[Git][security-tracker-team/security-tracker][master] Add CVE-2020-13253/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5180a737 by Salvatore Bonaccorso at 2020-05-22T07:02:09+02:00 Add CVE-2020-13253/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -212,8 +212,10 @@ CVE-2020-13255 RESERVED CVE-2020-13254 RESERVED -CVE-2020-13253 +CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS] RESERVED + - qemu + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) TODO: check CVE-2020-13251 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5180a737629d0fe6f107f0bed2a22aaaf002dc76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5180a737629d0fe6f107f0bed2a22aaaf002dc76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-12693 as no-dsa for buster and stretch
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e623c765 by Salvatore Bonaccorso at 2020-05-22T06:44:01+02:00 Mark CVE-2020-12693 as no-dsa for buster and stretch - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1445,8 +1445,11 @@ CVE-2020-12694 CVE-2020-12693 RESERVED - slurm-llnl + [buster] - slurm-llnl (Minor issue) + [stretch] - slurm-llnl (Minor issue) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/36.html + NOTE: Issue affects systems with Message Aggregation enabled CVE-2020-12688 RESERVED CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e623c7650d4cddaefff650c5e32a74beee5610b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e623c7650d4cddaefff650c5e32a74beee5610b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-8161/ruby-rack via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0995a54 by Salvatore Bonaccorso at 2020-05-22T06:38:17+02:00 Add fixed version for CVE-2020-8161/ruby-rack via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13588,7 +13588,7 @@ CVE-2020-8162 RESERVED CVE-2020-8161 [Directory traversal in Rack::Directory] RESERVED - - ruby-rack + - ruby-rack 2.1.1-5 NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ NOTE: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e CVE-2020-8160 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0995a54d77662b52f4684ba7e59d06c43af0d43 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0995a54d77662b52f4684ba7e59d06c43af0d43 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-12693/slurm-llnl
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 039122e2 by Salvatore Bonaccorso at 2020-05-22T06:34:30+02:00 Add CVE-2020-12693/slurm-llnl - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1444,6 +1444,9 @@ CVE-2020-12694 RESERVED CVE-2020-12693 RESERVED + - slurm-llnl + NOTE: https://www.schedmd.com/news.php?id=236 + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/36.html CVE-2020-12688 RESERVED CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039122e2b067f32e0b3f927f6b3010a644e967cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039122e2b067f32e0b3f927f6b3010a644e967cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on bluez
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 53ddcf3b by Roberto C. Sánchez at 2020-05-21T17:45:53-04:00 LTS: update notes on bluez - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -29,14 +29,7 @@ apache2 (Utkarsh Gupta) bind9 (Thorsten Alteholz) -- bluez (Roberto C. Sánchez) - NOTE: 20200420: Many upstream refactorings make this hard to see where the - NOTE: 20200420: check for bonded connections should go. (eg. 7d9718cfc, - NOTE: 20200420: 718bad60d, etc.) (lamby) - NOTE: 20200513: The hog_connect function doesn't exist in Jessie (bam).. - NOTE: 20200513: See: https://lists.debian.org/debian-lts/2020/05/msg00030.html - NOTE: 20200513: See: https://lists.debian.org/debian-lts/2020/05/msg00038.html (untested patch) - NOTE: 20200513: Another alternative would be to backport the fixed version in Stretch. - NOTE: 20200518: After further discussion (see above thread), stretch backport will be done (roberto) + NOTE: 20200521: Uploaded backport (version 5.43-2+deb8u1), which now must go through NEW (roberto) -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ddcf3b2bd2b252c348e574e0f93f4eb5305dab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53ddcf3b2bd2b252c348e574e0f93f4eb5305dab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] fix typo in DSA list
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6d3e9b71 by Moritz Muehlenhoff at 2020-05-21T23:24:15+02:00 fix typo in DSA list add status for stretch - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: = data/CVE/list = @@ -2556,6 +2556,7 @@ CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or NOTE: https://github.com/grafana/grafana/pull/23816 CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) - pdns-recursor 4.3.1-1 + [stretch] - pdns-recursor (No longer supported, see DSA 4691) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...) @@ -6683,6 +6684,7 @@ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28- NOT-FOR-US: Percona XtraDB Cluster CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) - pdns-recursor 4.3.1-1 + [stretch] - pdns-recursor (No longer supported, see DSA 4691) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-10994 = data/DSA/list = @@ -1,5 +1,5 @@ [21 May 