Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9ace03d7 by Moritz Muehlenhoff at 2021-01-07T08:11:52+01:00 stable triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2673,10 +2673,12 @@ CVE-2020-36068 RESERVED CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of service (panic ...) - golang-github-tidwall-gjson <unfixed> + [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/196 NOTE: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remote) ...) - golang-github-tidwall-gjson <unfixed> + [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/195 NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc CVE-2020-36065 @@ -6719,6 +6721,7 @@ CVE-2020-35546 RESERVED CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...) - spotweb <unfixed> (bug #977719) + [buster] - spotweb <no-dsa> (Minor issue) NOTE: https://github.com/spotweb/spotweb/issues/629 NOTE: https://github.com/spotweb/spotweb/commit/fefb39ad143caad021ad496427617db79c42aff2 CVE-2020-35544 @@ -6876,6 +6879,7 @@ CVE-2020-35492 [cairo: libreoffice slideshow aborts with stack smashing in cairo RESERVED {DLA-2518-1} - cairo 1.16.0-5 (bug #978658) + [buster] - cairo <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437 NOTE: Introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12) NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be @@ -8919,6 +8923,7 @@ CVE-2020-29658 RESERVED CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...) - iotjs <unfixed> (bug #977736) + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244 CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...) NOT-FOR-US: RT-AC88U Download Master @@ -20724,7 +20729,8 @@ CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum <itp> (bug #890541) CVE-2020-26263 (tlslite-ng is an open source python library that implements SSL and TL ...) - - tlslite-ng <unfixed> + - tlslite-ng <removed> + [buster] - tlslite-ng <ignored> (Minor issue) NOTE: https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7 NOTE: https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368 NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/438 @@ -25253,6 +25259,7 @@ CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumptio NOTE: Disputed JerryScript issue CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...) - iotjs <unfixed> + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976 NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...) @@ -49002,6 +49009,7 @@ CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2 NOT-FOR-US: DigDash CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788 @@ -114779,6 +114787,7 @@ CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact NOT-FOR-US: Jsish CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2476 NOTE: https://github.com/jerryscript-project/jerryscript/commit/505dace719aebb3308a3af223cfaa985159efae0 CVE-2019-1010175 @@ -153144,6 +153153,7 @@ CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vuln NOT-FOR-US: MiniCMS CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435 NOTE: https://github.com/jerryscript-project/jerryscript/commit/87897849f6879df10e8ad68a41bf8cf507edf710 CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...) @@ -164224,10 +164234,12 @@ CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G NOT-FOR-US: Moxa CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230 NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352 CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237 NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352 CVE-2018-11417 @@ -174437,6 +174449,7 @@ CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, galler NOT-FOR-US: nextgen-gallery plugin for WordPress CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2140 CVE-2018-7585 RESERVED @@ -204510,6 +204523,7 @@ CVE-2017-14750 RESERVED CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...) - iotjs 1.0+715-1 + [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008 CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...) NOT-FOR-US: Blizzard Overwatch ===================================== data/dsa-needed.txt ===================================== @@ -14,12 +14,12 @@ If needed, specify the release by adding a slash after the name of the source pa -- ansible -- -firefox-esr +firefox-esr (jmm) -- knot-resolver Santiago Ruano Rincón proposed a debdiff for review -- -libxstream-java +libxstream-java (jmm) Markus Koschany proposed an update for review -- linux (carnil) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ace03d71969cd4874ab255b33f94e176fb83452 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ace03d71969cd4874ab255b33f94e176fb83452 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits