[Git][security-tracker-team/security-tracker][master] Add notes for qemu
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker Commits: b68219ec by Utkarsh Gupta at 2020-07-20T03:40:05+05:30 Add notes for qemu - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -130,7 +130,8 @@ puma NOTE: 20200708: Vulnerable to (at least) CVE-2020-11076. (lamby) -- qemu - NOTE: might be fixed by -pu. Visit later (utkarsh) + NOTE: 20200720: maintainer working on the update. (utkarsh) + NOTE: 20200720: Utkarsh is co-ordinating. (utkarsh) -- rails (Sylvain Beucler) NOTE: 20200706: coordinating/reviewing stretch update with security/ruby/upstream teams (Beuc) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b68219ec2249c7e136e5fb649aa7c51b71798612 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b68219ec2249c7e136e5fb649aa7c51b71798612 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb6e401a by security tracker role at 2020-07-19T20:10:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4060,6 +4060,7 @@ CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc NOTE: https://github.com/ngircd/ngircd/pull/276 NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...) + {DSA-4731-1} - redis 5:6.0.0-1 [stretch] - redis (Vulnerable code reintroduced later) [jessie] - redis (Vulnerable code reintroduced later) @@ -5289,6 +5290,7 @@ CVE-2020-13703 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...) NOT-FOR-US: Compound Finance Compound Price Oracle CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...) + {DSA-4728-1} - qemu 1:5.0-6 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...) @@ -5395,6 +5397,7 @@ CVE-2020-13661 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) NOT-FOR-US: CMS Made Simple CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) + {DSA-4728-1} - qemu 1:5.0-6 [stretch] - qemu (Minor issue) NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 @@ -6072,11 +6075,11 @@ CVE-2020-13364 CVE-2020-13363 RESERVED CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) - {DLA-2262-1} + {DSA-4728-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961887) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...) - {DLA-2262-1} + {DSA-4728-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961888) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...) @@ -14063,6 +14066,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 i [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...) + {DSA-4728-1} - libslirp 4.3.1-1 - qemu 1:4.1-2 [stretch] - qemu (Minor issue) @@ -30368,6 +30372,7 @@ CVE-2020-4056 CVE-2020-4055 RESERVED CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...) + {DSA-4730-1} - ruby-sanitize 4.6.6-2.1 (bug #963808) [stretch] - ruby-sanitize (Vulnerable code introduced later) [jessie] - ruby-sanitize (Vulnerable code introduced later) @@ -47047,6 +47052,7 @@ CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...) + {DSA-4729-1} - libopenmpt 0.4.9-1 NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision=12127=12127 @@ -56130,6 +56136,7 @@ CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer der [stretch] - libopenmpt (Vulnerable code not present in 0.2.x series) NOTE: https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/ CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...) + {DSA-4729-1} - libopenmpt 0.4.5-1 (low) [stretch] - libopenmpt (Vulnerable code not present in 0.2 branch) NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/ View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net
[Git][security-tracker-team/security-tracker][master] libperlspeak-perl removed from everywhere in the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4a11c7b1 by Salvatore Bonaccorso at 2020-07-19T21:34:18+02:00 libperlspeak-perl removed from everywhere in the archive - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -803,3 +803,4 @@ libuv yui3 ksh93 weboob +libperlspeak-perl View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a11c7b19700373390b9bdc217febf8e0eee382c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a11c7b19700373390b9bdc217febf8e0eee382c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] weboob was removed from everywhere in the archive