2020] DSA-4691-1 pdns-recursor - security update - {CVE-2020-10955 CVE-2020-12244} + {CVE-2020-10995 CVE-2020-12244} [buster] - pdns-recursor 4.1.11-1+deb10u1 [20 May 2020] DSA-4690-1 dovecot - security update {CVE-2020-10957 CVE-2020-10958 CVE-2020-10967} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d3e9b71e30eb934be564f9fe045c9f71b7157d6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d3e9b71e30eb934be564f9fe045c9f71b7157d6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] pdns-recursor DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fa52acc by Moritz Muehlenhoff at 2020-05-21T23:12:40+02:00 pdns-recursor DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -9327,9 +9327,10 @@ CVE-2020-10032 CVE-2020-10031 RESERVED CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) - - pdns-recursor 4.3.1-1 + - pdns-recursor 4.3.1-1 (unimportant) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 + NOTE: Non exploitable on Linux CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) - glibc 2.30-1 (bug #953108) [buster] - glibc (Minor issue) = data/DSA/list = @@ -1,3 +1,6 @@ +[21 May 2020] DSA-4691-1 pdns-recursor - security update + {CVE-2020-10955 CVE-2020-12244} + [buster] - pdns-recursor 4.1.11-1+deb10u1 [20 May 2020] DSA-4690-1 dovecot - security update {CVE-2020-10957 CVE-2020-10958 CVE-2020-10967} [buster] - dovecot 1:2.3.4.1-5+deb10u2 = data/dsa-needed.txt = @@ -32,8 +32,6 @@ netqmail nss/oldstable (jmm) Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 -- -pdns-recursor (jmm) --- php7.0/oldstable -- php7.3/stable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa52acc748a7e0401fcbcfc20e1db595be509c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa52acc748a7e0401fcbcfc20e1db595be509c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7c1605c6 by security tracker role at 2020-05-21T20:10:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,219 @@ +CVE-2020-13360 + RESERVED +CVE-2020-13359 + RESERVED +CVE-2020-13358 + RESERVED +CVE-2020-13357 + RESERVED +CVE-2020-13356 + RESERVED +CVE-2020-13355 + RESERVED +CVE-2020-13354 + RESERVED +CVE-2020-13353 + RESERVED +CVE-2020-13352 + RESERVED +CVE-2020-13351 + RESERVED +CVE-2020-13350 + RESERVED +CVE-2020-13349 + RESERVED +CVE-2020-13348 + RESERVED +CVE-2020-13347 + RESERVED +CVE-2020-13346 + RESERVED +CVE-2020-13345 + RESERVED +CVE-2020-13344 + RESERVED +CVE-2020-13343 + RESERVED +CVE-2020-13342 + RESERVED +CVE-2020-13341 + RESERVED +CVE-2020-13340 + RESERVED +CVE-2020-13339 + RESERVED +CVE-2020-13338 + RESERVED +CVE-2020-13337 + RESERVED +CVE-2020-13336 + RESERVED +CVE-2020-13335 + RESERVED +CVE-2020-13334 + RESERVED +CVE-2020-1 + RESERVED +CVE-2020-13332 + RESERVED +CVE-2020-13331 + RESERVED +CVE-2020-13330 + RESERVED +CVE-2020-13329 + RESERVED +CVE-2020-13328 + RESERVED +CVE-2020-13327 + RESERVED +CVE-2020-13326 + RESERVED +CVE-2020-13325 + RESERVED +CVE-2020-13324 + RESERVED +CVE-2020-13323 + RESERVED +CVE-2020-13322 + RESERVED +CVE-2020-13321 + RESERVED +CVE-2020-13320 + RESERVED +CVE-2020-13319 + RESERVED +CVE-2020-13318 + RESERVED +CVE-2020-13317 + RESERVED +CVE-2020-13316 + RESERVED +CVE-2020-13315 + RESERVED +CVE-2020-13314 + RESERVED +CVE-2020-13313 + RESERVED +CVE-2020-13312 + RESERVED +CVE-2020-13311 + RESERVED +CVE-2020-13310 + RESERVED +CVE-2020-13309 + RESERVED +CVE-2020-13308 + RESERVED +CVE-2020-13307 + RESERVED +CVE-2020-13306 + RESERVED +CVE-2020-13305 + RESERVED +CVE-2020-13304 + RESERVED +CVE-2020-13303 + RESERVED +CVE-2020-13302 + RESERVED +CVE-2020-13301 + RESERVED +CVE-2020-13300 + RESERVED +CVE-2020-13299 + RESERVED +CVE-2020-13298 + RESERVED +CVE-2020-13297 + RESERVED +CVE-2020-13296 + RESERVED +CVE-2020-13295 + RESERVED +CVE-2020-13294 + RESERVED +CVE-2020-13293 + RESERVED +CVE-2020-13292 + RESERVED +CVE-2020-13291 + RESERVED +CVE-2020-13290 + RESERVED +CVE-2020-13289 + RESERVED +CVE-2020-13288 + RESERVED +CVE-2020-13287 + RESERVED +CVE-2020-13286 + RESERVED +CVE-2020-13285 + RESERVED +CVE-2020-13284 + RESERVED +CVE-2020-13283 + RESERVED +CVE-2020-13282 + RESERVED +CVE-2020-13281 + RESERVED +CVE-2020-13280 + RESERVED +CVE-2020-13279 + RESERVED +CVE-2020-13278 + RESERVED +CVE-2020-13277 + RESERVED +CVE-2020-13276 + RESERVED +CVE-2020-13275 + RESERVED +CVE-2020-13274 + RESERVED +CVE-2020-13273 + RESERVED +CVE-2020-13272 + RESERVED +CVE-2020-13271 + RESERVED +CVE-2020-13270 + RESERVED +CVE-2020-13269 + RESERVED +CVE-2020-13268 + RESERVED +CVE-2020-13267 + RESERVED +CVE-2020-13266 + RESERVED +CVE-2020-13265 + RESERVED +CVE-2020-13264 + RESERVED +CVE-2020-13263 + RESERVED +CVE-2020-13262 + RESERVED +CVE-2020-13261 + RESERVED +CVE-2020-13260 + RESERVED +CVE-2020-13259 + RESERVED +CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) + TODO: check +CVE-2020-13257 + RESERVED +CVE-2020-13256 + RESERVED +CVE-2020-13255 + RESERVED +CVE-2020-13254 + RESERVED +CVE-2020-13253 + RESERVED CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) TODO: check CVE-2020-13251 @@ -301,20 +517,17 @@ CVE-2020-13116 RESERVED CVE-2020-13115 RESERVED -CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags] - RESERVED +CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) - libexif [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) -CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL] - RESERVED +CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) - libexif [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) NOTE:
