[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 23 Nov 2020 00:10:44 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e8a18ca2 by security tracker role at 2020-11-23T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10457,6 +10457,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions 
before 13.1, before 12.5
        NOTE: 
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
 CVE-2020-25693
        RESERVED
+       {DLA-2462-1}
        - cimg <unfixed> (bug #973770)
        NOTE: https://github.com/dtschump/CImg/pull/295
        NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983
@@ -34938,6 +34939,7 @@ CVE-2020-14384 (A flaw was found in JBossWeb in 
versions before 7.5.31.Final-red
        NOT-FOR-US: JBossWeb
 CVE-2020-14383 [An authenticated user can crash the DCE/RPC DNS with easily 
crafted records]
        RESERVED
+       {DLA-2463-1}
        [experimental] - samba 2:4.13.2+dfsg-1
        - samba 2:4.13.2+dfsg-2 (bug #973398)
        [buster] - samba <no-dsa> (Minor issue)
@@ -35212,6 +35214,7 @@ CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was 
vulnerable to the User Im
 CVE-2020-14324 (A high severity vulnerability was found in all active versions 
of Red  ...)
        NOT-FOR-US: Red Hat CloudForm
 CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind 
service i ...)
+       {DLA-2463-1}
        [experimental] - samba 2:4.13.2+dfsg-1
        - samba 2:4.13.2+dfsg-2 (bug #973399)
        [buster] - samba <no-dsa> (Minor issue)
@@ -35227,6 +35230,7 @@ CVE-2020-14319 (It was found that the AMQ Online 
console is vulnerable to a Cros
        NOT-FOR-US: AMQ Online
 CVE-2020-14318 [Missing handle permissions check in SMB1/2/3 ChangeNotify]
        RESERVED
+       {DLA-2463-1}
        [experimental] - samba 2:4.13.2+dfsg-1
        - samba 2:4.13.2+dfsg-2 (bug #973400)
        [buster] - samba <no-dsa> (Minor issue)
@@ -35291,6 +35295,7 @@ CVE-2020-14305 [memory corruption in Voice over IP 
nf_conntrack_h323 module]
 CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's 
ethernet driv ...)
        - linux <unfixed> (bug #960702)
 CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions 
before  ...)
+       {DLA-2463-1}
        - samba 2:4.12.5+dfsg-1
        [buster] - samba <postponed> (Minor issue, fix along in next DSA)
        NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
@@ -46018,6 +46023,7 @@ CVE-2020-10761 (An assertion failure issue was found in 
the Network Block Device
        NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd
        NOTE: Introduced in: 
https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
 CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server 
versions befo ...)
+       {DLA-2463-1}
        - samba 2:4.12.5+dfsg-1
        [buster] - samba <postponed> (Minor issue, fix along in next DSA)
        NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
@@ -46088,6 +46094,7 @@ CVE-2020-10747
 CVE-2020-10746 (A flaw was found in Infinispan version 10, where it permits 
local acce ...)
        NOT-FOR-US: Infinispan
 CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 
4.11.11  ...)
+       {DLA-2463-1}
        - samba 2:4.12.5+dfsg-1
        [buster] - samba <postponed> (Minor issue, fix along in next DSA)
        NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html
@@ -46141,6 +46148,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's 
implementation of Userspa
 CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the 
Red Hat ...)
        NOT-FOR-US: Red Hat OpenStack platform
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw 
was found  ...)
+       {DLA-2463-1}
        - ldb 2:2.1.4-1
        [buster] - ldb <no-dsa> (Minor issue)
        [stretch] - ldb <not-affected> (Vulnerable code introduced later)
@@ -46242,6 +46250,7 @@ CVE-2020-10705 (A flaw was discovered in Undertow in 
versions before Undertow 2.
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241
        NOTE: 
https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4
 CVE-2020-10704 (A flaw was found when using samba as an Active Directory 
Domain Contro ...)
+       {DLA-2463-1}
        - samba 2:4.12.3+dfsg-2 (bug #960188)
        [buster] - samba <postponed> (Can be fixed along in future DSA)
        NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
@@ -72324,6 +72333,7 @@ CVE-2020-1474 (An information disclosure vulnerability 
exists when the Windows I
 CVE-2020-1473 (A remote code execution vulnerability exists when the Windows 
Jet Data ...)
        NOT-FOR-US: Microsoft
 CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker 
establ ...)
+       {DLA-2463-1}
        [experimental] - samba 2:4.13.2+dfsg-1
        - samba 2:4.13.2+dfsg-2 (bug #971048)
        [buster] - samba <no-dsa> (Has already safe defaults; can be fixed 
along in point release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8a18ca220df4e424a82455f5b2d2277830dfc91

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8a18ca220df4e424a82455f5b2d2277830dfc91
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to