Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ace03d7 by Moritz Muehlenhoff at 2021-01-07T08:11:52+01:00
stable triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2673,10 +2673,12 @@ CVE-2020-36068
RESERVED
CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of
service (panic ...)
- golang-github-tidwall-gjson <unfixed>
+ [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
NOTE: https://github.com/tidwall/gjson/issues/196
NOTE:
https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service
(remote) ...)
- golang-github-tidwall-gjson <unfixed>
+ [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
NOTE: https://github.com/tidwall/gjson/issues/195
NOTE:
https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
CVE-2020-36065
@@ -6719,6 +6721,7 @@ CVE-2020-35546
RESERVED
CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query
string. ...)
- spotweb <unfixed> (bug #977719)
+ [buster] - spotweb <no-dsa> (Minor issue)
NOTE: https://github.com/spotweb/spotweb/issues/629
NOTE:
https://github.com/spotweb/spotweb/commit/fefb39ad143caad021ad496427617db79c42aff2
CVE-2020-35544
@@ -6876,6 +6879,7 @@ CVE-2020-35492 [cairo: libreoffice slideshow aborts with
stack smashing in cairo
RESERVED
{DLA-2518-1}
- cairo 1.16.0-5 (bug #978658)
+ [buster] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437
NOTE: Introduced by:
https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf
(1.12.12)
NOTE: Fixed by:
https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be
@@ -8919,6 +8923,7 @@ CVE-2020-29658
RESERVED
CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in
main_print_unh ...)
- iotjs <unfixed> (bug #977736)
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244
CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U
Download Ma ...)
NOT-FOR-US: RT-AC88U Download Master
@@ -20724,7 +20729,8 @@ CVE-2020-26265 (Go Ethereum, or "Geth", is the official
Golang implementation of
CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
- golang-github-go-ethereum <itp> (bug #890541)
CVE-2020-26263 (tlslite-ng is an open source python library that implements
SSL and TL ...)
- - tlslite-ng <unfixed>
+ - tlslite-ng <removed>
+ [buster] - tlslite-ng <ignored> (Minor issue)
NOTE:
https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
NOTE:
https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/438
@@ -25253,6 +25259,7 @@ CVE-2020-24345 (** DISPUTED ** JerryScript through
2.3.0 allows stack consumptio
NOTE: Disputed JerryScript issue
CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const
argumen ...)
- iotjs <unfixed>
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976
NOTE:
https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a
CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c
because of ...)
@@ -49002,6 +49009,7 @@ CVE-2020-13650 (An issue was discovered in DigDash
2018R2 before p20200210 and 2
NOT-FOR-US: DigDash
CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors
during c ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE:
https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788
@@ -114779,6 +114787,7 @@ CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by:
Use After Free. The impact
NOT-FOR-US: Jsish
CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166
is affecte ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/2476
NOTE:
https://github.com/jerryscript-project/jerryscript/commit/505dace719aebb3308a3af223cfaa985159efae0
CVE-2019-1010175
@@ -153144,6 +153153,7 @@ CVE-2018-1000638 (MiniCMS version 1.1 contains a
Cross Site Scripting (XSS) vuln
NOT-FOR-US: MiniCMS
CVE-2018-1000636 (JerryScript version Tested on commit
f86d7459d195c8ba58479d1861b0cc726 ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435
NOTE:
https://github.com/jerryscript-project/jerryscript/commit/87897849f6879df10e8ad68a41bf8cf507edf710
CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0
to 5.4.6 co ...)
@@ -164224,10 +164234,12 @@ CVE-2018-11420 (There is Memory corruption in the
web interface of Moxa OnCell G
NOT-FOR-US: Moxa
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a
heap-based buff ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230
NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a
heap-based buff ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237
NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352
CVE-2018-11417
@@ -174437,6 +174449,7 @@ CVE-2018-7586 (In the nextgen-gallery plugin before
2.2.50 for WordPress, galler
NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a
heap-based buff ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/2140
CVE-2018-7585
RESERVED
@@ -204510,6 +204523,7 @@ CVE-2017-14750
RESERVED
CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of
service ( ...)
- iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008
CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote
authentica ...)
NOT-FOR-US: Blizzard Overwatch
=====================================
data/dsa-needed.txt
=====================================
@@ -14,12 +14,12 @@ If needed, specify the release by adding a slash after the
name of the source pa
--
ansible
--
-firefox-esr
+firefox-esr (jmm)
--
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
--
-libxstream-java
+libxstream-java (jmm)
Markus Koschany proposed an update for review
--
linux (carnil)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ace03d71969cd4874ab255b33f94e176fb83452
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ace03d71969cd4874ab255b33f94e176fb83452
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