[Git][security-tracker-team/security-tracker][master] Track fixes for libexif update via stretch-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1a235b1 by Salvatore Bonaccorso at 2020-05-21T21:18:06+02:00 Track fixes for libexif update via stretch-pu - - - - - 1 changed file: - data/next-oldstable-point-update.txt Changes: = data/next-oldstable-point-update.txt = @@ -84,3 +84,13 @@ CVE-2019-8842 [stretch] - cups 2.2.1-8+deb9u6 CVE-2020- [stretch] - fex 20160919-2~deb9u1 +CVE-2016-6328 + [stretch] - libexif 0.6.21-2+deb9u2 +CVE-2017-7544 + [stretch] - libexif 0.6.21-2+deb9u2 +CVE-2018-20030 + [stretch] - libexif 0.6.21-2+deb9u2 +CVE-2020-12767 + [stretch] - libexif 0.6.21-2+deb9u2 +CVE-2020-0093 + [stretch] - libexif 0.6.21-2+deb9u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1a235b16973503add2ce0ce216dd0e6ffdf6fca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1a235b16973503add2ce0ce216dd0e6ffdf6fca You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track proposed update for libexif via buster-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0ea2f577 by Salvatore Bonaccorso at 2020-05-21T21:15:26+02:00 Track proposed update for libexif via buster-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -26,3 +26,7 @@ CVE-2019-19333 [buster] - libyang 0.16.105-1+deb10u1 CVE-2019-19334 [buster] - libyang 0.16.105-1+deb10u1 +CVE-2020-12767 + [buster] - libexif 0.6.21-5.1+deb10u2 +CVE-2020-0093 + [buster] - libexif 0.6.21-5.1+deb10u2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ea2f57751e1a7daa5aa9d962bcda2a68964d8bb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ea2f57751e1a7daa5aa9d962bcda2a68964d8bb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1311{2,3,4}/libexif issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7e65931e by Salvatore Bonaccorso at 2020-05-21T21:09:43+02:00 Add CVE-2020-1311{2,3,4}/libexif issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -301,12 +301,24 @@ CVE-2020-13116 RESERVED CVE-2020-13115 RESERVED -CVE-2020-13114 +CVE-2020-13114 [Add a failsafe on the maximum number of Canon MakerNote subtags] RESERVED -CVE-2020-13113 + - libexif + [buster] - libexif (Minor issue) + [stretch] - libexif (Minor issue) + NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) +CVE-2020-13113 [Ensure the MakerNote data pointers are initialized with NULL] RESERVED -CVE-2020-13112 + - libexif + [buster] - libexif (Minor issue) + [stretch] - libexif (Minor issue) + NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) +CVE-2020-13112 [Fix MakerNote tag size overflow issues at read time] RESERVED + - libexif + [buster] - libexif (Minor issue) + [stretch] - libexif (Minor issue) + NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22) CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...) NOT-FOR-US: NaviServer CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e65931ebc678de2502cd81346438759e1514950 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: update notes on tomcat8
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: efc2b254 by Roberto C. Sánchez at 2020-05-21T12:20:01-04:00 LTS: update notes on tomcat8 - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -103,8 +103,8 @@ squid3 (Markus Koschany) NOTE: 20200518: Ongoing work on squid3 in Stretch which will be used for Jessie NOTE: 20200518: and Stretch. -- -tomcat8 - In d8fb8968ba9d89b4fd62e6570ad78b2efa8b7635 the DLA was reserved but not uploaded. +tomcat8 (Markus Koschany) + NOTE: 20200521: One patch resulted to have a bug that had to be fixed; new CVE also released. (roberto) -- transmission (Thorsten Alteholz) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc2b254109ba691fa7d0c212f7b369d7d39fd84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc2b254109ba691fa7d0c212f7b369d7d39fd84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-9484/tomcat9 via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f7bcfc8b by Salvatore Bonaccorso at 2020-05-21T16:48:00+02:00 Add fixed version for CVE-2020-9484/tomcat9 via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10256,7 +10256,7 @@ CVE-2020-9486 CVE-2020-9485 RESERVED CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) - - tomcat9 (bug #961209) + - tomcat9 9.0.35-1 (bug #961209) - tomcat8 - tomcat7 NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7bcfc8bf7babcf0261289cf23cde4873298b43a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7bcfc8bf7babcf0261289cf23cde4873298b43a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-0093/libexif fixed in unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 76ac1400 by Salvatore Bonaccorso at 2020-05-21T16:14:22+02:00 CVE-2020-0093/libexif fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -36934,7 +36934,7 @@ CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a TODO: check CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...) {DLA-2214-1} - - libexif + - libexif 0.6.21-8 [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/issues/42 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ac1400dd912d842782afcf36b1668bed073eba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76ac1400dd912d842782afcf36b1668bed073eba You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for netqmail
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a2624c27 by Salvatore Bonaccorso at 2020-05-21T16:02:50+02:00 Update note for netqmail - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -26,8 +26,8 @@ linux (carnil) mercurial/oldstable -- netqmail - Preliminary debdiff (for unstable, and rebuild for older suites): - https://bugs.debian.org/961060#14 + Unstable version uploaded to expose for testing, later release based on that + for stretch and buster. -- nss/oldstable (jmm) Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2624c2712c1eba13984d2b1884805dc98d10b77 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2624c2712c1eba13984d2b1884805dc98d10b77 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update CVE-2020-10736/ceph
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 997acc3f by Salvatore Bonaccorso at 2020-05-21T14:42:40+02:00 Update CVE-2020-10736/ceph - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7336,7 +7336,7 @@ CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhom NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac CVE-2020-10736 [authorization bypass in mons & mgrs] RESERVED - - ceph + - ceph (Vulnerable code introduced later) NOTE: https://ceph.io/releases/v15-2-2-octopus-released/ NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master) NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997acc3fd9402ac51de1a2da83ac8aeb50c6a0f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/997acc3fd9402ac51de1a2da83ac8aeb50c6a0f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-9484/tomcat9
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2b66c33b by Salvatore Bonaccorso at 2020-05-21T14:34:56+02:00 Add Debian bug reference for CVE-2020-9484/tomcat9 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10256,7 +10256,7 @@ CVE-2020-9486 CVE-2020-9485 RESERVED CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) - - tomcat9 + - tomcat9 (bug #961209) - tomcat8 - tomcat7 NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b66c33becfc5a632e3c7a012c32f01738d58693 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b66c33becfc5a632e3c7a012c32f01738d58693 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1955/couchdb
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 969c71e3 by Salvatore Bonaccorso at 2020-05-21T14:33:39+02:00 Add CVE-2020-1955/couchdb - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29486,7 +29486,7 @@ CVE-2020-1956 RESERVED NOT-FOR-US: Apache Kylin CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...) - TODO: check + - couchdb CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...) NOT-FOR-US: Apache CXF CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/969c71e3011aeaff0134fd0c4f8a7dbc3ff10732 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/969c71e3011aeaff0134fd0c4f8a7dbc3ff10732 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Move not-affected entry to CVE-2020-6477/chromium
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 30d19c90 by Salvatore Bonaccorso at 2020-05-21T11:22:19+02:00 Move not-affected entry to CVE-2020-6477/chromium Fixes: c6bcdf3f1743 (one chromium issue n/a) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17408,13 +17408,13 @@ CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome pr - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...) - - chromium (Only affects installer) -CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...) +CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) +CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...) + - chromium (Only affects installer) CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d19c90070b1ea23a976521105d2ac9002dac6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d19c90070b1ea23a976521105d2ac9002dac6e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] one chromium issue n/a
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c6bcdf3f by Moritz Muehlenhoff at 2020-05-21T11:12:10+02:00 one chromium issue n/a - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17408,8 +17408,7 @@ CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome pr - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...) - - chromium - [stretch] - chromium (see DSA 4562) + - chromium (Only affects installer) CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6bcdf3f174326e620bb0452cd734ed65497d0c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6bcdf3f174326e620bb0452cd734ed65497d0c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed versions for netqmail via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dbd963b4 by Salvatore Bonaccorso at 2020-05-21T11:03:53+02:00 Track fixed versions for netqmail via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24528,11 +24528,11 @@ CVE-2020-3813 RESERVED CVE-2020-3812 RESERVED - - netqmail (bug #961060) + - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3811 RESERVED - - netqmail (bug #961060) + - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...) {DSA-4685-1 DLA-2210-1} @@ -416078,15 +416078,15 @@ CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass NOT-FOR-US: DMail CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions i ...) - qmail 1.03-38 - - netqmail + - netqmail 1.06-6.2 NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large amo ...) - qmail 1.03-38 - - netqmail + - netqmail 1.06-6.2 NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when run ...) - qmail 1.03-38 - - netqmail + - netqmail 1.06-6.2 NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...) NOT-FOR-US: JAWS View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbd963b442423f622e45c96028baa992bff1c45a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dbd963b442423f622e45c96028baa992bff1c45a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for condor in jessie LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 4deb684f by Chris Lamb at 2020-05-21T09:54:30+01:00 Update note for condor in jessie LTS. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -40,6 +40,7 @@ bluez (Roberto C. Sánchez) -- condor NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto) + NOTE: 20200521: Still embargoed (eg. https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html). (lamby) -- cups (Anton Gladky) NOTE: 20200514: Two open issues. Added on request from Anton Gladky. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4deb684f4e96b534d8291620dc60085eae629922 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4deb684f4e96b534d8291620dc60085eae629922 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Unclaim freerdp
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: 38f58458 by Utkarsh Gupta at 2020-05-21T13:56:00+05:30 Unclaim freerdp - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -44,7 +44,7 @@ condor cups (Anton Gladky) NOTE: 20200514: Two open issues. Added on request from Anton Gladky. (sunweaver) -- -freerdp (Utkarsh Gupta) +freerdp NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby) -- graphicsmagick (Roberto C. Sánchez) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f584588f71cea64bd8ec78c4078c041ef0e40e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f584588f71cea64bd8ec78c4078c041ef0e40e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 68a3d2a9 by security tracker role at 2020-05-21T08:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,7 @@ +CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) + TODO: check +CVE-2020-13251 + RESERVED CVE-2020-13250 RESERVED CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...) @@ -1350,8 +1354,8 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c direct NOT-FOR-US: Gurbalib CVE-2020-12648 RESERVED -CVE-2020-12647 - RESERVED +CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) + TODO: check CVE-2020-12646 RESERVED CVE-2020-12645 @@ -17367,144 +17371,109 @@ CVE-2020-6493 RESERVED CVE-2020-6492 RESERVED -CVE-2020-6491 - RESERVED +CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6490 - RESERVED +CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6489 - RESERVED +CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6488 - RESERVED +CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6487 - RESERVED +CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6486 - RESERVED +CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6485 - RESERVED +CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6484 - RESERVED +CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6483 - RESERVED +CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6482 - RESERVED +CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6481 - RESERVED +CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6480 - RESERVED +CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6479 - RESERVED +CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6478 - RESERVED +CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6477 - RESERVED +CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6476 - RESERVED +CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6475 - RESERVED +CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6474 - RESERVED +CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6473 - RESERVED +CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6472 - RESERVED +CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-6471 - RESERVED +CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr
[Git][security-tracker-team/security-tracker][master] Add CVE-2019-11048/php*
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a60bbb7a by Salvatore Bonaccorso at 2020-05-21T09:14:35+02:00 Add CVE-2019-11048/php* - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -59173,7 +59173,19 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78943 CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...) - TODO: check + - php7.4 + - php7.3 + - php7.0 + - php5 + NOTE: Fixed in PHP 7.2.31, 7.3.18, 7.4.6 + NOTE: PHP Bug: https://bugs.php.net/78875 + NOTE: PHP Bug: https://bugs.php.net/78876 + NOTE: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 + NOTE: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 + NOTE: php-7.4: https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add + NOTE: php-7.3: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 + NOTE: php-7.2: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 + NOTE: php-7.2: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4628-1 DSA-4626-1 DLA-2050-1} - php7.3 7.3.15-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a60bbb7a49dc2be11b54a94f46d53523fc6c9f66 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a60bbb7a49dc2be11b54a94f46d53523fc6c9f66 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1727 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9304096c by Salvatore Bonaccorso at 2020-05-21T09:10:11+02:00 Add CVE-2020-1727 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -30544,6 +30544,7 @@ CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the NOT-FOR-US: Keycloak CVE-2020-1727 RESERVED + NOT-FOR-US: Keycloak CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) - libpod NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9304096c8064d28aa014d5bfbc8579f25bb540dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9304096c8064d28aa014d5bfbc8579f25bb540dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-8161/ruby-rack
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 813deb69 by Salvatore Bonaccorso at 2020-05-21T09:09:11+02:00 Add CVE-2020-8161/ruby-rack - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13352,8 +13352,11 @@ CVE-2020-8163 RESERVED CVE-2020-8162 RESERVED -CVE-2020-8161 +CVE-2020-8161 [Directory traversal in Rack::Directory] RESERVED + - ruby-rack + NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ + NOTE: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem v1.2.1 th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813deb69f871c77ce80781a7acdb14a0784e3d42 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813deb69f871c77ce80781a7acdb14a0784e3d42 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-9484/tomcat* issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: fab41b91 by Salvatore Bonaccorso at 2020-05-21T09:06:17+02:00 Add CVE-2020-9484/tomcat* issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -10252,7 +10252,13 @@ CVE-2020-9486 CVE-2020-9485 RESERVED CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) - TODO: check + - tomcat9 + - tomcat8 + - tomcat7 + NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) + NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a (9.0.35) + NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) + NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) CVE-2020-9483 RESERVED CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fab41b91db1fbd6d8ca809154f6ceb5a3288d1ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fab41b91db1fbd6d8ca809154f6ceb5a3288d1ed You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new chromium CVEs from 83.0.4103.61 release
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 112781b6 by Salvatore Bonaccorso at 2020-05-21T08:29:28+02:00 Add new chromium CVEs from 83.0.4103.61 release - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17360,64 +17360,120 @@ CVE-2020-6492 RESERVED CVE-2020-6491 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6490 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6489 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6488 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6487 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6486 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6485 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6484 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6483 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6482 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6481 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6480 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6479 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6478 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6477 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6476 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6475 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6474 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6473 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6472 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6471 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6470 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6469 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6468 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6467 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6466 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6465 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6464 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6463 RESERVED + - chromium + [stretch] - chromium (see DSA 4562) CVE-2020-6462 RESERVED - chromium View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112781b6ebd426cd51e80302a5c3806f69d909b2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/112781b6ebd426cd51e80302a5c3806f69d909b2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits