[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff Fri, 11 Sep 2020 10:36:18 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0560d2ac by Moritz Muehlenhoff at 2020-09-11T19:34:53+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -130,6 +130,7 @@ CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 
4.14.x before 4.14.194, a
        NOTE: https://www.spinics.net/lists/stable/msg405099.html
 CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 
allows a rem ...)
        - libproxy <unfixed>
+       [buster] - libproxy <no-dsa> (Minor issue)
        NOTE: https://github.com/libproxy/libproxy/issues/134
 CVE-2020-25218
        RESERVED
@@ -167,6 +168,7 @@ CVE-2020-25203
        RESERVED
 CVE-2019-XXXX [RUSTSEC-2019-0035: Unaligned memory access in versions below 
0.4.2]
        - rust-rand-core 0.5.0-1 (bug #969911; low)
+       [buster] - rust-rand-core <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
        NOTE: 
https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
 CVE-2019-XXXX [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 
can cause DoS]
@@ -671,6 +673,7 @@ CVE-2020-24973
        RESERVED
 CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) 
for GnuPG  ...)
        - kleopatra <unfixed>
+       [buster] - kleopatra <no-dsa> (Minor issue)
        NOTE: 
https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
        NOTE: https://security.gentoo.org/glsa/202008-21
 CVE-2020-24971
@@ -23151,6 +23154,7 @@ CVE-2020-14363 [Double free in libX11 locale handling 
code]
        RESERVED
        {DLA-2361-1}
        - libx11 <unfixed> (bug #969008)
+       [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
        NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
        NOTE: 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
 CVE-2020-14362
@@ -23231,7 +23235,7 @@ CVE-2020-14345
 CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was 
found in The ...)
        {DLA-2312-1}
        - libx11 2:1.6.10-1
-       [buster] - libx11 <no-dsa> (Minor issue)
+       [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
        NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html
        NOTE: 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
        NOTE: 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
@@ -56789,7 +56793,7 @@ CVE-2020-1970
 CVE-2020-1969
        RESERVED
 CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification 
which can  ...)
-       - openssl 1.1.1g-1
+       - openssl 1.1.1~~pre9-1
        - openssl1.0 <removed>
        NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed 
version in sid
        NOTE: https://www.openssl.org/news/secadv/20200909.txt
@@ -80139,6 +80143,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by 
zero at adx_write_traile
        NOTE: 
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms 
such as ...)
        - rainloop 1.14.0-1
+       [buster] - rainloop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
 CVE-2019-13388
        RESERVED
@@ -106912,6 +106917,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS 
Platform 3.0 before 17.09.1
        NOT-FOR-US: SuSE
 CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of 
SUSE L ...)
        - osc <unfixed> (bug #969999)
+       [buster] - osc <no-dsa> (Minor issue)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
        NOTE: 
https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 
(0.169.0)
 CVE-2019-3680


=====================================
data/dsa-needed.txt
=====================================
@@ -16,6 +16,8 @@ chromium
 --
 curl (ghedo)
 --
+inspircd
+--
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0560d2ac29b2140270508dca5aa2bab9ad0abb30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0560d2ac29b2140270508dca5aa2bab9ad0abb30
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] buster triage

Reply via email to