Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e4e8794 by security tracker role at 2020-08-30T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-25030
+ RESERVED
+CVE-2020-25029
+ RESERVED
+CVE-2020-25028
+ RESERVED
+CVE-2020-25027
+ RESERVED
+CVE-2020-25026
+ RESERVED
+CVE-2020-25025
+ RESERVED
CVE-2020-25024
RESERVED
CVE-2020-25023
@@ -210,8 +222,8 @@ CVE-2020-24919
RESERVED
CVE-2020-24918
RESERVED
-CVE-2020-24917
- RESERVED
+CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to
DraftAjaxA ...)
+ TODO: check
CVE-2020-24916
RESERVED
CVE-2020-24915
@@ -1667,8 +1679,8 @@ CVE-2020-24225
RESERVED
CVE-2020-24224
RESERVED
-CVE-2020-24223
- RESERVED
+CVE-2020-24223 (Mara CMS 7.5 allows contact.php?theme= XSS. ...)
+ TODO: check
CVE-2020-24222
RESERVED
CVE-2020-24221
@@ -20073,14 +20085,14 @@ CVE-2020-15308 (Support Incident Tracker (aka SiT! or
SiTracker) 3.67 p2 allows
CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve
stored XSS ( ...)
NOT-FOR-US: Nozomi Guardian
CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid
chunkCount a ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.2-1
- openexr 2.5.3-2
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54
CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input
could c ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.2-1
- openexr 2.5.3-2
[jessie] - openexr <no-dsa> (Minor issue)
@@ -22523,8 +22535,7 @@ CVE-2020-14354 [ares_destroy() with pending
ares_getaddrinfo() leads to Use-Afte
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e
(1.16.1)
CVE-2020-14353
REJECTED
-CVE-2020-14352
- RESERVED
+CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A
directory tra ...)
NOT-FOR-US: librepo
CVE-2020-14351
RESERVED
@@ -30064,7 +30075,7 @@ CVE-2020-11767 (Istio through 1.5.1 and Envoy through
1.14.1 have a data-leak is
CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX
Enterprise Web I ...)
NOT-FOR-US: iFAX AvantFAX
CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an
off-by-on ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
@@ -30072,7 +30083,7 @@ CVE-2020-11765 (An issue was discovered in OpenEXR
before 2.4.1. There is an off
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
@@ -30080,14 +30091,14 @@ CVE-2020-11764 (An issue was discovered in OpenEXR
before 2.4.1. There is an out
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an
std::vect ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/d0303d1785d2a8cb994efee9efa81f8ee4be4c17
CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
@@ -30095,21 +30106,21 @@ CVE-2020-11762 (An issue was discovered in OpenEXR
before 2.4.1. There is an out
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of
integer ov ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
@@ -30117,7 +30128,7 @@ CVE-2020-11759 (An issue was discovered in OpenEXR
before 2.4.1. Because of inte
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f
CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an
out-of-bo ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
@@ -34539,6 +34550,7 @@ CVE-2020-10291
CVE-2020-10290 (Universal Robots controller execute URCaps (zip files
containing Java- ...)
NOT-FOR-US: Universal Robots controller
CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary
objects. Th ...)
+ {DLA-2357-1}
- ros-actionlib 1.13.1-4 (bug #968830)
[buster] - ros-actionlib <no-dsa> (Minor issue)
NOTE: https://github.com/ros/actionlib/pull/171
@@ -39432,8 +39444,8 @@ CVE-2020-8246
RESERVED
CVE-2020-8245
RESERVED
-CVE-2020-8244
- RESERVED
+CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3,
<3.0.1 and ...)
+ TODO: check
CVE-2020-8243
RESERVED
CVE-2020-8242
@@ -40831,8 +40843,8 @@ CVE-2020-7714
RESERVED
CVE-2020-7713
RESERVED
-CVE-2020-7712
- RESERVED
+CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to
inject ...)
+ TODO: check
CVE-2020-7711 (This affects all versions of package
github.com/russellhaering/goxmlds ...)
- golang-github-russellhaering-goxmldsig <unfixed> (bug #968928)
NOTE: https://github.com/russellhaering/goxmldsig/issues/48
@@ -186072,6 +186084,7 @@ CVE-2017-12597 (OpenCV (Open Source Computer Vision
Library) through 3.3 has an
[stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer
over-read ...)
+ {DLA-2358-1}
- openexr 2.2.0-11.1 (bug #877352)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr 1.6.1-6+deb7u1
@@ -196467,47 +196480,47 @@ CVE-2017-9117 (In LibTIFF 4.0.7, the program
processes BMP images without verify
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress
function ...)
- {DLA-1083-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator
functio ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill
function in ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the
bufferedReadPixels ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (low; bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits
function in ...)
- {DLA-1083-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE
function ...)
- {DSA-4755-1}
+ {DSA-4755-1 DLA-2358-1}
- openexr 2.5.3-2 (bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode
function ...)
- {DLA-1083-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e4e8794c2876eec27fb1a60521bb8c10aa51172
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e4e8794c2876eec27fb1a60521bb8c10aa51172
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
