[Git][security-tracker-team/security-tracker][master] Track CVE-2020-10188/inetutils as fixed via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 38872a14 by Salvatore Bonaccorso at 2020-04-14T05:31:47+02:00 Track CVE-2020-10188/inetutils as fixed via unstable Note though, that Guillem Jover is adding: * Add patch from Red Hat / Fedora: - Fix arbitrary remote code execution in telnetd via short writes or urgent data. Fixes CVE-2020-10188. Closes: #956084 Thanks to Michal Ruprich michalrupr...@gmail.com. Note: While the PoC exploit does not work on inetutils due to the different codebases, the adapted patch was close enough to apply almost directly, even though the information leak might appear to still remain. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3976,7 +3976,7 @@ CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenti CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) - - inetutils (bug #956084) + - inetutils 2:1.9.4-12 (bug #956084) - netkit-telnet 0.17-18woody2 (bug #953477) - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38872a147214d15583a37bfe5771e3910c14b40d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38872a147214d15583a37bfe5771e3910c14b40d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add and claim file-roller
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: a13511fb by Utkarsh Gupta at 2020-04-14T03:05:07+05:30 Add and claim file-roller (pinged Mike about it, frontdesk) - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -16,6 +16,8 @@ ansible bluez (Emilio) NOTE: 20200330: wip -- +file-roller (Utkarsh Gupta) +-- graphicsmagick (Roberto C. Sánchez) NOTE: 20200413: Pending feedback from security team. (roberto) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13511fb08750d26c8b7165f7e764c543e6ef331 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a13511fb08750d26c8b7165f7e764c543e6ef331 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5aeb501e by security tracker role at 2020-04-13T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,8 +1,12 @@ -CVE-2020-11736 [libarchive: do not follow external links when extracting files] +CVE-2020-11737 + RESERVED +CVE-2020-11735 + RESERVED +CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...) - file-roller (bug #956638) NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 -CVE-2020-11734 - RESERVED +CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) + TODO: check CVE-2020-11733 RESERVED CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) @@ -132,8 +136,8 @@ CVE-2020-11675 RESERVED CVE-2020-11674 RESERVED -CVE-2020-11673 - RESERVED +CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...) + TODO: check CVE-2020-11672 RESERVED CVE-2020-11671 @@ -2988,16 +2992,16 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ CVE-2020-10647 RESERVED -CVE-2020-10646 - RESERVED +CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) + TODO: check CVE-2020-10645 RESERVED CVE-2020-10644 RESERVED CVE-2020-10643 RESERVED -CVE-2020-10642 - RESERVED +CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...) + TODO: check CVE-2020-10641 RESERVED CVE-2020-10640 @@ -5537,8 +5541,8 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) NOT-FOR-US: Swann -CVE-2020-9478 - RESERVED +CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) + TODO: check CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) @@ -8045,8 +8049,8 @@ CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in th NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html CVE-2020-8431 RESERVED -CVE-2020-8430 - RESERVED +CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...) + TODO: check CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) NOT-FOR-US: Kinetica CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...) @@ -8613,8 +8617,8 @@ CVE-2020-8150 RESERVED CVE-2020-8149 RESERVED -CVE-2020-8148 - RESERVED +CVE-2020-8148 (UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enab ...) + TODO: check CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) NOT-FOR-US: Node utils-extend CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) @@ -11725,7 +11729,7 @@ CVE-2020-6826 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826 CVE-2020-6825 RESERVED - {DSA-4655-1 DLA-2170-1} + {DSA-4656-1 DSA-4655-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 @@ -11742,7 +11746,7 @@ CVE-2020-6823 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823 CVE-2020-6822 RESERVED - {DSA-4655-1 DLA-2170-1} + {DSA-4656-1 DSA-4655-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 @@ -11751,7 +11755,7 @@ CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822 CVE-2020-6821 RESERVED - {DSA-4655-1 DLA-2170-1} + {DSA-4656-1 DSA-4655-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 @@ -11760,7 +11764,7 @@ CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 CVE-2020-6820 RESERVED - {DSA-4653-1 DLA-2170-1} + {DSA-4656-1 DSA-4653-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1
[Git][security-tracker-team/security-tracker][master] Add Debian BTS reference for CVE-2020-11736/file-roller
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 62f58aea by Salvatore Bonaccorso at 2020-04-13T21:55:55+02:00 Add Debian BTS reference for CVE-2020-11736/file-roller - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2020-11736 [libarchive: do not follow external links when extracting files] - - file-roller + - file-roller (bug #956638) NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 CVE-2020-11734 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f58aeab440b4f70c151430ecaa804ca8cb8c91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f58aeab440b4f70c151430ecaa804ca8cb8c91 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-202-11736/file-roller
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8e896992 by Salvatore Bonaccorso at 2020-04-13T21:45:38+02:00 Add CVE-202-11736/file-roller - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2020-11736 [libarchive: do not follow external links when extracting files] + - file-roller + NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 CVE-2020-11734 RESERVED CVE-2020-11733 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e89699254c10eeae3217273c4e285a6440e1f7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e89699254c10eeae3217273c4e285a6440e1f7b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Drop libconvert-asn1-perl from dla-needed.txt
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 7004c8ab by Utkarsh Gupta at 2020-04-14T01:12:41+05:30 Drop libconvert-asn1-perl from dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -26,8 +26,6 @@ jackson-databind (Utkarsh Gupta) NOTE: 20200513: WIP; mutiple new CVEs came up. Fixing them all NOTE: 20200513: together at once. -- -libconvert-asn1-perl (Utkarsh Gupta) --- libmatio (Adrian Bunk) NOTE: fairly high number of open issues. Not sure why we never had a look at them. NOTE: triage work needed, help security team for fixes if needed. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7004c8abd5e07ed99d3d9a376fad257440f864aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7004c8abd5e07ed99d3d9a376fad257440f864aa You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 779a3ef1 by Moritz Muehlenhoff at 2020-04-13T21:39:00+02:00 thunderbird DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,7 @@ +[13 Apr 2020] DSA-4656-1 thunderbird - security update + {CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825} + [stretch] - thunderbird 1:68.7.0-1~deb9u1 + [buster] - thunderbird 1:68.7.0-1~deb10u1 [08 Apr 2020] DSA-4655-1 firefox-esr - security update {CVE-2020-6821 CVE-2020-6822 CVE-2020-6825} [stretch] - firefox-esr 68.7.0esr-1~deb9u1 = data/dsa-needed.txt = @@ -36,8 +36,6 @@ squid/stable -- squid3/oldstable -- -thunderbird (jmm) --- tiff/oldstable -- tomcat8/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/779a3ef1d61c3e7aed7d93645aed6cfd4c04d0da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/779a3ef1d61c3e7aed7d93645aed6cfd4c04d0da You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark libconvert-asn1-perl as no-dsa for jessie
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: ef90e6d0 by Utkarsh Gupta at 2020-04-14T01:07:14+05:30 Mark libconvert-asn1-perl as no-dsa for jessie - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -603,6 +603,7 @@ CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through - libconvert-asn1-perl (bug #956186) [buster] - libconvert-asn1-perl (Minor issue) [stretch] - libconvert-asn1-perl (Minor issue) + [jessie] - libconvert-asn1-perl (Minor issue) NOTE: https://github.com/gbarr/perl-Convert-ASN1/issues/14 CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef90e6d07fce0dfb86e5ce160bf6c77dd89f4402 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef90e6d07fce0dfb86e5ce160bf6c77dd89f4402 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track source-wise fix for CVE-2016-10243
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95d1b2c8 by Salvatore Bonaccorso at 2020-04-13T21:34:48+02:00 Track source-wise fix for CVE-2016-10243 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -172532,7 +172532,7 @@ CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 b NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7) CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by leve ...) {DSA-3803-1 DLA-847-1} - - texlive-bin (unimportant) + - texlive-bin 2019.20190605.51237-2 (unimportant) - texlive-base 2016.20161130-1 NOTE: https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/ NOTE: http://www.tug.org/svn/texlive?view=revision=42605 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95d1b2c8508d0981a06f6752a6c919615b9de476 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95d1b2c8508d0981a06f6752a6c919615b9de476 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update status of tomcat8 in dla-needed.txt
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 7880d6a5 by Markus Koschany at 2020-04-13T21:23:34+02:00 Update status of tomcat8 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -88,7 +88,7 @@ squid3 (Markus Koschany) thunderbird (Emilio) -- tomcat8 (Markus Koschany) - NOTE: 20200330: I am reviewing a patch for Abhijith currently. + NOTE: 20200413: Forwarded patches for review to Abhijith -- varnish NOTE: 20200410: There was a reworking of the functions in cache_req_fsm.c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7880d6a5931ffb244dbdc9aea16ee7ceafb6de61 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7880d6a5931ffb244dbdc9aea16ee7ceafb6de61 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update item for CVE-2020-10707/netty (confirmed potential duplicate)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14ae6c90 by Salvatore Bonaccorso at 2020-04-13T18:53:07+02:00 Update item for CVE-2020-10707/netty (confirmed potential duplicate) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2765,7 +2765,7 @@ CVE-2020-10707 [compression/decompression codecs don't enforce limits on buffer - netty 1:4.1.48-1 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1816216 - TODO: This seem to be a duplicate of CVE-2020-11612, pending request with Red Hat secalert + TODO: This is a duplicate of CVE-2020-11612, pending update with Red Hat secalert CVE-2020-10706 RESERVED CVE-2020-10705 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ae6c9061c36f388bb5cd9e0af7bccab89aab32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14ae6c9061c36f388bb5cd9e0af7bccab89aab32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: claim netty
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker Commits: d89d5a14 by Sylvain Beucler at 2020-04-13T17:35:19+02:00 dla: claim netty - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -52,7 +52,7 @@ mumble (Abhijith PA) NOTE: 20200325: Regression in last upload, forgot to follow up. NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith) -- -netty +netty (Sylvain Beucler) NOTE: 20200408: Upstream patch looks fairly invasive and maybe incomplete NOTE: 20200408: ("This should probably be reopened.") (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d89d5a1442c27e6b947269346863d22715739641 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d89d5a1442c27e6b947269346863d22715739641 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2019-18604/texlive-bin via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9b883d9f by Salvatore Bonaccorso at 2020-04-13T16:46:18+02:00 Add fixed version for CVE-2019-18604/texlive-bin via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29774,7 +29774,7 @@ CVE-2019-18606 CVE-2019-18605 RESERVED CVE-2019-18604 (In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distr ...) - - texlive-bin + - texlive-bin 2020.20200327.54578-2 [buster] - texlive-bin (Minor issue) [stretch] - texlive-bin (Vulnerable code not present) [jessie] - texlive-bin (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b883d9f70c41aba986085ff5feca4748cabe9ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b883d9f70c41aba986085ff5feca4748cabe9ca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update references for CVE-2020-1739/ansible
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 172af4af by Salvatore Bonaccorso at 2020-04-13T16:28:04+02:00 Update references for CVE-2020-1739/ansible - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25366,6 +25366,8 @@ CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, an - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178 NOTE: https://github.com/ansible/ansible/issues/67797 + NOTE: https://github.com/ansible/ansible/pull/67829 + NOTE: https://github.com/ansible/ansible/commit/d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3 CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/172af4afc29f7febbb8fd42a983d86d9b9c14d0f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/172af4afc29f7febbb8fd42a983d86d9b9c14d0f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] libsixel no-dsa
