Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c90b4af6 by security tracker role at 2020-11-21T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2424,6 +2424,7 @@ CVE-2020-28368 (Xen through 4.14.x allows guest OS
administrators to obtain sens
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-351.html
CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument
Injection. ...)
+ {DLA-2460-1}
- golang-1.15 1.15.5-1
- golang-1.11 <removed>
- golang-1.8 <removed>
@@ -4309,7 +4310,7 @@ CVE-2020-28198
CVE-2020-28197
RESERVED
CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before
1.18.3 allow ...)
- {DLA-2437-1}
+ {DSA-4795-1 DLA-2437-1}
[experimental] - krb5 1.18.2-1
- krb5 1.18.3-1 (bug #973880)
NOTE:
https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
@@ -7527,7 +7528,7 @@ CVE-2020-26969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
CVE-2020-26968
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7548,7 +7549,7 @@ CVE-2020-26966
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966
CVE-2020-26965
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7569,7 +7570,7 @@ CVE-2020-26962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
CVE-2020-26961
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7578,7 +7579,7 @@ CVE-2020-26961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961
CVE-2020-26960
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7587,7 +7588,7 @@ CVE-2020-26960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960
CVE-2020-26959
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7596,7 +7597,7 @@ CVE-2020-26959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959
CVE-2020-26958
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7609,7 +7610,7 @@ CVE-2020-26957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957
CVE-2020-26956
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7626,7 +7627,7 @@ CVE-2020-26954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954
CVE-2020-26953
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7639,7 +7640,7 @@ CVE-2020-26952
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
CVE-2020-26951
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -8588,6 +8589,7 @@ CVE-2020-26521 (The JWT library in NATS nats-server
before 2.1.9 allows a denial
CVE-2020-26520
RESERVED
CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write
when pa ...)
+ {DSA-4794-1}
- mupdf 1.17.0+ds1-1.1 (bug #971595)
[stretch] - mupdf <postponed> (Minor issue, can be fixed along in next
DLA)
NOTE:
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8
@@ -11692,8 +11694,8 @@ CVE-2020-25191
RESERVED
CVE-2020-25190
RESERVED
-CVE-2020-25189
- RESERVED
+CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer
overflo ...)
+ TODO: check
CVE-2020-25188 (An attacker who convinces a valid user to open a specially
crafted pro ...)
NOT-FOR-US: LAquis SCADA
CVE-2020-25187
@@ -28643,6 +28645,7 @@ CVE-2020-16846 (An issue was discovered in SaltStack
Salt through 3002. Sending
- salt 3002.1+dfsg1-1
NOTE:
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite
read loo ...)
+ {DLA-2460-1 DLA-2459-1}
- golang-1.15 1.15~rc2-1
- golang-1.14 1.14.7-1
- golang-1.11 <removed>
@@ -30506,7 +30509,7 @@ CVE-2020-16013
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16012
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -31738,6 +31741,7 @@ CVE-2020-15588 (An issue was discovered in the client
side of Zoho ManageEngine
CVE-2020-15587
RESERVED
CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in
some net ...)
+ {DLA-2460-1 DLA-2459-1}
- golang-1.15 1.15~rc1-1
- golang-1.14 1.14.6-1
- golang-1.11 <removed>
@@ -35373,8 +35377,8 @@ CVE-2020-14260
RESERVED
CVE-2020-14259
RESERVED
-CVE-2020-14258
- RESERVED
+CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability
caused b ...)
+ TODO: check
CVE-2020-14257
RESERVED
CVE-2020-14256
@@ -35421,16 +35425,16 @@ CVE-2020-14236
RESERVED
CVE-2020-14235
RESERVED
-CVE-2020-14234
- RESERVED
+CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability
due to ...)
+ TODO: check
CVE-2020-14233
RESERVED
CVE-2020-14232
RESERVED
CVE-2020-14231
RESERVED
-CVE-2020-14230
- RESERVED
+CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability
caused ...)
+ TODO: check
CVE-2020-14229
RESERVED
CVE-2020-14228
@@ -42413,6 +42417,7 @@ CVE-2020-11801
CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1,
London t ...)
NOT-FOR-US: ServiceNow IT Service Management Kingston
CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows
remote att ...)
+ {DLA-2461-1}
- zabbix 1:4.0.0+dfsg-1
NOTE: https://support.zabbix.com/browse/DEV-1538
NOTE: https://support.zabbix.com/browse/ZBX-17600
@@ -107413,7 +107418,7 @@ CVE-2019-8402
CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN
messages ...)
NOT-FOR-US: WooCommerce plugin
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x
before ...)
- {DLA-1708-1}
+ {DLA-2461-1 DLA-1708-1}
- zabbix 1:3.0.17+dfsg-1 (low)
NOTE: https://support.zabbix.com/browse/ZBX-10272
NOTE: https://support.zabbix.com/browse/ZBX-13133
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c90b4af611460411f9d14c5740f755663096eb93
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c90b4af611460411f9d14c5740f755663096eb93
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
