458 (An information-disclosure flaw was 
found in Grafana through 6.7.
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
        NOTE: https://github.com/grafana/grafana/issues/8283
 CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles 
the cha ...)
-       TODO: check
+       - wolfssl <unfixed>
+       NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
+       NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
 CVE-2020-12456
        RESERVED
 CVE-2020-12455
@@ -38365,6 +38370,9 @@ CVE-2020-8232 (An information disclosure vulnerability 
exists in EdgeMax EdgeSwi
        NOT-FOR-US: Edgeswitch
 CVE-2020-8231
        RESERVED
+       - curl <unfixed>
+       NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
+       NOTE: 
https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
 CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop 
Client v ...)
        - netxcloud-desktop <not-affected> (Windows-specific)
 CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud 
Desktop Clie ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86b100860215b7dc7772b1f5fda4e3d155a67c2b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86b100860215b7dc7772b1f5fda4e3d155a67c2b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new wolfssl, curl issues

Reply via email to