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d351f727 by Moritz Muehlenhoff at 2020-04-13T15:40:35+02:00 libsixel no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26,7 +26,9 @@ CVE-2020-11723 CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) TODO: check CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) - - libsixel + - libsixel (low) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/134 CVE-2020-11720 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d351f7275309a73908a1297e624d8b0d4897de64 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d351f7275309a73908a1297e624d8b0d4897de64 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-10188: Reference patch as applied in Fedora
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 22b722ac by Salvatore Bonaccorso at 2020-04-13T14:47:46+02:00 CVE-2020-10188: Reference patch as applied in Fedora - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3964,6 +3964,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html + NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - libusrsctp 0.9.3.0+20200312-1 (bug #953270) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b722ac229db0e4a89dbbdd5952c29972e4c72e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b722ac229db0e4a89dbbdd5952c29972e4c72e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: reclaim graphicsmagick, update note
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: e7aff8df by Roberto C. Sánchez at 2020-04-13T08:15:20-04:00 LTS: reclaim graphicsmagick, update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -16,7 +16,8 @@ ansible bluez (Emilio) NOTE: 20200330: wip -- -graphicsmagick +graphicsmagick (Roberto C. Sánchez) + NOTE: 20200413: Pending feedback from security team. (roberto) -- inetutils (Roberto C. Sánchez) NOTE: 20200408: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7aff8df05fa9e186c7c7a8d3d1716c51c260630 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7aff8df05fa9e186c7c7a8d3d1716c51c260630 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Re-claim jackson-databind
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: b7ca5a71 by Utkarsh Gupta at 2020-04-13T17:43:41+05:30 Re-claim jackson-databind - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,7 +21,9 @@ graphicsmagick inetutils (Roberto C. Sánchez) NOTE: 20200408: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) -- -jackson-databind +jackson-databind (Utkarsh Gupta) + NOTE: 20200513: WIP; mutiple new CVEs came up. Fixing them all + NOTE: 20200513: together at once. -- libconvert-asn1-perl (Utkarsh Gupta) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7ca5a71cef581c11ea4c2dcc21ab1376a26777b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7ca5a71cef581c11ea4c2dcc21ab1376a26777b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11656/sqlite3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 450bdc33 by Salvatore Bonaccorso at 2020-04-13T14:10:17+02:00 Add CVE-2020-11656/sqlite3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -164,7 +164,11 @@ CVE-2020-11658 CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) - TODO: check + - sqlite3 (unimportant) + NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14 + NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8 + NOTE: https://www.sqlite.org/src/info/b64674919f673602 + NOTE: Negliglible security impact (and uncovered in DEBUG build) CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) - sqlite3 3.31.1-5 [buster] - sqlite3 (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450bdc339edeb7c38add2fbcdfdb3471d14eec44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/450bdc339edeb7c38add2fbcdfdb3471d14eec44 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Canonicalize URLs to upstream commits and ticket for CVE-2020-11655/sqlite3
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 77b52b7a by Salvatore Bonaccorso at 2020-04-13T13:23:51+02:00 Canonicalize URLs to upstream commits and ticket for CVE-2020-11655/sqlite3 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -169,9 +169,9 @@ CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of serv - sqlite3 3.31.1-5 [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Minor issue) - NOTE: https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c - NOTE: Issue covered before: https://www3.sqlite.org/cgi/src/info/712e47714863a8ed - NOTE: Fixed by: https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 + NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c + NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed + NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77b52b7a2cee021c133e894d19bad4f1cdfbdd31 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77b52b7a2cee021c133e894d19bad4f1cdfbdd31 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11655/sqlite3 fixed version in unstable
László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker Commits: 5e2c3a33 by Laszlo Boszormenyi (GCS) at 2020-04-13T11:10:10+00:00 Add CVE-2020-11655/sqlite3 fixed version in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -166,7 +166,7 @@ CVE-2020-11657 CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) TODO: check CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) - - sqlite3 + - sqlite3 3.31.1-5 [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Minor issue) NOTE: https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2c3a33543620bbb1ddccd07da175914b4854d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2c3a33543620bbb1ddccd07da175914b4854d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11655/sqlite
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2de2ae71 by Salvatore Bonaccorso at 2020-04-13T11:37:13+02:00 Add CVE-2020-11655/sqlite For stretch I have opted to be on safe side and marked it as no-dsa. The issue might have only been introduced when introducing the window function, but this is not completely clear if it is just uncovered since then. The affected and patched funkctions are presenet before but the issue might have been introduced after that. Still do not want to mark something as not-affected wrongly and play safe here. Before upsteam https://www3.sqlite.org/cgi/src/info/712e47714863a8ed the issue triggers an assert instead of a segfault but it is just covered by the first reached assert. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -166,7 +166,12 @@ CVE-2020-11657 CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) TODO: check CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) - TODO: check + - sqlite3 + [buster] - sqlite3 (Minor issue) + [stretch] - sqlite3 (Minor issue) + NOTE: https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c + NOTE: Issue covered before: https://www3.sqlite.org/cgi/src/info/712e47714863a8ed + NOTE: Fixed by: https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11 CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2de2ae719afd69f568ba6be9b792fe5eba08a9f3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 246558fd by Salvatore Bonaccorso at 2020-04-13T11:11:14+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,9 +3,9 @@ CVE-2020-11734 CVE-2020-11733 RESERVED CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) - TODO: check + NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) - TODO: check + NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11730 RESERVED CVE-2020-11729 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/246558fd574c8195fb55514b63ff3fde116f45ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/246558fd574c8195fb55514b63ff3fde116f45ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f792cf8 by Thorsten Alteholz at 2020-04-13T11:05:55+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -93,7 +93,8 @@ varnish NOTE: 20200410: reset of err_code and err_reason still might need doing, but NOTE: 20200410: I don't quite understand the restart/synthentic requests. (lamby) -- -wireshark +wireshark (Thorsten Alteholz) + NOTE: 20200413: work in progress -- xcftools NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f792cf8f027d9b7c19ddf65632568b06899a8ef -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f792cf8f027d9b7c19ddf65632568b06899a8ef You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: fe02ef70 by Thorsten Alteholz at 2020-04-13T10:57:01+02:00 update note - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -60,6 +60,7 @@ otrs2 (Abhijith PA) NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith) -- php5 (Thorsten Alteholz) + NOTE: 20200413: work in progress -- php-horde-data (Roberto C. Sánchez) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe02ef70ca2faf9055e09bcec71e8cf0c1e50366 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe02ef70ca2faf9055e09bcec71e8cf0c1e50366 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Holger Levsen pushed to branch master at Debian Security Tracker / security-tracker Commits: e8635b97 by Holger Levsen at 2020-04-13T10:44:54+02:00 semi-automatic unclaim after 2 weeks of inactivity Signed-off-by: Holger Levsen hol...@layer-acht.org - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -16,12 +16,12 @@ ansible bluez (Emilio) NOTE: 20200330: wip -- -graphicsmagick (Roberto C. Sánchez) +graphicsmagick -- inetutils (Roberto C. Sánchez) NOTE: 20200408: Check cfe888f14 in this repo, as well as #953477 and 9d28e4c3. (lamby) -- -jackson-databind (Utkarsh Gupta) +jackson-databind -- libconvert-asn1-perl (Utkarsh Gupta) -- @@ -92,7 +92,7 @@ varnish NOTE: 20200410: reset of err_code and err_reason still might need doing, but NOTE: 20200410: I don't quite understand the restart/synthentic requests. (lamby) -- -wireshark (Thorsten Alteholz) +wireshark -- xcftools NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8635b97a0a58dc806978b4ed622a4f4a34793c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8635b97a0a58dc806978b4ed622a4f4a34793c4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 47527211 by security tracker role at 2020-04-13T08:10:19+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,24 @@ -CVE-2020-11725 +CVE-2020-11734 + RESERVED +CVE-2020-11733 + RESERVED +CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) + TODO: check +CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) + TODO: check +CVE-2020-11730 + RESERVED +CVE-2020-11729 + RESERVED +CVE-2020-11728 + RESERVED +CVE-2020-11727 + RESERVED +CVE-2020-11726 + RESERVED +CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...) + TODO: check +CVE-2020-11725 (snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5 ...) - linux NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 CVE-2020-11723 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47527211cb9ea1af4908c12e1c035488478747a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47527211cb9ea1af4908c12e1c035488478747a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Shift frontdesk duty due to university exams
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 900ae352 by Utkarsh Gupta at 2020-04-13T13:22:56+05:30 Shift frontdesk duty due to university exams (because of the COVID-19 fiasco) - - - - - 1 changed file: - org/lts-frontdesk.2020.txt Changes: = org/lts-frontdesk.2020.txt = @@ -31,7 +31,7 @@ From 27-04 to 03-05:Ola Lundqvist From 04-05 to 10-05:Chris Lamb From 11-05 to 17-05:Mike Gabriel From 18-05 to 24-05:Thorsten Alteholz -From 25-05 to 31-05:Utkarsh Gupta +From 25-05 to 31-05: From 01-06 to 07-06:Abhijith PA From 08-06 to 14-06:Chris Lamb From 15-06 to 21-06:Mike Gabriel @@ -53,7 +53,7 @@ From 28-09 to 04-10:Abhijith PA From 05-10 to 11-10:Chris Lamb From 12-10 to 18-10:Abhijith PA From 19-10 to 25-10:Thorsten Alteholz -From 26-10 to 01-11: +From 26-10 to 01-11:Utkarsh Gupta From 02-11 to 08-11:Chris Lamb From 09-11 to 15-11:Thorsten Alteholz From 16-11 to 22-11:Mike Gabriel View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/900ae352240599f80bd104e4a7a34cc5c474132f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/900ae352240599f80bd104e4a7a34cc5c474132f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11725/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 994f516c by Salvatore Bonaccorso at 2020-04-13T09:19:12+02:00 Add CVE-2020-11725/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2020-11725 + - linux + NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 CVE-2020-11723 RESERVED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994f516c894e8da192db26d074d7d3c5a1fc3d7c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/994f516c894e8da192db26d074d7d3c5a1fc3d7c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11713/wolfssl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 29ed4710 by Salvatore Bonaccorso at 2020-04-13T08:51:34+02:00 Add CVE-2020-11713/wolfssl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20,7 +20,8 @@ CVE-2020-11715 CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) - TODO: check + - wolfssl + NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) TODO: check CVE-2020-11711 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ed471094b2a0685aafe312b41e706f35886036 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ed471094b2a0685aafe312b41e706f35886036 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track one NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a7ed4c9d by Salvatore Bonaccorso at 2020-04-13T08:50:31+02:00 Track one NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18,7 +18,7 @@ CVE-2020-11716 CVE-2020-11715 RESERVED CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) - TODO: check + NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) TODO: check CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7ed4c9deea72fe11ae4adbcd26a8e45c738db6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7ed4c9deea72fe11ae4adbcd26a8e45c738db6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-11721/libsixel
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f6372f21 by Salvatore Bonaccorso at 2020-04-13T08:46:28+02:00 Add CVE-2020-11721/libsixel - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,8 @@ CVE-2020-11723 CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) TODO: check CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) - TODO: check + - libsixel + NOTE: https://github.com/saitoha/libsixel/issues/134 CVE-2020-11720 RESERVED CVE-2020-11719 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6372f211be25ec45ad237db2ca8cc13b4bfb14e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6372f211be25ec45ad237db2ca8cc13b4bfb14e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits