[Git][security-tracker-team/security-tracker][master] Add notes for qemu
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: b68219ec by Utkarsh Gupta at 2020-07-20T03:40:05+05:30 Add notes for qemu - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -130,7 +130,8 @@ puma NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby) -- qemu - NOTE: might be fixed by -pu. Visit later (utkarsh) + NOTE: 20200720: maintainer working on the update. (utkarsh) + NOTE: 20200720: Utkarsh is co-ordinating. (utkarsh) -- rails (Sylvain Beucler) NOTE: 20200706: coordinating/reviewing stretch update with security/ruby/upstream teams (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b68219ec2249c7e136e5fb649aa7c51b71798612 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b68219ec2249c7e136e5fb649aa7c51b71798612 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb6e401a by security tracker role at 2020-07-19T20:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -4060,6 +4060,7 @@ CVE-2020-14148 (The Server-Server protocol implementation
in ngIRCd before 26~rc
NOTE: https://github.com/ngircd/ngircd/pull/276
NOTE:
https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in
Redis be ...)
+ {DSA-4731-1}
- redis 5:6.0.0-1
[stretch] - redis (Vulnerable code reintroduced later)
[jessie] - redis (Vulnerable code reintroduced later)
@@ -5289,6 +5290,7 @@ CVE-2020-13703
CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance
Compound Price ...)
NOT-FOR-US: Compound Finance Compound Price Oracle
CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger
an out-of ...)
+ {DSA-4728-1}
- qemu 1:5.0-6
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the
Apple/Goog ...)
@@ -5395,6 +5397,7 @@ CVE-2020-13661
CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File
Picker pr ...)
NOT-FOR-US: CMS Made Simple
CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL
pointer d ...)
+ {DSA-4728-1}
- qemu 1:5.0-6
[stretch] - qemu (Minor issue)
NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
@@ -6072,11 +6075,11 @@ CVE-2020-13364
CVE-2020-13363
RESERVED
CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in
hw/scsi/megasas.c h ...)
- {DLA-2262-1}
+ {DSA-4728-1 DLA-2262-1}
- qemu 1:5.0-6 (bug #961887)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in
hw/audio/es1370.c ...)
- {DLA-2262-1}
+ {DSA-4728-1 DLA-2262-1}
- qemu 1:5.0-6 (bug #961888)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There
is a NUL ...)
@@ -14063,6 +14066,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in
versions after 4.5-rc1 i
[jessie] - linux (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP
networking ...)
+ {DSA-4728-1}
- libslirp 4.3.1-1
- qemu 1:4.1-2
[stretch] - qemu (Minor issue)
@@ -30368,6 +30372,7 @@ CVE-2020-4056
CVE-2020-4055
RESERVED
CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0
and less ...)
+ {DSA-4730-1}
- ruby-sanitize 4.6.6-2.1 (bug #963808)
[stretch] - ruby-sanitize (Vulnerable code introduced
later)
[jessie] - ruby-sanitize (Vulnerable code introduced
later)
@@ -47047,6 +47052,7 @@ CVE-2019-17115 (Multiple cross-site scripting (XSS)
vulnerabilities in WiKID 2FA
CVE-2019-17114 (A stored and reflected cross-site scripting (XSS)
vulnerability in WiK ...)
NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9,
ModPlug_Instrument ...)
+ {DSA-4729-1}
- libopenmpt 0.4.9-1
NOTE:
https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
NOTE:
https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision=12127=12127
@@ -56130,6 +56136,7 @@ CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash
due to a NULL pointer der
[stretch] - libopenmpt (Vulnerable code not present in
0.2.x series)
NOTE:
https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/
CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to
an out-o ...)
+ {DSA-4729-1}
- libopenmpt 0.4.5-1 (low)
[stretch] - libopenmpt (Vulnerable code not present in
0.2 branch)
NOTE:
https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] libperlspeak-perl removed from everywhere in the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a11c7b1 by Salvatore Bonaccorso at 2020-07-19T21:34:18+02:00 libperlspeak-perl removed from everywhere in the archive - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -803,3 +803,4 @@ libuv yui3 ksh93 weboob +libperlspeak-perl View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a11c7b19700373390b9bdc217febf8e0eee382c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a11c7b19700373390b9bdc217febf8e0eee382c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] weboob was removed from everywhere in the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57f5d03a by Salvatore Bonaccorso at 2020-07-19T21:33:24+02:00 weboob was removed from everywhere in the archive - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -802,3 +802,4 @@ udisks libuv yui3 ksh93 +weboob View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f5d03aa81143d63e526f63e27c7b6def29b910 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f5d03aa81143d63e526f63e27c7b6def29b910 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for redis update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39b942d2 by Salvatore Bonaccorso at 2020-07-19T21:25:12+02:00
Reserve DSA number for redis update
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[19 Jul 2020] DSA-4731-1 redis - security update
+ {CVE-2020-14147}
+ [buster] - redis 5:5.0.3-4+deb10u2
[19 Jul 2020] DSA-4730-1 ruby-sanitize - security update
{CVE-2020-4054}
[buster] - ruby-sanitize 4.6.6-2.1~deb10u1
=
data/dsa-needed.txt
=
@@ -31,8 +31,6 @@ poppler (jmm)
rails (jmm)
Sylvain Beucler proposed to help for the update, remaining CVEs to be done
--
-redis
---
squid (jmm)
--
teeworlds (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39b942d2f84422d695ae43377cf3aa922ab9cae2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39b942d2f84422d695ae43377cf3aa922ab9cae2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for ruby-sanitize
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64c7eb38 by Salvatore Bonaccorso at 2020-07-19T21:13:02+02:00
Reserve DSA for ruby-sanitize
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[19 Jul 2020] DSA-4730-1 ruby-sanitize - security update
+ {CVE-2020-4054}
+ [buster] - ruby-sanitize 4.6.6-2.1~deb10u1
[19 Jul 2020] DSA-4729-1 libopenmpt - security update
{CVE-2019-14380 CVE-2019-17113}
[buster] - libopenmpt 0.4.3-1+deb10u1
=
data/dsa-needed.txt
=
@@ -33,8 +33,6 @@ rails (jmm)
--
redis
--
-ruby-sanitize (carnil)
---
squid (jmm)
--
teeworlds (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c7eb3841e0c9d9a164793b7708f48b1275fa1d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c7eb3841e0c9d9a164793b7708f48b1275fa1d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qemu, libopenmpt DSAs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
94e5d7c9 by Moritz Muehlenhoff at 2020-07-19T19:45:47+02:00
qemu, libopenmpt DSAs
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -5396,7 +5396,6 @@ CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS
via a crafted File Pic
NOT-FOR-US: CMS Made Simple
CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL
pointer d ...)
- qemu 1:5.0-6
- [buster] - qemu (Minor issue)
[stretch] - qemu (Minor issue)
NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
@@ -14066,7 +14065,6 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in
versions after 4.5-rc1 i
CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP
networking ...)
- libslirp 4.3.1-1
- qemu 1:4.1-2
- [buster] - qemu (Minor issue)
[stretch] - qemu (Minor issue)
- slirp4netns 1.0.1-1
[buster] - slirp4netns (Minor issue)
=
data/DSA/list
=
@@ -1,3 +1,9 @@
+[19 Jul 2020] DSA-4729-1 libopenmpt - security update
+ {CVE-2019-14380 CVE-2019-17113}
+ [buster] - libopenmpt 0.4.3-1+deb10u1
+[19 Jul 2020] DSA-4728-1 qemu - security update
+ {CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659
CVE-2020-13754}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u6
[17 Jul 2020] DSA-4727-1 tomcat9 - security update
{CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935}
[buster] - tomcat9 9.0.31-1~deb10u2
=
data/dsa-needed.txt
=
@@ -16,8 +16,6 @@ chromium
--
curl (ghedo)
--
-libopenmpt
---
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
--
@@ -30,10 +28,7 @@ openjdk-11 (jmm)
--
poppler (jmm)
--
-qemu (jmm)
- Maintainer proposing a debdiff fixing several CVEs for review
---
-rails
+rails (jmm)
Sylvain Beucler proposed to help for the update, remaining CVEs to be done
--
redis
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e5d7c9f71c2a218fe5f7557004f37b2698ff86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e5d7c9f71c2a218fe5f7557004f37b2698ff86
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-8203/node-lodash as no-dsa for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d224d64c by Salvatore Bonaccorso at 2020-07-19T14:16:08+02:00 Mark CVE-2020-8203/node-lodash as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20193,6 +20193,7 @@ CVE-2020-8204 RESERVED CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash = ...) - node-lodash 4.17.19+dfsg-1 (bug #965283) + [buster] - node-lodash (Minor issue; can be fixed via point release) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d224d64c599d3639dfbb61a811b8210862aa8912 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d224d64c599d3639dfbb61a811b8210862aa8912 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for rails for buster-security
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9615d57c by Salvatore Bonaccorso at 2020-07-19T13:21:38+02:00 Update note for rails for buster-security - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -34,7 +34,7 @@ qemu (jmm) Maintainer proposing a debdiff fixing several CVEs for review -- rails - Sylvain Beucler proposed to help for the update, pending upstream feedback for CVE-2020-8163 + Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- redis -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9615d57c1f911d3d69576cce85fbbf5b67ddc522 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9615d57c1f911d3d69576cce85fbbf5b67ddc522 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 137e7ac4 by Thorsten Alteholz at 2020-07-19T11:17:58+02:00 update notes - - - - - 630d2740 by Thorsten Alteholz at 2020-07-19T11:25:34+02:00 claim salt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -45,6 +45,7 @@ condor (Roberto C. Sánchez) NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) -- curl (Thorsten Alteholz) + NOTE: 20200719: testing package (thorsten) -- ffmpeg (Adrian Bunk) NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby) @@ -107,6 +108,7 @@ mumble -- mupdf (Thorsten Alteholz) NOTE: 20200708: Vulnerable to at least CVE-2019-13290. (lamby) + NOTE: 20200719: testing package (thorsten) -- nginx (Sylvain Beucler) NOTE: 20200713: update is ready, will publish after point release (Beuc) @@ -116,8 +118,8 @@ nginx (Sylvain Beucler) nss (Adrian Bunk) NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc) -- -opendmarc (Thorsten Alteholz) - NOTE: 20200621: testing package (thorsten) +opendmarc + NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) -- pillow NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby) @@ -141,7 +143,7 @@ ruby-zip NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby) NOTE: 20200710: Was fixed in jessie LTS via DLA-1467-1. (lamby) -- -salt +salt (Thorsten Alteholz) NOTE: 20200710: Vulnerable to at least CVE-2018-15751, which was NOTE: 20200710: not an issue in jessie LTS. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03e1e30094c0150c4309c4454dc376c51f94ef6c...630d2740e74515ed7dd3f2cdc7aaed75399a5049 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03e1e30094c0150c4309c4454dc376c51f94ef6c...630d2740e74515ed7dd3f2cdc7aaed75399a5049 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7693/node-socks
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ec4af9c by Salvatore Bonaccorso at 2020-07-19T08:49:28+02:00 Add CVE-2020-7693/node-socks - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21524,7 +21524,7 @@ CVE-2020-7695 CVE-2020-7694 RESERVED CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...) - TODO: check + - node-socks (bug #922921) CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...) - google-oauth-client-java NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec4af9cf7bd3f104420835d2419c28b26776018 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec4af9cf7bd3f104420835d2419c28b26776018 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-14001/ruby-kramdown
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b572eaba by Salvatore Bonaccorso at 2020-07-19T08:46:03+02:00 Add Debian bug reference for CVE-2020-14001/ruby-kramdown - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4471,7 +4471,7 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to [jessie] - putty (Minor issue) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) - - ruby-kramdown + - ruby-kramdown (bug #965305) NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b572eabae9e787adaa33994e8f2abb3ae005c257 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b572eabae9e787adaa33994e8f2abb3ae005c257 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15117/synergy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8495c3ca by Salvatore Bonaccorso at 2020-07-19T08:43:38+02:00 Add CVE-2020-15117/synergy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1581,7 +1581,9 @@ CVE-2020-15119 CVE-2020-15118 RESERVED CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) - TODO: check + - synergy + NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 + NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp CVE-2020-15116 RESERVED CVE-2020-15115 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8495c3ca845fd147ccf25a34986355ffa89e90a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8495c3ca845fd147ccf25a34986355ffa89e90a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14001/ruby-kramdown
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c520a0b7 by Salvatore Bonaccorso at 2020-07-19T08:34:32+02:00 Add CVE-2020-14001/ruby-kramdown - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4469,7 +4469,8 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to [jessie] - putty (Minor issue) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) - TODO: check + - ruby-kramdown + NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) TODO: check CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c520a0b7b345d54b4c601c46e230e030d7854ec9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c520a0b7b345d54b4c601c46e230e030d7854ec9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
