Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
089d7ba7 by Moritz Muehlenhoff at 2020-11-18T19:38:07+01:00
buster triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4210,6 +4210,7 @@ CVE-2020-28169
RESERVED
CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request
Forgery (SSRF) ...)
- node-axios <unfixed>
+ [buster] - node-axios <no-dsa> (Minor issue)
NOTE: https://github.com/axios/axios/issues/3369
CVE-2020-28167
RESERVED
@@ -5306,6 +5307,7 @@ CVE-2020-27747 (An issue was discovered in Click Studios
Passwordstate 8.9 (Buil
CVE-2020-27746 [X11 forwarding - avoid unsafe use of magic cookie as arg to
xauth command]
RESERVED
- slurm-llnl <unfixed> (bug #974722)
+ [buster] - slurm-llnl <no-dsa> (Minor issue)
[stretch] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://www.schedmd.com/news.php?id=240
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
@@ -5313,6 +5315,7 @@ CVE-2020-27746 [X11 forwarding - avoid unsafe use of
magic cookie as arg to xaut
CVE-2020-27745 [PMIx - fix potential buffer overflows from use of unpackmem()]
RESERVED
- slurm-llnl <unfixed> (bug #974721)
+ [buster] - slurm-llnl <no-dsa> (Minor issue)
[stretch] - slurm-llnl <no-dsa> (Minor issue)
NOTE: https://www.schedmd.com/news.php?id=240
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
@@ -5328,12 +5331,16 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1
lacks a check for a failure
NOTE: Fixed by:
https://github.com/kravietz/pam_tacplus/commit/bceaab0cd51a09b88f40f19da799ac7390264bf8
(v1.6.1)
CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel
WebCit th ...)
- webcit <unfixed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel
WebCit ...)
- webcit <unfixed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote
attackers to ...)
- webcit <unfixed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit
through 926 ...)
- webcit <unfixed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
CVE-2020-27738
RESERVED
CVE-2020-27737
@@ -10178,6 +10185,7 @@ CVE-2020-25713 [Out of bounds read leads to segfault in
raptor_xml_writer_start_
RESERVED
- raptor <removed>
- raptor2 <unfixed> (bug #974664)
+ [buster] - raptor2 <no-dsa> (Minor issue)
NOTE: https://bugs.librdf.org/mantis/view.php?id=650
CVE-2020-25712
RESERVED
@@ -10193,10 +10201,12 @@ CVE-2020-25708 [libvncserver/rfbserver.c has a divide
by zero which could result
CVE-2020-25707 [infinite loop in e1000e_write_packet_to_guest() in
hw/net/e1000e_core.c]
RESERVED
- qemu <unfixed> (bug #974687)
+ [buster] - qemu <postponed> (Fix along in future DSA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html
CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in
templates_import. ...)
- cacti 1.2.14+ds1-1
+ [buster] - cacti <no-dsa> (Minor issue)
[stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/3723
NOTE:
https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
@@ -29990,6 +30000,7 @@ CVE-2020-16126 (An Ubuntu-specific modification to
AccountsService in versions b
CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start
gnome-initial-setup ...)
{DLA-2434-1}
- gdm3 3.38.2-1
+ [buster] - gdm3 <no-dsa> (Minor issue on Debian)
NOTE:
https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28
NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642
CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC
library of ...)
@@ -34719,6 +34730,7 @@ CVE-2020-14383 [An authenticated user can crash the
DCE/RPC DNS with easily craf
RESERVED
[experimental] - samba 2:4.13.2+dfsg-1
- samba <unfixed> (bug #973398)
+ [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472
CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0
where, ...)
@@ -34991,6 +35003,7 @@ CVE-2020-14324 (A high severity vulnerability was found
in all active versions o
CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind
service i ...)
[experimental] - samba 2:4.13.2+dfsg-1
- samba <unfixed> (bug #973399)
+ [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436
CVE-2020-14322
@@ -35005,6 +35018,7 @@ CVE-2020-14318 [Missing handle permissions check in
SMB1/2/3 ChangeNotify]
RESERVED
[experimental] - samba 2:4.13.2+dfsg-1
- samba <unfixed> (bug #973400)
+ [buster] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434
CVE-2020-14317
=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ firefox-esr (jmm)
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
--
+krb5 (jmm)
+--
libproxy
--
linux (carnil)
@@ -33,6 +35,8 @@ netty
--
pdns-recursor
--
+salt
+--
thunderbird (jmm)
--
xcftools
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/089d7ba7e1b12c290ab2b7b83e381feefa569c89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/089d7ba7e1b12c290ab2b7b83e381feefa569c89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
