[Git][security-tracker-team/security-tracker][master] openjdk-8 fixed in sid
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d498a573 by Moritz Muehlenhoff at 2020-04-16T07:54:56+02:00 openjdk-8 fixed in sid new chromium issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13068,6 +13068,8 @@ CVE-2020-6458 RESERVED CVE-2020-6457 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) @@ -22451,7 +22453,7 @@ CVE-2020-2831 (Vulnerability in the Oracle Marketing product of Oracle E-Busines CVE-2020-2830 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2829 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) TODO: check @@ -22508,7 +22510,7 @@ CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (compon CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) @@ -22516,7 +22518,7 @@ CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (compon CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2802 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) TODO: check @@ -22525,7 +22527,7 @@ CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle Fus CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2799 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) TODO: check @@ -22567,7 +22569,7 @@ CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2780 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) @@ -22590,7 +22592,7 @@ CVE-2020-2774 (Vulnerability in the MySQL Server product of Oracle MySQL (compon CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2772 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) TODO: check @@ -22635,21 +22637,21 @@ CVE-2020-2758 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2755 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - - openjdk-8 + - openjdk-8 8u252-b09-1 CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) TODO: check CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d498a573a5e9e79ac3c87de1322123d950e5426b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d498a573a5e9e79ac3c87de1322123d950e5426b You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 98af0157 by Salvatore Bonaccorso at 2020-04-15T23:14:52+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -431,7 +431,7 @@ CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the L - linux NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) - TODO: check + NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - crawl NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html @@ -561,11 +561,11 @@ CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlin CVE-2020-11667 RESERVED CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) - TODO: check + NOT-FOR-US: CA API Developer Portal CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...) - TODO: check + NOT-FOR-US: CA API Developer Portal CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...) - TODO: check + NOT-FOR-US: CA API Developer Portal CVE-2020-11663 RESERVED CVE-2020-11662 @@ -1151,13 +1151,13 @@ CVE-2020-11539 CVE-2020-11538 RESERVED CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...) - TODO: check + NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) - TODO: check + NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) - TODO: check + NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) - TODO: check + NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 @@ -3406,7 +3406,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b CVE-2020-10647 RESERVED CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) - TODO: check + NOT-FOR-US: Fuji Electric V-Server Lite CVE-2020-10645 RESERVED CVE-2020-10644 @@ -3414,17 +3414,17 @@ CVE-2020-10644 CVE-2020-10643 RESERVED CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...) - TODO: check + NOT-FOR-US: Rockwell CVE-2020-10641 RESERVED CVE-2020-10640 RESERVED CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) - TODO: check + NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10638 RESERVED CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) - TODO: check + NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10636 RESERVED CVE-2020-10635 @@ -3468,15 +3468,15 @@ CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perfor CVE-2020-10616 RESERVED CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) - TODO: check + NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10614 RESERVED CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) - TODO: check + NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10612 RESERVED CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) - TODO: check + NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10610 RESERVED CVE-2020-10609 @@ -3700,9 +3700,9 @@ CVE-2020-10516 CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client CVE-2020-10514 (iCatch DVR do not validate function parameter properly, resulting atta ...) - TODO: check + NOT-FOR-US: iCatch DVR CVE-2020-10513 (The file management interface of iCatch DVR contains broken access con ...) - TODO: check + NOT-FOR-US: iCatch DVR CVE-2020-10512 (HGiga CCmail contains a SQL Injection vulnerability which allows ...) TODO: check CVE-2020-10511 (HGiga CCmail contains insecure configurations. Attackers can expl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98af01570d0901da2dfc3c503219b8e99cf7f8b2 --
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-10932/mbedtls
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4aefbaf6 by Salvatore Bonaccorso at 2020-04-15T23:13:59+02:00 Add CVE-2020-10932/mbedtls - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2465,7 +2465,9 @@ CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. CVE-2020-10933 RESERVED CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...) - TODO: check + - mbedtls + NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 CVE-2020-10930 RESERVED CVE-2020-10929 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aefbaf6ed1ca2fcdbe98285db65379994a349c9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aefbaf6ed1ca2fcdbe98285db65379994a349c9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac03566b by Salvatore Bonaccorso at 2020-04-15T22:59:22+02:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2020-11800 RESERVED CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) - TODO: check + NOT-FOR-US: Z-Cron CVE-2020-11798 RESERVED CVE-2020-11797 @@ -15,57 +15,57 @@ CVE-2020-11794 CVE-2020-11793 RESERVED CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-20766 RESERVED CVE-2019-20765 @@ -259,73 +259,73 @@ CVE-2019-20672 CVE-2019-20671 RESERVED CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-20668 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-20667 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Sync status for CVE-2020-11669 with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 03c45f07 by Salvatore Bonaccorso at 2020-04-15T22:52:01+02:00 Sync status for CVE-2020-11669 with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -551,6 +551,8 @@ CVE-2020-11670 RESERVED CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 + [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) + [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03c45f078f7a7fe175f307ccd3c508df2d576cb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03c45f078f7a7fe175f307ccd3c508df2d576cb5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fc068a7c by Salvatore Bonaccorso at 2020-04-15T22:50:34+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15540,7 +15540,7 @@ CVE-2020-5352 CVE-2020-5351 RESERVED CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, ...) - TODO: check + NOT-FOR-US: EMC CVE-2020-5349 RESERVED CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a ...) @@ -18233,7 +18233,7 @@ CVE-2020-4296 CVE-2020-4295 RESERVED CVE-2020-4294 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4293 RESERVED CVE-2020-4292 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) @@ -18273,19 +18273,19 @@ CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 tradition CVE-2020-4275 RESERVED CVE-2020-4274 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...) NOT-FOR-US: IBM CVE-2020-4272 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to inc ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4271 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4270 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain esc ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4269 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, suc ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scriptin ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4267 RESERVED CVE-2020-4266 @@ -72271,7 +72271,7 @@ CVE-2019-4656 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is ...) NOT-FOR-US: IBM CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly va ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4653 RESERVED CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...) @@ -72391,9 +72391,9 @@ CVE-2019-4596 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2. CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...) NOT-FOR-US: IBM CVE-2019-4594 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obt ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that incl ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...) NOT-FOR-US: IBM CVE-2019-4591 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc068a7c99c39ad40eb5bf4ef251f1daed3c356c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc068a7c99c39ad40eb5bf4ef251f1daed3c356c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add oss-security reference for CVE-2020-11669/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90be8225 by Salvatore Bonaccorso at 2020-04-15T22:49:13+02:00 Add oss-security reference for CVE-2020-11669/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -552,6 +552,7 @@ CVE-2020-11670 CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 + NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90be822528f7fd58acfd4045b083e74f17870020 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90be822528f7fd58acfd4045b083e74f17870020 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track three CVEs for Oracle Solaris
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1fa76067 by Salvatore Bonaccorso at 2020-04-15T22:27:11+02:00 Track three CVEs for Oracle Solaris - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22183,7 +22183,7 @@ CVE-2020-2946 (Vulnerability in the Application Performance Management product o CVE-2020-2945 (Vulnerability in the Oracle Financial Services Deposit Insurance Calcu ...) TODO: check CVE-2020-2944 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle Solaris CVE-2020-2943 (Vulnerability in the Oracle Financial Services Liquidity Risk Measurem ...) TODO: check CVE-2020-2942 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...) @@ -22402,7 +22402,7 @@ CVE-2020-2853 (Vulnerability in the MySQL Server product of Oracle MySQL (compon CVE-2020-2852 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) TODO: check CVE-2020-2851 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle Solaris CVE-2020-2850 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) TODO: check CVE-2020-2849 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) @@ -22590,7 +22590,7 @@ CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle CVE-2020-2772 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) TODO: check CVE-2020-2771 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle Solaris CVE-2020-2770 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa76067d417117a483221514707ac0ef432593b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa76067d417117a483221514707ac0ef432593b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new gitlab issues from 12.9.3, 12.8.9, and 12.7.9 releases
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e87fd1ef by Salvatore Bonaccorso at 2020-04-15T22:17:40+02:00 Add new gitlab issues from 12.9.3, 12.8.9, and 12.7.9 releases - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -606,6 +606,8 @@ CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 NOT-FOR-US: FreeNAS CVE-2020-11649 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) @@ -1209,8 +1211,12 @@ CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleane NOT-FOR-US: Malwarebytes AdwCleaner CVE-2020-11506 RESERVED + - gitlab + NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11505 RESERVED + - gitlab (Only affects GitLab EE 12.8.0 and later) + NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11504 RESERVED CVE-2020-11503 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e87fd1efa88d1ec46bc55d7f2d8f9d60bb95c55f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e87fd1efa88d1ec46bc55d7f2d8f9d60bb95c55f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fa859f34 by security tracker role at 2020-04-15T20:10:35+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,329 @@ +CVE-2020-11800 + RESERVED +CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) + TODO: check +CVE-2020-11798 + RESERVED +CVE-2020-11797 + RESERVED +CVE-2020-11796 + RESERVED +CVE-2020-11795 + RESERVED +CVE-2020-11794 + RESERVED +CVE-2020-11793 + RESERVED +CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) + TODO: check +CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) + TODO: check +CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) + TODO: check +CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + TODO: check +CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) + TODO: check +CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + TODO: check +CVE-2019-20766 + RESERVED +CVE-2019-20765 + RESERVED +CVE-2019-20764 + RESERVED +CVE-2019-20763 + RESERVED +CVE-2019-20762 + RESERVED +CVE-2019-20761 + RESERVED +CVE-2019-20760 + RESERVED +CVE-2019-20759 + RESERVED +CVE-2019-20758 + RESERVED +CVE-2019-20757 + RESERVED +CVE-2019-20756 + RESERVED +CVE-2019-20755 + RESERVED +CVE-2019-20754 + RESERVED +CVE-2019-20753 + RESERVED +CVE-2019-20752 + RESERVED +CVE-2019-20751 + RESERVED +CVE-2019-20750 + RESERVED +CVE-2019-20749 + RESERVED +CVE-2019-20748 + RESERVED +CVE-2019-20747 + RESERVED +CVE-2019-20746 + RESERVED +CVE-2019-20745 + RESERVED +CVE-2019-20744 + RESERVED +CVE-2019-20743 + RESERVED +CVE-2019-20742 + RESERVED +CVE-2019-20741 + RESERVED +CVE-2019-20740 + RESERVED +CVE-2019-20739 + RESERVED +CVE-2019-20738 + RESERVED +CVE-2019-20737 + RESERVED +CVE-2019-20736 + RESERVED +CVE-2019-20735 + RESERVED +CVE-2019-20734 + RESERVED +CVE-2019-20733 + RESERVED +CVE-2019-20732 + RESERVED +CVE-2019-20731 + RESERVED +CVE-2019-20730 + RESERVED +CVE-2019-20729 + RESERVED +CVE-2019-20728 + RESERVED +CVE-2019-20727 + RESERVED +CVE-2019-20726 +
[Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2020-5260/git
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81d0e2d3 by Salvatore Bonaccorso at 2020-04-15T22:07:56+02:00 Add additional reference for CVE-2020-5260/git - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15438,6 +15438,7 @@ CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c716fe4bd917e013bf376a678b3a92444b2d NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=07259e74ec1237c836874342c65650bdee8a3993 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 + NOTE: https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d0e2d362d973198e7549847659d7c26227f5dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81d0e2d362d973198e7549847659d7c26227f5dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Track patchset for CVE-2020-10648/u-boot
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0d3b4836 by Salvatore Bonaccorso at 2020-04-15T21:55:04+02:00 Track patchset for CVE-2020-10648/u-boot - - - - - 20e670b6 by Salvatore Bonaccorso at 2020-04-15T21:55:34+02:00 Track fixed version for CVE-2020-10648/u-boot via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3062,12 +3062,13 @@ CVE-2019-20510 CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) NOT-FOR-US: ASUS Device Activation CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) - - u-boot + - u-boot 2020.04+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5 NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ + NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html CVE-2020-10647 RESERVED CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64c67aae35c5cf459428003620ac8c84d8a59f97...20e670b61e8f80ba4c00f14766413b75fd2e790d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/64c67aae35c5cf459428003620ac8c84d8a59f97...20e670b61e8f80ba4c00f14766413b75fd2e790d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for mysql-5.7 issues from Oracle CPU from April 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64c67aae by Salvatore Bonaccorso at 2020-04-15T21:19:22+02:00 Add Debian bug reference for mysql-5.7 issues from Oracle CPU from April 2020 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21919,7 +21919,7 @@ CVE-2020-2923 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2922 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2921 RESERVED @@ -22187,13 +22187,13 @@ CVE-2020-2815 RESERVED CVE-2020-2814 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2813 RESERVED CVE-2020-2812 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2811 RESERVED @@ -22207,7 +22207,7 @@ CVE-2020-2807 RESERVED CVE-2020-2806 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2805 RESERVED @@ -22217,7 +22217,7 @@ CVE-2020-2805 - openjdk-7 CVE-2020-2804 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2803 RESERVED @@ -22255,7 +22255,7 @@ CVE-2020-2791 RESERVED CVE-2020-2790 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2789 RESERVED @@ -22281,7 +22281,7 @@ CVE-2020-2781 - openjdk-7 CVE-2020-2780 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2779 RESERVED @@ -22329,14 +22329,14 @@ CVE-2020-2766 RESERVED CVE-2020-2765 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2764 RESERVED NOT-FOR-US: Java Advanced Management Console CVE-2020-2763 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2762 RESERVED @@ -22348,7 +22348,7 @@ CVE-2020-2761 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2760 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2759 RESERVED @@ -22384,7 +22384,7 @@ CVE-2020-2753 RESERVED CVE-2020-2752 RESERVED - - mysql-5.7 + - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2751 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c67aae35c5cf459428003620ac8c84d8a59f97 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c67aae35c5cf459428003620ac8c84d8a59f97 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed versions for src:linux upload via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c7fb5032 by Salvatore Bonaccorso at 2020-04-15T20:57:51+02:00 Track fixed versions for src:linux upload via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -229,7 +229,7 @@ CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the po - linux 5.2.6-1 NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) - - linux + - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED @@ -386,10 +386,10 @@ CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The bui CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) - - linux + - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) - - linux + - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices @@ -762,7 +762,7 @@ CVE-2020-11567 CVE-2020-11566 RESERVED CVE-2020-11565 (An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_ ...) - - linux + - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7fb50329d0bed6790b8c6c7994706106b6a82e8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7fb50329d0bed6790b8c6c7994706106b6a82e8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] openjdk-14 fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 34cf99aa by Moritz Muehlenhoff at 2020-04-15T19:56:42+02:00 openjdk-14 fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22149,7 +22149,7 @@ CVE-2020-2831 RESERVED CVE-2020-2830 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 @@ -22181,7 +22181,7 @@ CVE-2020-2817 RESERVED CVE-2020-2816 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2815 RESERVED @@ -22211,7 +22211,7 @@ CVE-2020-2806 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2805 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 @@ -1,7 +1,7 @@ CVE-2020-2804 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2803 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 @@ -22231,7 +22231,7 @@ CVE-2020-2801 RESERVED CVE-2020-2800 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 @@ -22275,7 +22275,7 @@ CVE-2020-2782 RESERVED CVE-2020-2781 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 @@ -22289,7 +22289,7 @@ CVE-2020-2779 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2778 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2777 RESERVED @@ -22303,7 +22303,7 @@ CVE-2020-2774 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2773 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 @@ -22323,7 +22323,7 @@ CVE-2020-2768 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2767 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2766 RESERVED @@ -22360,24 +22360,24 @@ CVE-2020-2758 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2757 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2756 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2755 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 CVE-2020-2754 RESERVED - - openjdk-14 + - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 CVE-2020-2753 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34cf99aacd8f60f45c1c2f82ef4f8138cdf34367 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34cf99aacd8f60f45c1c2f82ef4f8138cdf34367 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] virtualbox fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 52606530 by Moritz Muehlenhoff at 2020-04-15T19:57:38+02:00 virtualbox fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21820,11 +21820,11 @@ CVE-2020-2960 RESERVED CVE-2020-2959 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2958 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2957 RESERVED @@ -21840,7 +21840,7 @@ CVE-2020-2952 RESERVED CVE-2020-2951 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2950 RESERVED @@ -21893,7 +21893,7 @@ CVE-2020-2930 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2929 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2928 RESERVED @@ -21939,39 +21939,39 @@ CVE-2020-2915 RESERVED CVE-2020-2914 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2913 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2912 RESERVED CVE-2020-2911 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2910 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2909 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2908 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2907 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2906 RESERVED CVE-2020-2905 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2904 RESERVED @@ -21983,7 +21983,7 @@ CVE-2020-2903 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2902 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2901 RESERVED @@ -22011,7 +22011,7 @@ CVE-2020-2895 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2894 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2893 RESERVED @@ -22356,7 +22356,7 @@ CVE-2020-2759 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2758 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2757 RESERVED @@ -22394,7 +22394,7 @@ CVE-2020-2749 RESERVED CVE-2020-2748 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2747 RESERVED @@ -22414,7 +22414,7 @@ CVE-2020-2742 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2741 RESERVED - - virtualbox + - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2740 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5260653074ccbadebd6a4006cfeeea7e9b52cdb5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5260653074ccbadebd6a4006cfeeea7e9b52cdb5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] openjdk-11 fixed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 7a63d33f by Moritz Muehlenhoff at 2020-04-15T18:41:39+02:00 openjdk-11 fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22150,7 +22150,7 @@ CVE-2020-2831 CVE-2020-2830 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2829 @@ -22182,7 +22182,7 @@ CVE-2020-2817 CVE-2020-2816 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 CVE-2020-2815 RESERVED CVE-2020-2814 @@ -22212,7 +22212,7 @@ CVE-2020-2806 CVE-2020-2805 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2804 @@ -2,7 +2,7 @@ CVE-2020-2804 CVE-2020-2803 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2802 @@ -22232,7 +22232,7 @@ CVE-2020-2801 CVE-2020-2800 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2799 @@ -22276,7 +22276,7 @@ CVE-2020-2782 CVE-2020-2781 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2780 @@ -22290,7 +22290,7 @@ CVE-2020-2779 CVE-2020-2778 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 CVE-2020-2777 RESERVED CVE-2020-2776 @@ -22304,7 +22304,7 @@ CVE-2020-2774 CVE-2020-2773 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2772 @@ -22324,7 +22324,7 @@ CVE-2020-2768 CVE-2020-2767 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 CVE-2020-2766 RESERVED CVE-2020-2765 @@ -22361,24 +22361,24 @@ CVE-2020-2758 CVE-2020-2757 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2756 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 - openjdk-7 CVE-2020-2755 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 CVE-2020-2754 RESERVED - openjdk-14 - - openjdk-11 + - openjdk-11 11.0.7+10-1 - openjdk-8 CVE-2020-2753 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a63d33f83f1c96e36257f156a9128645b900294 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a63d33f83f1c96e36257f156a9128645b900294 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove doubled notes
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 18ed653b by Salvatore Bonaccorso at 2020-04-15T17:15:12+02:00 Remove doubled notes - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22188,7 +22188,7 @@ CVE-2020-2815 CVE-2020-2814 RESERVED - mysql-5.7 - NOTE: NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2813 RESERVED CVE-2020-2812 @@ -85972,7 +85972,7 @@ CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. {DSA-4422-1} - apache2 2.4.38-3 [jessie] - apache2 (Vulnerable code introduced later) - NOTE: NOTE: HTTP/2 support introduced in 2.4.17 + NOTE: HTTP/2 support introduced in 2.4.17 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0196 NOTE: https://svn.apache.org/r1852989 CVE-2019-0195 (Manipulating classpath asset file URLs, an attacker could guess the pa ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ed653b592cdfe15dd77744c87ffa404788fc04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ed653b592cdfe15dd77744c87ffa404788fc04 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Process second batch of MySQL related CVEs from Oracle CPU from april
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 58709417 by Salvatore Bonaccorso at 2020-04-15T17:12:56+02:00 Process second batch of MySQL related CVEs from Oracle CPU from april - - - - - de1e5126 by Salvatore Bonaccorso at 2020-04-15T17:13:47+02:00 Merge remote-tracking branch origin/master - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21876,6 +21876,8 @@ CVE-2020-2935 RESERVED CVE-2020-2934 RESERVED + - mysql-connector-java + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2933 RESERVED - mysql-connector-java @@ -21977,6 +21979,8 @@ CVE-2020-2904 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2903 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2902 RESERVED - virtualbox @@ -21991,22 +21995,32 @@ CVE-2020-2899 RESERVED CVE-2020-2898 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2897 RESERVED - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2896 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2895 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2894 RESERVED - virtualbox [jessie] - virtualbox (DSA-3699-1) CVE-2020-2893 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2892 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2891 RESERVED CVE-2020-2890 @@ -22173,6 +22187,8 @@ CVE-2020-2815 RESERVED CVE-2020-2814 RESERVED + - mysql-5.7 + NOTE: NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2813 RESERVED CVE-2020-2812 @@ -22191,6 +22207,8 @@ CVE-2020-2807 RESERVED CVE-2020-2806 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2805 RESERVED - openjdk-14 @@ -22199,6 +22217,8 @@ CVE-2020-2805 - openjdk-7 CVE-2020-2804 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2803 RESERVED - openjdk-14 @@ -22235,6 +22255,8 @@ CVE-2020-2791 RESERVED CVE-2020-2790 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2789 RESERVED CVE-2020-2788 @@ -22259,6 +22281,8 @@ CVE-2020-2781 - openjdk-7 CVE-2020-2780 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2779 RESERVED - mysql-5.7 (MySQL 8 only) @@ -22289,10 +22313,14 @@ CVE-2020-2771 RESERVED CVE-2020-2770 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2769 RESERVED CVE-2020-2768 RESERVED + - mysql-cluster (bug #833356) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2767 RESERVED - openjdk-14 @@ -22301,6 +22329,8 @@ CVE-2020-2766 RESERVED CVE-2020-2765 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2764 RESERVED NOT-FOR-US: Java Advanced Management Console @@ -22310,12 +22340,16 @@ CVE-2020-2763 NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2762 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2761 RESERVED - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2760 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2759 RESERVED - mysql-5.7 (Only affects MySQL 8) @@ -22350,6 +22384,8 @@ CVE-2020-2753 RESERVED CVE-2020-2752 RESERVED + - mysql-5.7 +
[Git][security-tracker-team/security-tracker][master] LTS: add and claim openjdk-7 in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: eeb08259 by Roberto C. Sánchez at 2020-04-15T10:20:46-04:00 LTS: add and claim openjdk-7 in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -55,6 +55,8 @@ netty (Sylvain Beucler) opendmarc (Thorsten Alteholz) NOTE: 20200406: still testing package, original patch does not seem to be enough, still ongoing -- +openjdk-7 (Roberto C. Sánchez) +-- otrs2 (Abhijith PA) NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeb08259acbd77e231b36d843bbba422ad060c32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eeb08259acbd77e231b36d843bbba422ad060c32 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ignore CVE-2020-2933 for stretch
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8deda7cf by Moritz Muehlenhoff at 2020-04-15T16:13:50+02:00 ignore CVE-2020-2933 for stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21879,6 +21879,7 @@ CVE-2020-2934 CVE-2020-2933 RESERVED - mysql-connector-java + [stretch] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2932 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8deda7cfef02463c4ffd997cde5282ac8a63be29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8deda7cfef02463c4ffd997cde5282ac8a63be29 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add first batch of MySQL related CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 547c2218 by Salvatore Bonaccorso at 2020-04-15T15:15:08+02:00 Add first batch of MySQL related CVEs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21878,32 +21878,50 @@ CVE-2020-2934 RESERVED CVE-2020-2933 RESERVED + - mysql-connector-java + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2932 RESERVED CVE-2020-2931 RESERVED CVE-2020-2930 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2929 RESERVED - virtualbox [jessie] - virtualbox (DSA-3699-1) CVE-2020-2928 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2927 RESERVED CVE-2020-2926 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2925 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2924 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2923 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2922 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2921 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2920 RESERVED CVE-2020-2919 @@ -21954,6 +21972,8 @@ CVE-2020-2905 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2904 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2903 RESERVED CVE-2020-2902 @@ -21962,6 +21982,8 @@ CVE-2020-2902 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2901 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2900 RESERVED CVE-2020-2899 @@ -21970,6 +21992,8 @@ CVE-2020-2898 RESERVED CVE-2020-2897 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2896 RESERVED CVE-2020-2895 @@ -22016,6 +22040,8 @@ CVE-2020-2876 RESERVED CVE-2020-2875 RESERVED + - mysql-connector-java + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2874 RESERVED CVE-2020-2873 @@ -22060,6 +22086,8 @@ CVE-2020-2854 RESERVED CVE-2020-2853 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2852 RESERVED CVE-2020-2851 @@ -22148,6 +22176,8 @@ CVE-2020-2813 RESERVED CVE-2020-2812 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2811 RESERVED CVE-2020-2810 @@ -22230,6 +22260,8 @@ CVE-2020-2780 RESERVED CVE-2020-2779 RESERVED + - mysql-5.7 (MySQL 8 only) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2778 RESERVED - openjdk-14 @@ -22242,6 +22274,8 @@ CVE-2020-2775 RESERVED CVE-2020-2774 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2773 RESERVED - openjdk-14 @@ -22271,14 +22305,20 @@ CVE-2020-2764 NOT-FOR-US: Java Advanced Management Console CVE-2020-2763 RESERVED + - mysql-5.7 + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2762 RESERVED CVE-2020-2761 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2760 RESERVED CVE-2020-2759 RESERVED + - mysql-5.7 (Only affects MySQL 8) + NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2758 RESERVED - virtualbox View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/547c2218eb8d61df1070d73403ae620bd7c1e496 -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] new vbox issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5abd5ab0 by Moritz Muehlenhoff at 2020-04-15T14:33:53+02:00 new vbox issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21820,8 +21820,12 @@ CVE-2020-2960 RESERVED CVE-2020-2959 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2958 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2957 RESERVED CVE-2020-2956 @@ -21836,6 +21840,8 @@ CVE-2020-2952 RESERVED CVE-2020-2951 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2950 RESERVED CVE-2020-2949 @@ -21880,6 +21886,8 @@ CVE-2020-2930 RESERVED CVE-2020-2929 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2928 RESERVED CVE-2020-2927 @@ -21910,30 +21918,48 @@ CVE-2020-2915 RESERVED CVE-2020-2914 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2913 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2912 RESERVED CVE-2020-2911 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2910 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2909 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2908 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2907 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2906 RESERVED CVE-2020-2905 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2904 RESERVED CVE-2020-2903 RESERVED CVE-2020-2902 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2901 RESERVED CVE-2020-2900 @@ -21950,6 +21976,8 @@ CVE-2020-2895 RESERVED CVE-2020-2894 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2893 RESERVED CVE-2020-2892 @@ -22253,6 +22281,8 @@ CVE-2020-2759 RESERVED CVE-2020-2758 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2757 RESERVED - openjdk-14 @@ -22287,6 +22317,8 @@ CVE-2020-2749 RESERVED CVE-2020-2748 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2747 RESERVED CVE-2020-2746 @@ -22297,10 +22329,16 @@ CVE-2020-2744 RESERVED CVE-2020-2743 RESERVED + - virtualbox 6.1.2-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2742 RESERVED + - virtualbox 6.1.2-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2741 RESERVED + - virtualbox + [jessie] - virtualbox (DSA-3699-1) CVE-2020-2740 RESERVED CVE-2020-2739 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5abd5ab0b9a24ff7de7117db0f56e2cea40c4007 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5abd5ab0b9a24ff7de7117db0f56e2cea40c4007 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new Java issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 88ded785 by Moritz Muehlenhoff at 2020-04-15T14:29:49+02:00 new Java issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -22078,6 +22078,10 @@ CVE-2020-2831 RESERVED CVE-2020-2830 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2829 RESERVED CVE-2020-2828 @@ -22106,6 +22110,8 @@ CVE-2020-2817 RESERVED CVE-2020-2816 RESERVED + - openjdk-14 + - openjdk-11 CVE-2020-2815 RESERVED CVE-2020-2814 @@ -22128,16 +22134,28 @@ CVE-2020-2806 RESERVED CVE-2020-2805 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2804 RESERVED CVE-2020-2803 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2802 RESERVED CVE-2020-2801 RESERVED CVE-2020-2800 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2799 RESERVED CVE-2020-2798 @@ -22176,12 +22194,18 @@ CVE-2020-2782 RESERVED CVE-2020-2781 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2780 RESERVED CVE-2020-2779 RESERVED CVE-2020-2778 RESERVED + - openjdk-14 + - openjdk-11 CVE-2020-2777 RESERVED CVE-2020-2776 @@ -22192,6 +22216,10 @@ CVE-2020-2774 RESERVED CVE-2020-2773 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2772 RESERVED CVE-2020-2771 @@ -22204,12 +22232,15 @@ CVE-2020-2768 RESERVED CVE-2020-2767 RESERVED + - openjdk-14 + - openjdk-11 CVE-2020-2766 RESERVED CVE-2020-2765 RESERVED CVE-2020-2764 RESERVED + NOT-FOR-US: Java Advanced Management Console CVE-2020-2763 RESERVED CVE-2020-2762 @@ -4,12 +22255,26 @@ CVE-2020-2758 RESERVED CVE-2020-2757 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2756 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 + - openjdk-7 CVE-2020-2755 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 CVE-2020-2754 RESERVED + - openjdk-14 + - openjdk-11 + - openjdk-8 CVE-2020-2753 RESERVED CVE-2020-2752 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ded785164df8d1ce21ddc10f47ad148f866911 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ded785164df8d1ce21ddc10f47ad148f866911 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2177-1 for git
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 48eea858 by Roberto C. Sánchez at 2020-04-15T08:19:06-04:00 Reserve DLA-2177-1 for git - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[15 Apr 2020] DLA-2177-1 git - security update + {CVE-2020-5260} + [jessie] - git 1:2.1.4-2.1+deb8u9 [14 Apr 2020] DLA-2176-1 inetutils - security update {CVE-2020-10188} [jessie] - inetutils 2:1.9.2.39.3a460-3+deb8u1 = data/dla-needed.txt = @@ -20,8 +20,6 @@ bluez (Emilio) -- file-roller (Utkarsh Gupta) -- -git (Roberto C. Sánchez) --- jackson-databind (Utkarsh Gupta) NOTE: 20200513: WIP; mutiple new CVEs came up. Fixing them all NOTE: 20200513: together at once. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48eea858186d859d744f87071ccfa72c24f76f8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48eea858186d859d744f87071ccfa72c24f76f8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for shiro in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: af2b443c by Chris Lamb at 2020-04-15T11:20:20+01:00 Update note for shiro in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -74,6 +74,7 @@ shiro (Chris Lamb) NOTE: 20200402: Prepared a package but difficult running tests. Have asked NOTE: 20200402: the Debian maintainer at https://bugs.debian.org/955018#12 NOTE: 20200411: Pinged maintainer and LTS list. (lamby) + NOTE: 20200415: Further work with another ping to bug. (lamby) -- squid3 (Markus Koschany) NOTE: 20200330: There is still an issue with CVE-2019-12523 but the rest View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af2b443c3a4525e334dd0f27053b057e2f6ba182 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af2b443c3a4525e334dd0f27053b057e2f6ba182 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e648f7d5 by Salvatore Bonaccorso at 2020-04-15T10:30:42+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13325,7 +13325,7 @@ CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditi CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7 ...) - TODO: check + NOT-FOR-US: SAP CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...) NOT-FOR-US: SAP CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...) @@ -13341,11 +13341,11 @@ CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalRepor CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...) NOT-FOR-US: SAP CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) - TODO: check + NOT-FOR-US: SAP CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) NOT-FOR-US: SAP CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) - TODO: check + NOT-FOR-US: SAP CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...) NOT-FOR-US: SAP CVE-2020-6213 @@ -13353,7 +13353,7 @@ CVE-2020-6213 CVE-2020-6212 RESERVED CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...) - TODO: check + NOT-FOR-US: SAP CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...) NOT-FOR-US: SAP CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...) @@ -13385,7 +13385,7 @@ CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...) NOT-FOR-US: SAP CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC), version 4.1 ...) - TODO: check + NOT-FOR-US: SAP CVE-2020-6194 RESERVED CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e648f7d513b6c4089ed454d0c8521d9e8f8ed18f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e648f7d513b6c4089ed454d0c8521d9e8f8ed18f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 091a886a by security tracker role at 2020-04-15T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,39 @@ +CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) + TODO: check +CVE-2020-11766 + RESERVED +CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) + TODO: check +CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + TODO: check +CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) + TODO: check +CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + TODO: check +CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + TODO: check +CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + TODO: check +CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) + TODO: check +CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + TODO: check +CVE-2020-11757 + RESERVED +CVE-2020-11756 + RESERVED +CVE-2020-11755 + RESERVED +CVE-2020-11754 + RESERVED +CVE-2020-11753 + RESERVED +CVE-2020-11752 + RESERVED +CVE-2020-11751 + RESERVED +CVE-2020-11750 + RESERVED CVE-2020-11749 RESERVED CVE-2020-11748 @@ -70,8 +106,8 @@ CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_l CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...) - linux NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 -CVE-2020-11723 - RESERVED +CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) + TODO: check CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - crawl NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html @@ -1898,16 +1934,16 @@ CVE-2020-11007 RESERVED CVE-2020-11006 RESERVED -CVE-2020-11005 - RESERVED +CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) + TODO: check CVE-2020-11004 RESERVED -CVE-2020-11003 - RESERVED +CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) + TODO: check CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) TODO: check -CVE-2020-11001 - RESERVED +CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) + TODO: check CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) NOT-FOR-US: GreenBrowser CVE-2020-10999 @@ -2082,6 +2118,7 @@ CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) + {DLA-2173-1} - graphicsmagick 1.4+really1.3.34-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce CVE-2020-10937 @@ -3327,26 +3364,26 @@ CVE-2020-10516 RESERVED CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client -CVE-2020-10514 - RESERVED -CVE-2020-10513 - RESERVED -CVE-2020-10512 - RESERVED -CVE-2020-10511 - RESERVED +CVE-2020-10514 (iCatch DVR do not validate function parameter properly, resulting atta ...) + TODO: check +CVE-2020-10513 (The file management interface of iCatch DVR contains broken access con ...) + TODO: check +CVE-2020-10512 (HGiga CCmail contains a SQL Injection vulnerability which allows ...) + TODO: check +CVE-2020-10511 (HGiga CCmail contains insecure configurations. Attackers can expl ...) + TODO: check CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) NOT-FOR-US: Sunnet eHRD -CVE-2020-10507 - RESERVED -CVE-2020-10506 - RESERVED -CVE-2020-10505 - RESERVED +CVE-2020-10507 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1722/freeipa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1cd9367 by Salvatore Bonaccorso at 2020-04-15T08:54:47+02:00 Add CVE-2020-1722/freeipa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25452,6 +25452,9 @@ CVE-2020-1723 RESERVED CVE-2020-1722 RESERVED + - freeipa + NOTE: https://pagure.io/freeipa/issue/8268 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071 CVE-2020-1721 RESERVED - dogtag-pki View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1cd93673ca67db3a74e32949c1cd78ca9b2aec9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1cd93673ca67db3a74e32949c1cd78ca9b2aec9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-2053{6,9}/liblas
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6056f2d9 by Salvatore Bonaccorso at 2020-04-15T08:36:51+02:00 Add references for CVE-2018-2053{6,9}/liblas - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -75026,6 +75026,8 @@ CVE-2018-20539 (There is a Segmentation fault triggered by illegal address acces [stretch] - liblas (Minor issue) [jessie] - liblas (Minor issue) NOTE: https://github.com/libLAS/libLAS/issues/159 + NOTE: https://github.com/libLAS/libLAS/pull/183 + NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9 CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...) - nasm (unimportant; bug #918269) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531 @@ -75044,6 +75046,8 @@ CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReferen [stretch] - liblas (Minor issue) [jessie] - liblas (Minor issue) NOTE: https://github.com/libLAS/libLAS/issues/161 + NOTE: https://github.com/libLAS/libLAS/pull/183 + NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9 CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...) - nasm (unimportant; bug #918270) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6056f2d90424a6b10db96b7f5390b1f09d30fdfb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6056f2d90424a6b10db96b7f5390b1f09d30fdfb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-20537/liblas
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90258570 by Salvatore Bonaccorso at 2020-04-15T08:34:13+02:00 Add references for CVE-2018-20537/liblas - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -75036,6 +75036,8 @@ CVE-2018-20537 (There is a NULL pointer dereference at liblas::SpatialReference: [stretch] - liblas (Minor issue) [jessie] - liblas (Minor issue) NOTE: https://github.com/libLAS/libLAS/issues/160 + NOTE: https://github.com/libLAS/libLAS/pull/184 + NOTE: https://github.com/libLAS/libLAS/commit/1e854ec110d9bcebcae9db3136953c873f919235 CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReference::Ge ...) - liblas (low; bug #924614) [buster] - liblas (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90258570199148f400feff6a0268729453b3b830 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90258570199148f400feff6a0268729453b3b830 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] further reference for latest git issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ef98875 by Moritz Muehlenhoff at 2020-04-15T08:17:05+02:00 further reference for latest git issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15397,6 +15397,7 @@ CVE-2020-5260 NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=17f1c0b8c7e447aa62f85dc355bb48133d2812f2 NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c716fe4bd917e013bf376a678b3a92444b2d NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=07259e74ec1237c836874342c65650bdee8a3993 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ef98875628c23fbd71ef3ba1657bfb117b6fcac -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ef98875628c23fbd71ef3ba1657bfb117b6fcac You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits