Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1554b910 by security tracker role at 2020-11-30T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -550,8 +550,8 @@ CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a
buffer over-read because
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of
entitie ...)
TODO: check
-CVE-2020-29127
- RESERVED
+CVE-2020-29127 (An issue was discovered on Fujitsu Eternus Storage DX200 S4
devices th ...)
+ TODO: check
CVE-2020-29126
RESERVED
CVE-2020-29125
@@ -10276,6 +10276,7 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is
vulnerable to Open Redirect.
CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site
Scripting. ...)
NOT-FOR-US: touchbase.ai
CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code
Execution.T ...)
+ {DLA-2471-1}
- libxstream-java 1.4.14-1
NOTE: https://x-stream.github.io/CVE-2020-26217.html
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
@@ -11807,8 +11808,7 @@ CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an
infinite loop when a TD l
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
NOTE: Fixed by:
https://git.qemu.org/?p=qemu.git;a=patch;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f
(v5.2.0-rc0)
-CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer
descriptors]
- RESERVED
+CVE-2020-25624 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer
over-read via ...)
{DLA-2469-1}
- qemu <unfixed> (bug #970541)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
@@ -64364,7 +64364,7 @@ CVE-2019-20046 (The Synergy Systems & Solutions PLC
& RTU system has a v
CVE-2019-20045 (The Synergy Systems & Solutions PLC & RTU system has a
vulnera ...)
NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can
regain privi ...)
- {DLA-2117-1}
+ {DLA-2470-1 DLA-2117-1}
- zsh 5.8-1 (bug #951458)
[buster] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/141
@@ -147898,6 +147898,7 @@ CVE-2018-13261
CVE-2018-13260
REJECTED
CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines
exceeding 64 ...)
+ {DLA-2470-1}
- zsh 5.6-1 (bug #908000)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
@@ -163534,7 +163535,7 @@ CVE-2018-7546 (wpsmain.dll in Kingsoft WPS Office
2016 and Jinshan PDF 10.1.0.66
CVE-2018-7545
RESERVED
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer
overflow. ...)
- {DLA-1304-1}
+ {DLA-2470-1 DLA-1304-1}
- zsh 5.4.1-1
[jessie] - zsh <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
@@ -182903,6 +182904,7 @@ CVE-2018-1102 (A flaw was found in source-to-image
function as shipped with Open
CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management
of sys ...)
NOT-FOR-US: Ansible Tower
CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer
overfl ...)
+ {DLA-2470-1}
- zsh 5.5-1 (bug #895225)
[jessie] - zsh <no-dsa> (Minor issue)
[wheezy] - zsh <no-dsa> (Minor issue)
@@ -182996,7 +182998,7 @@ CVE-2018-1084 (corosync before version 2.4.4 is
vulnerable to an integer overflo
NOTE: Fixed by:
https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer
overflow in ...)
- {DLA-1335-1}
+ {DLA-2470-1 DLA-1335-1}
- zsh 5.4.2-4 (low; bug #894043)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
@@ -183029,7 +183031,7 @@ CVE-2018-1073 (The web console login form in
ovirt-engine before version 4.2.3 r
CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an
informatio ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer
overfl ...)
- {DLA-1335-1}
+ {DLA-2470-1 DLA-1335-1}
- zsh 5.4.2-4 (low; bug #894044)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE:
https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
@@ -185177,6 +185179,7 @@ CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1,
1.29.3 and 1.27.5 contains
NOTE:
https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T169545
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a
#! scrip ...)
+ {DLA-2470-1}
- zsh 5.6-1 (bug #908000)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1554b910db4074bd3cad190e1a723e807a50f78f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1554b910db4074bd3cad190e1a723e807a50f78f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
