[Git][security-tracker-team/security-tracker][master] Add CVE-2020-25690 and update information on CVE-2020-5395

Salvatore Bonaccorso Sat, 31 Oct 2020 01:36:38 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e9474a4f by Salvatore Bonaccorso at 2020-10-31T09:35:12+01:00
Add CVE-2020-25690 and update information on CVE-2020-5395

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5607,6 +5607,8 @@ CVE-2020-25691
        RESERVED
 CVE-2020-25690
        RESERVED
+       - fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not 
applied)
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 
21.0.0.F ...)
        - wildfly <itp> (bug #752018)
 CVE-2020-25688
@@ -54301,6 +54303,10 @@ CVE-2020-5395 (FontForge 20190801 has a use-after-free 
in SFD_GetFontMetaData in
        [stretch] - fontforge <no-dsa> (Minor issue)
        [jessie] - fontforge <no-dsa> (Minor issue)
        NOTE: https://github.com/fontforge/fontforge/issues/4084
+       NOTE: 
https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410
+
+       NOTE: Additional patch required (to not open up CVE-2020-25690):
+       NOTE: 
https://github.com/fontforge/fontforge/commit/b96273acc691ac8a36c6a8dd4de8e6edd7eaae59
 CVE-2019-20334 (In Netwide Assembler (NASM) 2.14.02, stack consumption occurs 
in expr# ...)
        - nasm <unfixed> (unimportant)
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9474a4f3cdf8979f6561b42c1763f9fb966f689

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9474a4f3cdf8979f6561b42c1763f9fb966f689
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-25690 and update information on CVE-2020-5395

Reply via email to