Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ad3c92a by Moritz Muehlenhoff at 2020-08-23T19:48:32+02:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14224,7 +14224,9 @@ CVE-2020-17508
RESERVED
CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x
through 5.15. ...)
- qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)
+ [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
+ [buster] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev
branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15
branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12
branch)
@@ -14246,6 +14248,7 @@ CVE-2020-17499
RESERVED
CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector
could crash. ...)
- wireshark 3.2.6-1
+ [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
[stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not
present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b
@@ -14497,6 +14500,7 @@ CVE-2020-17381
CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in
hw/sd/sdhci.c]
RESERVED
- qemu <unfixed>
+ [buster] - qemu <postponed> (Minor issue, fix along in future DSA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
CVE-2020-17379
RESERVED
@@ -17201,6 +17205,7 @@ CVE-2020-16093
RESERVED
CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the
network p ...)
- qemu <unfixed>
+ [buster] - qemu <postponed> (Minor issue, fix along in future DSA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
CVE-2020-16091
@@ -18146,10 +18151,13 @@ CVE-2020-15695 (An issue was discovered in Joomla!
through 3.9.19. A missing tok
NOT-FOR-US: Joomla!
CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to
properly valida ...)
- nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to
a CR-LF ...)
- nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL
argumen ...)
- nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
CVE-2020-15691
RESERVED
CVE-2020-15690
@@ -18988,6 +18996,7 @@ CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not
limit the number of authent
NOT-FOR-US: Venki
CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another
JSON Sch ...)
- node-ajv 6.12.4-1
+ [buster] - node-ajv <no-dsa> (Minor issue)
NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in
parse_exif() in ...)
- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
@@ -41203,6 +41212,7 @@ CVE-2020-7068
RESERVED
- php7.4 7.4.9-1
- php7.3 <removed>
+ [buster] - php7.3 <postponed> (Minor issue, fix along in future DSA)
- php7.0 <removed>
NOTE: Fixed in PHP 7.4.9, 7.3.21, 7.2.33
NOTE: PHP Bug: https://bugs.php.net/79797
=====================================
data/dsa-needed.txt
=====================================
@@ -16,7 +16,7 @@ chromium
--
curl (ghedo)
--
-icingaweb2
+icingaweb2 (jmm)
Maintainer prepared an update
--
knot-resolver
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad3c92ad003fc49bacbeef3fec836ef94cf7fe1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad3c92ad003fc49bacbeef3fec836ef94cf7fe1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