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57f5d03a by Salvatore Bonaccorso at 2020-07-19T21:33:24+02:00 weboob was removed from everywhere in the archive - - - - - 1 changed file: - data/packages/removed-packages Changes: = data/packages/removed-packages = @@ -802,3 +802,4 @@ udisks libuv yui3 ksh93 +weboob View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f5d03aa81143d63e526f63e27c7b6def29b910 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57f5d03aa81143d63e526f63e27c7b6def29b910 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for redis update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 39b942d2 by Salvatore Bonaccorso at 2020-07-19T21:25:12+02:00 Reserve DSA number for redis update - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[19 Jul 2020] DSA-4731-1 redis - security update + {CVE-2020-14147} + [buster] - redis 5:5.0.3-4+deb10u2 [19 Jul 2020] DSA-4730-1 ruby-sanitize - security update {CVE-2020-4054} [buster] - ruby-sanitize 4.6.6-2.1~deb10u1 = data/dsa-needed.txt = @@ -31,8 +31,6 @@ poppler (jmm) rails (jmm) Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- -redis --- squid (jmm) -- teeworlds (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39b942d2f84422d695ae43377cf3aa922ab9cae2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39b942d2f84422d695ae43377cf3aa922ab9cae2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA for ruby-sanitize
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64c7eb38 by Salvatore Bonaccorso at 2020-07-19T21:13:02+02:00 Reserve DSA for ruby-sanitize - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[19 Jul 2020] DSA-4730-1 ruby-sanitize - security update + {CVE-2020-4054} + [buster] - ruby-sanitize 4.6.6-2.1~deb10u1 [19 Jul 2020] DSA-4729-1 libopenmpt - security update {CVE-2019-14380 CVE-2019-17113} [buster] - libopenmpt 0.4.3-1+deb10u1 = data/dsa-needed.txt = @@ -33,8 +33,6 @@ rails (jmm) -- redis -- -ruby-sanitize (carnil) --- squid (jmm) -- teeworlds (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c7eb3841e0c9d9a164793b7708f48b1275fa1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64c7eb3841e0c9d9a164793b7708f48b1275fa1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] qemu, libopenmpt DSAs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 94e5d7c9 by Moritz Muehlenhoff at 2020-07-19T19:45:47+02:00 qemu, libopenmpt DSAs - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -5396,7 +5396,6 @@ CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Pic NOT-FOR-US: CMS Made Simple CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) - qemu 1:5.0-6 - [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html @@ -14066,7 +14065,6 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 i CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...) - libslirp 4.3.1-1 - qemu 1:4.1-2 - [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) = data/DSA/list = @@ -1,3 +1,9 @@ +[19 Jul 2020] DSA-4729-1 libopenmpt - security update + {CVE-2019-14380 CVE-2019-17113} + [buster] - libopenmpt 0.4.3-1+deb10u1 +[19 Jul 2020] DSA-4728-1 qemu - security update + {CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754} + [buster] - qemu 1:3.1+dfsg-8+deb10u6 [17 Jul 2020] DSA-4727-1 tomcat9 - security update {CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935} [buster] - tomcat9 9.0.31-1~deb10u2 = data/dsa-needed.txt = @@ -16,8 +16,6 @@ chromium -- curl (ghedo) -- -libopenmpt --- knot-resolver Santiago Ruano Rincón proposed a debdiff for review -- @@ -30,10 +28,7 @@ openjdk-11 (jmm) -- poppler (jmm) -- -qemu (jmm) - Maintainer proposing a debdiff fixing several CVEs for review --- -rails +rails (jmm) Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- redis View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e5d7c9f71c2a218fe5f7557004f37b2698ff86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94e5d7c9f71c2a218fe5f7557004f37b2698ff86 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-8203/node-lodash as no-dsa for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d224d64c by Salvatore Bonaccorso at 2020-07-19T14:16:08+02:00 Mark CVE-2020-8203/node-lodash as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -20193,6 +20193,7 @@ CVE-2020-8204 RESERVED CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash = ...) - node-lodash 4.17.19+dfsg-1 (bug #965283) + [buster] - node-lodash (Minor issue; can be fixed via point release) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d224d64c599d3639dfbb61a811b8210862aa8912 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d224d64c599d3639dfbb61a811b8210862aa8912 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note for rails for buster-security
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9615d57c by Salvatore Bonaccorso at 2020-07-19T13:21:38+02:00 Update note for rails for buster-security - - - - - 1 changed file: - data/dsa-needed.txt Changes: = data/dsa-needed.txt = @@ -34,7 +34,7 @@ qemu (jmm) Maintainer proposing a debdiff fixing several CVEs for review -- rails - Sylvain Beucler proposed to help for the update, pending upstream feedback for CVE-2020-8163 + Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- redis -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9615d57c1f911d3d69576cce85fbbf5b67ddc522 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9615d57c1f911d3d69576cce85fbbf5b67ddc522 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: update notes
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 137e7ac4 by Thorsten Alteholz at 2020-07-19T11:17:58+02:00 update notes - - - - - 630d2740 by Thorsten Alteholz at 2020-07-19T11:25:34+02:00 claim salt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -45,6 +45,7 @@ condor (Roberto C. Sánchez) NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) -- curl (Thorsten Alteholz) + NOTE: 20200719: testing package (thorsten) -- ffmpeg (Adrian Bunk) NOTE: 20200707: Vulnerable to at least CVE-2020-13904. (lamby) @@ -107,6 +108,7 @@ mumble -- mupdf (Thorsten Alteholz) NOTE: 20200708: Vulnerable to at least CVE-2019-13290. (lamby) + NOTE: 20200719: testing package (thorsten) -- nginx (Sylvain Beucler) NOTE: 20200713: update is ready, will publish after point release (Beuc) @@ -116,8 +118,8 @@ nginx (Sylvain Beucler) nss (Adrian Bunk) NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc) -- -opendmarc (Thorsten Alteholz) - NOTE: 20200621: testing package (thorsten) +opendmarc + NOTE: 20200719: no patches for remaining CVEs available, everything else is already done in Stretch (thorsten) -- pillow NOTE: 20200711: Appears vulnerable to at least CVE-2020-10177, but not CVE-2020-10378. (lamby) @@ -141,7 +143,7 @@ ruby-zip NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby) NOTE: 20200710: Was fixed in jessie LTS via DLA-1467-1. (lamby) -- -salt +salt (Thorsten Alteholz) NOTE: 20200710: Vulnerable to at least CVE-2018-15751, which was NOTE: 20200710: not an issue in jessie LTS. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03e1e30094c0150c4309c4454dc376c51f94ef6c...630d2740e74515ed7dd3f2cdc7aaed75399a5049 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03e1e30094c0150c4309c4454dc376c51f94ef6c...630d2740e74515ed7dd3f2cdc7aaed75399a5049 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-7693/node-socks
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3ec4af9c by Salvatore Bonaccorso at 2020-07-19T08:49:28+02:00 Add CVE-2020-7693/node-socks - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21524,7 +21524,7 @@ CVE-2020-7695 CVE-2020-7694 RESERVED CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...) - TODO: check + - node-socks (bug #922921) CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...) - google-oauth-client-java NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec4af9cf7bd3f104420835d2419c28b26776018 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ec4af9cf7bd3f104420835d2419c28b26776018 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-14001/ruby-kramdown
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b572eaba by Salvatore Bonaccorso at 2020-07-19T08:46:03+02:00 Add Debian bug reference for CVE-2020-14001/ruby-kramdown - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4471,7 +4471,7 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to [jessie] - putty (Minor issue) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) - - ruby-kramdown + - ruby-kramdown (bug #965305) NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) TODO: check View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b572eabae9e787adaa33994e8f2abb3ae005c257 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b572eabae9e787adaa33994e8f2abb3ae005c257 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15117/synergy
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8495c3ca by Salvatore Bonaccorso at 2020-07-19T08:43:38+02:00 Add CVE-2020-15117/synergy - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1581,7 +1581,9 @@ CVE-2020-15119 CVE-2020-15118 RESERVED CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) - TODO: check + - synergy + NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 + NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp CVE-2020-15116 RESERVED CVE-2020-15115 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8495c3ca845fd147ccf25a34986355ffa89e90a1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8495c3ca845fd147ccf25a34986355ffa89e90a1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14001/ruby-kramdown
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c520a0b7 by Salvatore Bonaccorso at 2020-07-19T08:34:32+02:00 Add CVE-2020-14001/ruby-kramdown - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4469,7 +4469,8 @@ CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to [jessie] - putty (Minor issue) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) - TODO: check + - ruby-kramdown + NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) TODO: check CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c520a0b7b345d54b4c601c46e230e030d7854ec9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c520a0b7b345d54b4c601c46e230e030d7854ec9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits