[Git][security-tracker-team/security-tracker][master] new libxstream-java issue

Tue, 17 Nov 2020 07:50:09 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
202a1a67 by Moritz Muehlenhoff at 2020-11-17T16:49:39+01:00
new libxstream-java issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8982,7 +8982,10 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is 
vulnerable to Open Redirect.
 CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site 
Scripting. ...)
        NOT-FOR-US: touchbase.ai
 CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code 
Execution.T ...)
-       TODO: check
+       - libxstream-java <unfixed>
+       NOTE: https://x-stream.github.io/CVE-2020-26217.html
+       NOTE: 
https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
+       NOTE: 
https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
 CVE-2020-26216
        RESERVED
 CVE-2020-26215
@@ -10184,9 +10187,8 @@ CVE-2020-25698
        RESERVED
 CVE-2020-25697
        RESERVED
-       - libx11 <undetermined>
+       NOTE: Long-standing design limitation in X11, unlikely to get fixed 
until the world moves to Wayland
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
-       TODO: check correct packages to track
 CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
        RESERVED
        - postgresql-13 13.1-1
@@ -74245,7 +74247,7 @@ CVE-2019-18571 (The RSA Identity Governance and 
Lifecycle and RSA Via Lifecycle
 CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC 
may all ...)
        NOT-FOR-US: Intel
 CVE-2020-0599 (Improper access control in the PMC for some Intel(R) Processors 
may al ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) 
Binary Conf ...)
        NOT-FOR-US: Intel
 CVE-2020-0597 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and 
Intel(R) ISM  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202a1a67ee797123a7f2d96df556a523b5b5d23c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202a1a67ee797123a7f2d96df556a523b5b5d23c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to