Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3015d05 by security tracker role at 2020-12-04T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-29571
+ RESERVED
+CVE-2020-29570
+ RESERVED
+CVE-2020-29569
+ RESERVED
+CVE-2020-29568
+ RESERVED
+CVE-2020-29567
+ RESERVED
+CVE-2020-29566
+ RESERVED
CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2,
16.x befor ...)
TODO: check
CVE-2020-29564
@@ -3812,13 +3824,13 @@ CVE-2020-28416
RESERVED
CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
RESERVED
- {DSA-4792-1}
+ {DSA-4792-1 DLA-2481-1}
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2
(OPENLDAP_REL_ENG_2_4_56)
CVE-2020-25709 [assertion failure in Certificate List syntax validation]
RESERVED
- {DSA-4792-1}
+ {DSA-4792-1 DLA-2481-1}
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
(OPENLDAP_REL_ENG_2_4_56)
@@ -3917,6 +3929,7 @@ CVE-2020-28370
CVE-2020-28369
RESERVED
CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain
sensitive ...)
+ {DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-351.html
@@ -5648,7 +5661,7 @@ CVE-2020-28272 (Prototype pollution vulnerability in
'keyget' versions 1.0.0 thr
TODO: check
CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0
through ...)
NOT-FOR-US: Node deephas
-CVE-2020-28270 (Prototype pollution vulnerability in
‘object-hierarchy-access ...)
+CVE-2020-28270 (Prototype pollution vulnerability in 'object-hierarchy-access'
version ...)
NOT-FOR-US: Node object-hierarchy-access
CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1
through 1. ...)
NOT-FOR-US: Node field
@@ -6977,8 +6990,7 @@ CVE-2020-27772
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11
-CVE-2020-27771
- RESERVED
+CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several
areas where ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
@@ -6986,8 +6998,7 @@ CVE-2020-27771
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/a07ecde4c1c3a3efaa628434adc903295f6bb2b3
-CVE-2020-27770
- RESERVED
+CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is
possible ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN offset overflowed
warning)
@@ -7010,16 +7021,14 @@ CVE-2020-27768
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a
-CVE-2020-27767
- RESERVED
+CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An
attacker w ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1
-CVE-2020-27766
- RESERVED
+CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An
attacker ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
@@ -7027,8 +7036,7 @@ CVE-2020-27766
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
NOTE: Same fix as CVE-2020-27774
-CVE-2020-27765
- RESERVED
+CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An
attacker w ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while
package is mainly CLI)
@@ -7904,18 +7912,22 @@ CVE-2020-27675 (An issue was discovered in the Linux
kernel through 5.9.1, as us
- linux 5.9.6-1
NOTE: https://xenbits.xen.org/xsa/advisory-331.html
CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV
guest OS ...)
+ {DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-286.html
CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86
guest OS us ...)
+ {DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-345.html
CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM
and PVH ...)
+ {DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-346.html
CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86
guest OS us ...)
+ {DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-347.html
@@ -8305,10 +8317,10 @@ CVE-2020-27411
RESERVED
CVE-2020-27410
RESERVED
-CVE-2020-27409
- RESERVED
-CVE-2020-27408
- RESERVED
+CVE-2020-27409 (OpenSIS Community Edition before 7.5 is affected by a
cross-site scrip ...)
+ TODO: check
+CVE-2020-27408 (OpenSIS Community Edition through 7.6 is affected by incorrect
access ...)
+ TODO: check
CVE-2020-27407
RESERVED
CVE-2020-27406
@@ -9213,7 +9225,7 @@ CVE-2020-26971
RESERVED
CVE-2020-26970
RESERVED
- {DSA-4802-1}
+ {DSA-4802-1 DLA-2479-1}
- thunderbird 1:78.5.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
CVE-2020-26969
@@ -12095,6 +12107,7 @@ CVE-2020-25713 [Out of bounds read leads to segfault in
raptor_xml_writer_start_
NOTE: https://bugs.librdf.org/mantis/view.php?id=650
CVE-2020-25712 [Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap
overflows]
RESERVED
+ {DSA-4803-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where
authorization permis ...)
@@ -12563,6 +12576,7 @@ CVE-2020-25594
CVE-2020-25593
RESERVED
CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly
validates eauth ...)
+ {DLA-2480-1}
- salt 3002.1+dfsg1-1
NOTE:
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
NOTE:
https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/25/2018.3.5.patch
(2018.3.5)
@@ -12814,16 +12828,16 @@ CVE-2020-25467
RESERVED
CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of
CRMEB 3. ...)
NOT-FOR-US: CRMEB
-CVE-2020-25465
- RESERVED
-CVE-2020-25464
- RESERVED
-CVE-2020-25463
- RESERVED
-CVE-2020-25462
- RESERVED
-CVE-2020-25461
- RESERVED
+CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at
moddable/ ...)
+ TODO: check
+CVE-2020-25464 (Heap buffer overflow at moddable/xs/sources/xsDebug.c in
Moddable SDK ...)
+ TODO: check
+CVE-2020-25463 (Invalid Memory Access in fxUTF8Decode at
moddable/xs/sources/xsCommon. ...)
+ TODO: check
+CVE-2020-25462 (Heap buffer overflow in the fxCheckArrowFunction function at
moddable/ ...)
+ TODO: check
+CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in
moddable/xs/sou ...)
+ TODO: check
CVE-2020-25460
RESERVED
CVE-2020-25459
@@ -29092,6 +29106,7 @@ CVE-2020-17492
CVE-2020-17491
RESERVED
CVE-2020-17490 (The TLS module within SaltStack Salt through 3002 creates
certificates ...)
+ {DLA-2480-1}
- salt 3002.1+dfsg1-1
NOTE:
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
NOTE:
https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch
(2018.3.x)
@@ -30414,6 +30429,7 @@ CVE-2020-16848
CVE-2020-16847 (Extreme Analytics in Extreme Management Center before
8.5.0.169 allows ...)
NOT-FOR-US: Extreme Management Center
CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002.
Sending crafte ...)
+ {DLA-2480-1}
- salt 3002.1+dfsg1-1
NOTE:
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
NOTE:
https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch
(2018.3.x)
@@ -36823,6 +36839,7 @@ CVE-2020-14361 (A flaw was found in X.Org Server before
xorg-x11-server 1.20.9.
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
CVE-2020-14360 [Check SetMap request length carefully]
RESERVED
+ {DSA-4803-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
CVE-2020-14359
@@ -60553,8 +60570,8 @@ CVE-2020-5677 (Reflected cross-site scripting
vulnerability in GROWI v4.0.0 and
NOT-FOR-US: GROWI
CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain
information ...)
NOT-FOR-US: GROWI
-CVE-2020-5675
- RESERVED
+CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series
(GT2107-WTBD ...)
+ TODO: check
CVE-2020-5674 (Untrusted search path vulnerability in the installers of
multiple SEIK ...)
NOT-FOR-US: SEIKO EPSON products
CVE-2020-5673
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3015d052d8855f3e925c931e0a9079716a98965
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3015d052d8855f3e925c931e0a9079716a98965
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
