Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79858139 by Thorsten Alteholz at 2020-09-21T10:38:51+02:00
mark CVE-2020-6097 as no-dsa for Stretch
- - - - -
aa681846 by Thorsten Alteholz at 2020-09-21T10:38:52+02:00
mark CVE-2020-24750 as no-dsa for Stretch
- - - - -
146a0e1b by Thorsten Alteholz at 2020-09-21T10:38:54+02:00
mark CVE-2020-24890 and CVE-2020-24889 as no-dsa for Stretch
- - - - -
cc8e1cf9 by Thorsten Alteholz at 2020-09-21T10:38:55+02:00
mark CVE-2020-10755 as no-dsa for all affected packages in Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1960,10 +1960,12 @@ CVE-2020-24891
CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in
parse_tiff ...)
- libraw <unfixed>
[buster] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/335
CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0
LibRaw::Ge ...)
- libraw <unfixed>
[buster] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/334
NOTE:
https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
CVE-2020-24888
@@ -2250,6 +2252,7 @@ CVE-2020-24751
CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the
interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -35168,6 +35171,7 @@ CVE-2020-10755 (An insecure-credentials flaw was found
in all openstack-cinder v
[jessie] - cinder <end-of-life> (OpenStack component, not supported in
jessie LTS)
- python-os-brick 3.1.0-1 (low)
[buster] - python-os-brick <no-dsa> (Minor issue)
+ [stretch] - python-os-brick <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
CVE-2020-10754 (It was found that nmcli, a command line interface to
NetworkManager di ...)
@@ -46857,6 +46861,7 @@ CVE-2020-6098 (An exploitable denial of service
vulnerability exists in the free
CVE-2020-6097 (An exploitable denial of service vulnerability exists in the
atftpd da ...)
- atftp <unfixed> (bug #970066)
[buster] - atftp <no-dsa> (Minor issue)
+ [stretch] - atftp <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the
ARMv7 mem ...)
- glibc 2.31-2 (low; bug #961452)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aad7bd76a0dc857cd53395095200b3ded21afe1b...cc8e1cf98ac4db7a58d99aa4965d5008ced90838
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aad7bd76a0dc857cd53395095200b3ded21afe1b...cc8e1cf98ac4db7a58d99aa4965d5008ced90838
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
