Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
825e1339 by Moritz Muehlenhoff at 2020-12-08T15:30:24+01:00
new audacity issue, NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5761,9 +5761,9 @@ CVE-2020-28275
CVE-2020-28274
RESERVED
CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0
through 2 ...)
- TODO: check
+ NOT-FOR-US: Node set-in
CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0
through 2 ...)
- TODO: check
+ NOT-FOR-US: Node keyget
CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0
through ...)
NOT-FOR-US: Node deephas
CVE-2020-28270 (Prototype pollution vulnerability in 'object-hierarchy-access'
version ...)
@@ -10977,7 +10977,7 @@ CVE-2020-26252
CVE-2020-26251
RESERVED
CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In
oauthent ...)
- TODO: check
+ NOT-FOR-US: JupyterHub login mechanism
CVE-2020-26249
RESERVED
CVE-2020-26248 (In the PrestaShop module "productcomments" before version
4.2.1, an at ...)
@@ -10989,7 +10989,7 @@ CVE-2020-26246 (Pimcore is an open source digital
experience platform. In Pimcor
CVE-2020-26245 (npm package systeminformation before version 4.30.5 is
vulnerable to P ...)
NOT-FOR-US: Node systeminformation
CVE-2020-26244 (Python oic is a Python OpenID Connect implementation. In
Python oic be ...)
- TODO: check
+ NOT-FOR-US: Python oic
CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation.
In Nanopb ...)
- nanopb 0.4.4-1 (bug #975838)
NOTE:
https://github.com/nanopb/nanopb/security/advisories/GHSA-85rr-4rh9-hhwh
@@ -44223,7 +44223,8 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x
before 4.3.100 allows an o
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665
NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to
/var/tmp/audacity-$USE ...)
- TODO: check
+ - audacity <unfixed>
+ [buster] - audacity <no-dsa> (Minor issue)
CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a
use-aft ...)
- libemf 1.0.12-1
[buster] - libemf <no-dsa> (Minor issue)
@@ -195248,7 +195249,7 @@ CVE-2017-14453 (On Insteon Hub 2245-222 devices with
firmware version 1012, spec
CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the
PubNub mess ...)
NOT-FOR-US: Insteon Hub
CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in
libevm (Ethe ...)
- TODO: check
+ NOT-FOR-US: CPP-Ethereum
CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image
parsing functi ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/825e1339f22414af58fec8a989f8448967df01b0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/825e1339f22414af58fec8a989f8448967df01b0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
