Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6976868f by Moritz Muehlenhoff at 2021-06-09T10:53:21+02:00
NFUs
add apache2 to dsa-needed
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -50157,7 +50157,7 @@ CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF
injection if the attacker cont
NOTE:
https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b
(1.25.9)
NOTE: https://github.com/urllib3/urllib3/pull/1800
CVE-2020-26136 (In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA
(multi-f ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the
setsettinga ...)
NOT-FOR-US: Live Helper Chat
CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat
messages with ...)
@@ -50856,7 +50856,7 @@ CVE-2020-25819
CVE-2020-25818
RESERVED
CVE-2020-25817 (SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in
CSSContentP ...)
- TODO: check
+ NOT-FOR-US: Silverstripe CMS
CVE-2020-25816 (HashiCorp Vault and Vault Enterprise versions 1.0 and newer
allowed le ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x
before 1.34 ...)
@@ -85775,9 +85775,9 @@ CVE-2020-11268 (Potential UE reset while decoding a
crafted Sib1 or SIB1 that sc
CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher
device if t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11266 (Image address is dereferenced before validating its range
which can ca ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11265 (Information disclosure issue due to lack of validation of
pointer argu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11264
RESERVED
CVE-2020-11263
@@ -85789,13 +85789,13 @@ CVE-2020-11261 (Memory corruption due to improper
check to return error when use
CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG
services in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11259 (Memory corruption due to lack of validation of pointer
arguments passe ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11258 (Memory corruption due to lack of validation of pointer
arguments passe ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11257 (Memory corruption due to lack of validation of pointer
arguments passe ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11256 (Memory corruption due to lack of check of validation of
pointer to buf ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11255 (Denial of service while processing RTCP packets containing
multiple SD ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11254 (Memory corruption during buffer allocation due to
dereferencing sessio ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+apache2
--
condor
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6976868f16f7e4e9a269075a19678350a2513cc5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6976868f16f7e4e9a269075a19678350a2513cc5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
