[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-16094 as no-dsa. Move zabbix, lib-phpmailer to dla-needed
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: b3cec52e by Abhijith PA at 2020-08-01T10:39:21+05:30 Mark CVE-2020-16094 as no-dsa. Move zabbix, lib-phpmailer to dla-needed - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -337,6 +337,7 @@ CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYP CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) - claws-mail (bug #966630) [buster] - claws-mail (Minor issue) + [stretch] - claws-mail (Minor issue) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 RESERVED = data/dla-needed.txt = @@ -79,6 +79,8 @@ libopenmpt (Utkarsh Gupta) libpam-radius-auth (Utkarsh Gupta) NOTE: 20200727: WIP. (utkarsh) -- +libphp-phpmailer (Abhijith PA) +-- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) @@ -162,3 +164,5 @@ xcftools -- xrdp -- +zabbix +-- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3cec52e4598125a25145b126ba9a9f066d99bab -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3cec52e4598125a25145b126ba9a9f066d99bab You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2303-1 for libssh
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker Commits: 23207fbd by Markus Koschany at 2020-07-31T23:54:23+02:00 Reserve DLA-2303-1 for libssh - - - - - 2 changed files: - data/DLA/list - data/dla-needed.txt Changes: = data/DLA/list = @@ -1,3 +1,6 @@ +[31 Jul 2020] DLA-2303-1 libssh - security update + {CVE-2020-16135} + [stretch] - libssh 0.7.3-2+deb9u3 [31 Jul 2020] DLA-2302-1 libjpeg-turbo - security update {CVE-2018-1152 CVE-2018-14498 CVE-2020-13790 CVE-2020-14152} [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u1 = data/dla-needed.txt = @@ -79,8 +79,6 @@ libopenmpt (Utkarsh Gupta) libpam-radius-auth (Utkarsh Gupta) NOTE: 20200727: WIP. (utkarsh) -- -libssh (Markus Koschany) --- linux (Ben Hutchings) -- linux-4.9 (Ben Hutchings) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23207fbd62ef079e393d8f45e125457a2b5f8017 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23207fbd62ef079e393d8f45e125457a2b5f8017 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05da1489 by Salvatore Bonaccorso at 2020-07-31T22:17:26+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2597,7 +2597,7 @@ CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a v CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) NOT-FOR-US: Traefik CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) - TODO: check + NOT-FOR-US: October CMS CVE-2020-15127 RESERVED CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) @@ -3942,7 +3942,7 @@ CVE-2020-14522 CVE-2020-14521 RESERVED CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...) - TODO: check + NOT-FOR-US: Inductive Automation Ignition CVE-2020-14519 RESERVED CVE-2020-14518 @@ -10331,7 +10331,7 @@ CVE-2020-12083 CVE-2020-12082 RESERVED CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) - TODO: check + NOT-FOR-US: FlexNet Publisher lmadmin.exe CVE-2020-12080 RESERVED CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) @@ -18957,9 +18957,9 @@ CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160( CVE-2020-9250 RESERVED CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9247 RESERVED CVE-2020-9246 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05da14893a469059547694eead038a52962adfe1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05da14893a469059547694eead038a52962adfe1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] ark DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 87b2fd82 by Moritz Muehlenhoff at 2020-07-31T22:14:11+02:00 ark DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[31 Jul 2020] DSA-4738-1 ark - security update + {CVE-2020-16116} + [buster] - ark 4:18.08.3-1+deb10u1 [30 Jul 2020] DSA-4735-2 grub2 - regression update [buster] - grub2 2.02+dfsg1-20+deb10u2 [29 Jul 2020] DSA-4737-1 xrdp - security update = data/dsa-needed.txt = @@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. --- -ark (jmm) -- chromium -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b2fd8220aaaeafa373412f268291c4b74cbf30 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87b2fd8220aaaeafa373412f268291c4b74cbf30 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ba4106e by security tracker role at 2020-07-31T20:10:56+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,121 @@ +CVE-2020-16254 + RESERVED +CVE-2020-16253 + RESERVED +CVE-2020-16252 + RESERVED +CVE-2020-16251 + RESERVED +CVE-2020-16250 + RESERVED +CVE-2020-16249 + RESERVED +CVE-2020-16248 + RESERVED +CVE-2020-16247 + RESERVED +CVE-2020-16246 + RESERVED +CVE-2020-16245 + RESERVED +CVE-2020-16244 + RESERVED +CVE-2020-16243 + RESERVED +CVE-2020-16242 + RESERVED +CVE-2020-16241 + RESERVED +CVE-2020-16240 + RESERVED +CVE-2020-16239 + RESERVED +CVE-2020-16238 + RESERVED +CVE-2020-16237 + RESERVED +CVE-2020-16236 + RESERVED +CVE-2020-16235 + RESERVED +CVE-2020-16234 + RESERVED +CVE-2020-16233 + RESERVED +CVE-2020-16232 + RESERVED +CVE-2020-16231 + RESERVED +CVE-2020-16230 + RESERVED +CVE-2020-16229 + RESERVED +CVE-2020-16228 + RESERVED +CVE-2020-16227 + RESERVED +CVE-2020-16226 + RESERVED +CVE-2020-16225 + RESERVED +CVE-2020-16224 + RESERVED +CVE-2020-16223 + RESERVED +CVE-2020-16222 + RESERVED +CVE-2020-16221 + RESERVED +CVE-2020-16220 + RESERVED +CVE-2020-16219 + RESERVED +CVE-2020-16218 + RESERVED +CVE-2020-16217 + RESERVED +CVE-2020-16216 + RESERVED +CVE-2020-16215 + RESERVED +CVE-2020-16214 + RESERVED +CVE-2020-16213 + RESERVED +CVE-2020-16212 + RESERVED +CVE-2020-16211 + RESERVED +CVE-2020-16210 + RESERVED +CVE-2020-16209 + RESERVED +CVE-2020-16208 + RESERVED +CVE-2020-16207 + RESERVED +CVE-2020-16206 + RESERVED +CVE-2020-16205 + RESERVED +CVE-2020-16204 + RESERVED +CVE-2020-16203 + RESERVED +CVE-2020-16202 + RESERVED +CVE-2020-16201 + RESERVED +CVE-2020-16200 + RESERVED +CVE-2020-16199 + RESERVED +CVE-2020-16198 + RESERVED +CVE-2020-16197 + RESERVED +CVE-2020-16196 + RESERVED CVE-2020-16195 RESERVED CVE-2020-16194 @@ -117,8 +235,8 @@ CVE-2020-16138 RESERVED CVE-2020-16137 RESERVED -CVE-2020-16136 - RESERVED +CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...) + TODO: check CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...) - libssh (bug #966560) NOTE: https://bugs.libssh.org/T232 @@ -2466,10 +2584,10 @@ CVE-2020-15136 RESERVED CVE-2020-15135 RESERVED -CVE-2020-15134 - RESERVED -CVE-2020-15133 - RESERVED +CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) + TODO: check +CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...) + TODO: check CVE-2020-15132 RESERVED CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) @@ -2478,8 +2596,8 @@ CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a v NOT-FOR-US: Node slpjs CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) NOT-FOR-US: Traefik -CVE-2020-15128 - RESERVED +CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) + TODO: check CVE-2020-15127 RESERVED CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) @@ -3823,8 +3941,8 @@ CVE-2020-14522 RESERVED CVE-2020-14521 RESERVED -CVE-2020-14520 - RESERVED +CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...) + TODO: check CVE-2020-14519 RESERVED CVE-2020-14518 @@ -4551,16 +4669,14 @@ CVE-2020-14339 [leak of /dev/mapper/control into QEMU guests] NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html CVE-2020-14338 RESERVED -CVE-2020-14337 - RESERVED +CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...) NOT-FOR-US: Ansible Tower CVE-2020-14336 RESERVED NOT-FOR-US: OpenShift CVE-2020-14335 RESERVED -CVE-2020-14334 - RESERVED +CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...) - foreman (bug #663101) CVE-2020-14333 RESERVED @@ -5026,6 +5142,7 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun - libjpeg-turbo (Vulnerable code not present; problematic condition cannot be reached) NOTE:
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f8f3f8f0 by Salvatore Bonaccorso at 2020-07-31T21:29:15+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27642,11 +27642,11 @@ CVE-2020-5616 CVE-2020-5615 RESERVED CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...) - TODO: check + NOT-FOR-US: KonaWiki CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...) - TODO: check + NOT-FOR-US: KonaWiki CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...) - TODO: check + NOT-FOR-US: KonaWiki CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...) NOT-FOR-US: Social Sharing Plugin for WordPress CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...) @@ -31999,23 +31999,23 @@ CVE-2019-20035 CVE-2019-20034 RESERVED CVE-2019-20033 (On Aspire-derived NEC PBXes, including all versions of SV8100 devices, ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20032 (An attacker with access to an InMail voicemail box equipped with the f ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20031 (NEC UM8000, UM4730 and prior non-InMail voicemail systems with all kno ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20030 (An attacker with knowledge of the modem access number on a NEC UM8000 ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20029 (An exploitable privilege escalation vulnerability exists in the WebPro ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20028 (Aspire-derived NEC PBXes operating InMail software, including all vers ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20027 (Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2 ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20026 (The WebPro interface in NEC SV9100 software releases 7.0 or higher all ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20025 (Certain builds of NEC SV9100 software could allow an unauthenticated, ...) - TODO: check + NOT-FOR-US: NEC devices CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) @@ -33814,11 +33814,11 @@ CVE-2020-3464 CVE-2020-3463 RESERVED CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3459 RESERVED CVE-2020-3458 @@ -33966,15 +33966,15 @@ CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) NOT-FOR-US: Cisco CVE-2020-3386 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...) NOT-FOR-US: Cisco CVE-2020-3384 (A vulnerability in specific REST API endpoints of Cisco Data Center Ne ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3383 (A vulnerability in the archive utility of Cisco Data Center Network Ma ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3382 (A vulnerability in the REST API of Cisco Data Center Network Manager ( ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...) NOT-FOR-US: Cisco CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...) @@ -33984,13 +33984,13 @@ CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3377 (A vulnerability in the Device Manager application of Cisco Data Center ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3376 (A vulnerability in the Device Manager application of Cisco Data Center ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3375 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3374 (A vulnerability in the web-based management
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-9488/apache-log4j2 as no-dsa
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: eb3289f1 by Salvatore Bonaccorso at 2020-07-31T21:00:39+02:00 Mark CVE-2020-9488/apache-log4j2 as no-dsa - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -18179,6 +18179,7 @@ CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...) - apache-log4j2 (bug #959450) + [buster] - apache-log4j2 (Minor issue) [jessie] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1 NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3289f18cfd51baca82ee633a11d05651d348ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb3289f18cfd51baca82ee633a11d05651d348ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-16094/claws-mail
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bfb7dd64 by Salvatore Bonaccorso at 2020-07-31T20:54:48+02:00 Add Debian bug reference for CVE-2020-16094/claws-mail - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -217,7 +217,7 @@ CVE-2020-16096 CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...) NOT-FOR-US: dlf for TYPO3 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) - - claws-mail + - claws-mail (bug #966630) [buster] - claws-mail (Minor issue) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb7dd645ecdc0db768b36a4cf28a2f159e8afd8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfb7dd645ecdc0db768b36a4cf28a2f159e8afd8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-16094/claws-mail as no-dsa for buster
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 74c5a15b by Salvatore Bonaccorso at 2020-07-31T20:48:56+02:00 Mark CVE-2020-16094/claws-mail as no-dsa for buster - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -218,6 +218,7 @@ CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYP NOT-FOR-US: dlf for TYPO3 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) - claws-mail + [buster] - claws-mail (Minor issue) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74c5a15bd6f5dd068ca0becaac38168b5e80f99e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74c5a15bd6f5dd068ca0becaac38168b5e80f99e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14347/xorg-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bc4a9322 by Salvatore Bonaccorso at 2020-07-31T20:18:35+02:00 Add CVE-2020-14347/xorg-server - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4508,8 +4508,11 @@ CVE-2020-14349 RESERVED CVE-2020-14348 RESERVED -CVE-2020-14347 +CVE-2020-14347 [X Server Pixel Data Uninitialized Memory Information Disclosure] RESERVED + - xorg-server + NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 CVE-2020-14346 RESERVED CVE-2020-14345 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc4a932287d1699059b58a9fade238c868e13c26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc4a932287d1699059b58a9fade238c868e13c26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14344/libx11
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9f44724a by Salvatore Bonaccorso at 2020-07-31T20:15:41+02:00 Add CVE-2020-14344/libx11 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4514,8 +4514,15 @@ CVE-2020-14346 RESERVED CVE-2020-14345 RESERVED -CVE-2020-14344 - RESERVED +CVE-2020-14344 [Heap corruption in the X input method client in libX11] + RESERVED + - libx11 + NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE] RESERVED - pyyaml (bug #966233) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f44724a8902981260f58aeea9fee89f1039bfa3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f44724a8902981260f58aeea9fee89f1039bfa3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2302-1 for libjpeg-turbo
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 564cff24 by Adrian Bunk at 2020-07-31T20:28:09+03:00 Reserve DLA-2302-1 for libjpeg-turbo - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -6051,7 +6051,6 @@ CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an o CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...) - libjpeg-turbo 1:2.0.5-1 (bug #962829) [buster] - libjpeg-turbo (Minor issue) - [stretch] - libjpeg-turbo (Minor issue) [jessie] - libjpeg-turbo (No package in Debian jessie uses the TurboJPEG API) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) @@ -112364,7 +112363,6 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJ {DLA-1719-1} - libjpeg-turbo 1:2.0.5-1 (low; bug #924678) [buster] - libjpeg-turbo (Minor issue) - [stretch] - libjpeg-turbo (Minor issue) - mozjpeg (bug #741487) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 @@ -150090,7 +150088,6 @@ CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnera {DLA-1638-1} - libjpeg-turbo 1:2.0.5-1 (low; bug #902950) [buster] - libjpeg-turbo (Minor issue) - [stretch] - libjpeg-turbo (Minor issue) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61bc6 CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...) NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub = data/DLA/list = @@ -1,3 +1,6 @@ +[31 Jul 2020] DLA-2302-1 libjpeg-turbo - security update + {CVE-2018-1152 CVE-2018-14498 CVE-2020-13790 CVE-2020-14152} + [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u1 [30 Jul 2020] DLA-2301-1 json-c - security update {CVE-2020-12762} [stretch] - json-c 0.12.1-1.1+deb9u1 = data/dla-needed.txt = @@ -73,9 +73,6 @@ jruby (Adrian Bunk) jupyter-notebook NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby) -- -libjpeg-turbo (Adrian Bunk) - NOTE: 20200727: work is ongoing (bunk) --- libopenmpt (Utkarsh Gupta) NOTE: 20200727: WIP. (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564cff24bb951d740731a44a239d9ac253cec77d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/564cff24bb951d740731a44a239d9ac253cec77d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2019-2201: Add note that the description is wrong
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: 28343f07 by Adrian Bunk at 2020-07-31T19:31:01+03:00 CVE-2019-2201: Add note that the description is wrong - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -93057,6 +93057,8 @@ CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, the NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884 NOTE: https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c + NOTE: The description text is wrong, this CVE is about gigapixel images not ARM NEON SIMD code. + NOTE: See https://bugs.gentoo.org/show_bug.cgi?id=CVE-2019-2201#c12 CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...) NOT-FOR-US: Android CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28343f0767bad1127718f347fe5ca379b6af80ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28343f0767bad1127718f347fe5ca379b6af80ad You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Triage stretch
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 29a58e4c by Abhijith PA at 2020-07-31T20:48:18+05:30 Triage stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -161,6 +161,7 @@ CVE-2020-16119 CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...) - balsa 2.6.0-1 [buster] - balsa (Minor issue) + [stretch] - balsa (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23 CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can ...) = data/dla-needed.txt = @@ -112,12 +112,17 @@ puma -- python2.7 (Thorsten Alteholz) -- +qemu +-- ruby-kramdown (Abhijith PA) -- ruby-zip NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby) NOTE: 20200710: Was fixed in jessie LTS via DLA-1467-1. (lamby) -- +sane-backends + NOTE: 20200731: Most issues either fixed or in jessie. (abhijith) +-- samba (Roberto C. Sánchez) NOTE: 20200703: Check with security team so that there's no clash for Stretch update. (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29a58e4c62d1ffabedadc110a203bb3d83d3fa9a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29a58e4c62d1ffabedadc110a203bb3d83d3fa9a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Update note in dla-needed.txt
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: b8b44b56 by Abhijith PA at 2020-07-31T20:40:52+05:30 Update note in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -22,6 +22,7 @@ ansible NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794 -- ark (Abhijith PA) + NOTE: 20200731: given PoC not working as intended. (abhijith) -- cacti NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8b44b56cdb0e8dff5b3fc9226350fd5dfb6c523 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8b44b56cdb0e8dff5b3fc9226350fd5dfb6c523 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fd6fa804 by Moritz Muehlenhoff at 2020-07-31T14:53:05+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -232,7 +232,7 @@ CVE-2020-16090 CVE-2020-16089 RESERVED CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) - TODO: check + NOT-FOR-US: OpenIKED CVE-2020-16087 RESERVED CVE-2020-16086 @@ -2471,9 +2471,9 @@ CVE-2020-15133 CVE-2020-15132 RESERVED CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) - TODO: check + NOT-FOR-US: Node slp-validate CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) - TODO: check + NOT-FOR-US: Node slpjs CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) NOT-FOR-US: Traefik CVE-2020-15128 @@ -2483,7 +2483,7 @@ CVE-2020-15127 CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) NOT-FOR-US: Node parser-server CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) - TODO: check + NOT-FOR-US: Node auth0 CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) NOT-FOR-US: Goobi Viewer Core CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) @@ -21204,7 +21204,7 @@ CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secur CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...) NOT-FOR-US: Pulse CVE-2020-8215 (A buffer overflow is present in canvas version = 1.6.9, which coul ...) - TODO: check + NOT-FOR-US: Node canvas CVE-2020-8214 (A path traversal vulnerability in servey version 3 allows an atta ...) NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect v1.13.3 ...) @@ -21233,7 +21233,7 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash & [stretch] - node-lodash (Nodejs in stretch not covered by security support) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) - TODO: check + NOT-FOR-US: Nextcloud Preferred Providers app CVE-2020-8201 RESERVED CVE-2020-8200 @@ -21253,7 +21253,7 @@ CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway version CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...) - TODO: check + NOT-FOR-US: Node fastify CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) @@ -21297,7 +21297,7 @@ CVE-2020-8177 CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...) NOT-FOR-US: koa-shopify-auth CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...) - TODO: check + NOT-FOR-US: Node jimp CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) @@ -22551,7 +22551,7 @@ CVE-2020-7701 CVE-2020-7700 RESERVED CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) - TODO: check + NOT-FOR-US: express-fileupload CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) TODO: check CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...) @@ -212195,9 +212195,9 @@ CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth d CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...) NOT-FOR-US: Red Hat JBoss EAP CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...) - TODO: check + NOT-FOR-US: pritunl-client CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...) - TODO: check + NOT-FOR-US: pritunl-client CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...) NOT-FOR-US: Red Hat rhscon-core CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise ...) @@ -282523,7 +282523,7 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before
[Git][security-tracker-team/security-tracker][master] CVE-2020-15862: Add note on commit to make extend mib read-only
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 352d2163 by Salvatore Bonaccorso at 2020-07-31T13:59:26+02:00 CVE-2020-15862: Add note on commit to make extend mib read-only - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -845,6 +845,9 @@ CVE-2020-15862 [privilege escalation] NOTE: possible to enable the MIB via --with-mib-modules configure option. NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB NOTE: read-only, cf. https://bugs.debian.org/966544 + NOTE: Disabling was reverted with: https://github.com/net-snmp/net-snmp/commit/4097a311e952d3b5c12610102bb4cc2fe72b56e5 + NOTE: Makes extended mib read-only: + NOTE: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...) NOT-FOR-US: Western Digital WD Discovery CVE-2020-15815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/352d2163cd08783ba9546cd893b915635f0ca6f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/352d2163cd08783ba9546cd893b915635f0ca6f4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-15861/net-snmp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 13874c34 by Salvatore Bonaccorso at 2020-07-31T13:17:16+02:00 Add fixed version for CVE-2020-15861/net-snmp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -739,7 +739,7 @@ CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 0 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555 CVE-2020-15861 [Elevation of Privileges due to symlink handling] RESERVED - - net-snmp (bug #966599) + - net-snmp 5.8+dfsg-5 (bug #966599) NOTE: https://github.com/net-snmp/net-snmp/issues/145 NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13874c34abf43524864ef2166c357baa9f80a1d4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13874c34abf43524864ef2166c357baa9f80a1d4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Expand note for CVE-2020-15862/net-snmp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 06054d95 by Salvatore Bonaccorso at 2020-07-31T13:15:31+02:00 Expand note for CVE-2020-15862/net-snmp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -843,6 +843,8 @@ CVE-2020-15862 [privilege escalation] NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07 NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still NOTE: possible to enable the MIB via --with-mib-modules configure option. + NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB + NOTE: read-only, cf. https://bugs.debian.org/966544 CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...) NOT-FOR-US: Western Digital WD Discovery CVE-2020-15815 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06054d95d4656fa3177991e206200a476c2d9385 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06054d95d4656fa3177991e206200a476c2d9385 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-15861/net-snmp
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6732988d by Salvatore Bonaccorso at 2020-07-31T11:00:46+02:00 Add CVE-2020-15861/net-snmp - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -737,8 +737,11 @@ CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 0 [buster] - qemu (Minor issue, can be fixed along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555 -CVE-2020-15861 +CVE-2020-15861 [Elevation of Privileges due to symlink handling] RESERVED + - net-snmp (bug #966599) + NOTE: https://github.com/net-snmp/net-snmp/issues/145 + NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) NOT-FOR-US: Parallels CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6732988d58e9bb1e7249629cec815996bcb59b8b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6732988d58e9bb1e7249629cec815996bcb59b8b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Move uploads which wont happend to the end of the list for further tracking
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e38d2fa9 by Salvatore Bonaccorso at 2020-07-31T10:31:58+02:00 Move uploads which wont happend to the end of the list for further tracking - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -1,23 +1,7 @@ CVE-2019-19919 [buster] - node-handlebars 3:4.1.0-1+deb10u1 -CVE-2019-18277 - [buster] - haproxy 1.8.19-1+deb10u3 -CVE-2019-14267 - [buster] - pdfresurrect 0.15-2+deb10u1 -CVE-2019-1020014 - [buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1 -CVE-2019-17134 - [buster] - octavia 3.0.0-3+deb10u1 -CVE-2019-14433 - [buster] - nova 2:18.1.0-6+deb10u1 -CVE-2019-14857 - [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u1 CVE-2019-20372 [buster] - nginx 1.14.2-2+deb10u2 -CVE-2020-5258 - [buster] - dojo 1.15.0+dfsg1-1+deb10u2 -CVE-2020-5259 - [buster] - dojo 1.15.0+dfsg1-1+deb10u2 CVE-2020-7598 [buster] - node-minimist 1.2.0-1+deb10u1 CVE-2019-13453 @@ -194,8 +178,6 @@ CVE-2018-10756 [buster] - transmission 2.94-2+deb10u1 CVE-2019-14868 [buster] - ksh 93u+20120801-3.4+deb10u1 -CVE-2019-20446 - [buster] - librsvg 2.44.10-2.1+deb10u1 CVE-2020-11538 [buster] - pillow 5.4.1-2+deb10u2 CVE-2020-10378 @@ -210,3 +192,21 @@ CVE-2020-14422 [buster] - python3.7 3.7.3-2+deb10u2 CVE-2020-8492 [buster] - python3.7 3.7.3-2+deb10u2 +CVE-2019-18277 + [buster] - haproxy 1.8.19-1+deb10u3 +CVE-2019-14267 + [buster] - pdfresurrect 0.15-2+deb10u1 +CVE-2019-1020014 + [buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1 +CVE-2019-17134 + [buster] - octavia 3.0.0-3+deb10u1 +CVE-2019-14433 + [buster] - nova 2:18.1.0-6+deb10u1 +CVE-2019-14857 + [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u1 +CVE-2020-5258 + [buster] - dojo 1.15.0+dfsg1-1+deb10u2 +CVE-2020-5259 + [buster] - dojo 1.15.0+dfsg1-1+deb10u2 +CVE-2019-20446 + [buster] - librsvg 2.44.10-2.1+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e38d2fa908fcba5d05d88901946400493f6a0d5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e38d2fa908fcba5d05d88901946400493f6a0d5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8c83d259 by security tracker role at 2020-07-31T08:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,4 +1,62 @@ -CVE-2020-16166 [random32: update the net random state on interrupt and activity] +CVE-2020-16195 + RESERVED +CVE-2020-16194 + RESERVED +CVE-2020-16193 + RESERVED +CVE-2020-16192 + RESERVED +CVE-2020-16191 + RESERVED +CVE-2020-16190 + RESERVED +CVE-2020-16189 + RESERVED +CVE-2020-16188 + RESERVED +CVE-2020-16187 + RESERVED +CVE-2020-16186 + RESERVED +CVE-2020-16185 + RESERVED +CVE-2020-16184 + RESERVED +CVE-2020-16183 + RESERVED +CVE-2020-16182 + RESERVED +CVE-2020-16181 + RESERVED +CVE-2020-16180 + RESERVED +CVE-2020-16179 + RESERVED +CVE-2020-16178 + RESERVED +CVE-2020-16177 + RESERVED +CVE-2020-16176 + RESERVED +CVE-2020-16175 + RESERVED +CVE-2020-16174 + RESERVED +CVE-2020-16173 + RESERVED +CVE-2020-16172 + RESERVED +CVE-2020-16171 + RESERVED +CVE-2020-16170 + RESERVED +CVE-2020-16169 + RESERVED +CVE-2020-16168 + RESERVED +CVE-2020-16167 + RESERVED +CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...) - linux NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) @@ -33015,8 +33073,8 @@ CVE-2020-3683 RESERVED CVE-2020-3682 RESERVED -CVE-2020-3681 - RESERVED +CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remotely se ...) + TODO: check CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API. ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3679 @@ -33735,12 +33793,12 @@ CVE-2020-3464 RESERVED CVE-2020-3463 RESERVED -CVE-2020-3462 - RESERVED -CVE-2020-3461 - RESERVED -CVE-2020-3460 - RESERVED +CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + TODO: check +CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + TODO: check +CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + TODO: check CVE-2020-3459 RESERVED CVE-2020-3458 @@ -33887,16 +33945,16 @@ CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could NOT-FOR-US: Cisco CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) NOT-FOR-US: Cisco -CVE-2020-3386 - RESERVED +CVE-2020-3386 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) + TODO: check CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...) NOT-FOR-US: Cisco -CVE-2020-3384 - RESERVED -CVE-2020-3383 - RESERVED -CVE-2020-3382 - RESERVED +CVE-2020-3384 (A vulnerability in specific REST API endpoints of Cisco Data Center Ne ...) + TODO: check +CVE-2020-3383 (A vulnerability in the archive utility of Cisco Data Center Network Ma ...) + TODO: check +CVE-2020-3382 (A vulnerability in the REST API of Cisco Data Center Network Manager ( ...) + TODO: check CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...) NOT-FOR-US: Cisco CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...) @@ -33905,14 +33963,14 @@ CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an NOT-FOR-US: Cisco CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...) NOT-FOR-US: Cisco -CVE-2020-3377 - RESERVED -CVE-2020-3376 - RESERVED -CVE-2020-3375 - RESERVED -CVE-2020-3374 - RESERVED +CVE-2020-3377 (A vulnerability in the Device Manager application of Cisco Data Center ...) + TODO: check +CVE-2020-3376 (A vulnerability in the Device Manager application of Cisco Data Center ...) + TODO: check +CVE-2020-3375 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) + TODO: check +CVE-2020-3374 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + TODO: check CVE-2020-3373 RESERVED CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c83d259619a7ff4a6257559fabf69bac8f170df -- View it on GitLab:
[Git][security-tracker-team/security-tracker][master] stretch triage
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: a04d0d85 by Abhijith PA at 2020-07-31T12:37:48+05:30 stretch triage - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -21,6 +21,8 @@ ansible NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983 NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794 -- +ark (Abhijith PA) +-- cacti NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) NOTE: 20200620: WIP (abhijith) @@ -109,6 +111,8 @@ puma -- python2.7 (Thorsten Alteholz) -- +ruby-kramdown (Abhijith PA) +-- ruby-zip NOTE: 20200710: Vulnerable to at least CVE-2018-1000544. (lamby) NOTE: 20200710: Was fixed in jessie LTS via DLA-1467-1. (lamby) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a04d0d8503f2be5402253aed087a988d3007481a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a04d0d8503f2be5402253aed087a988d3007481a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-16166/linux
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 01e53eff by Salvatore Bonaccorso at 2020-07-31T08:44:00+02:00 Add CVE-2020-16166/linux - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2020-16166 [random32: update the net random state on interrupt and activity] + - linux + NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) NOT-FOR-US: SpringBlade CVE-2020-16164 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e53effa7967434a1fa6dd1d41ce74f8c2bb3dc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01e53effa7967434a1fa6dd1d41ce74f8c2bb3dc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add tracking of source package for CVE-2020-6098/freediameter
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a96a5aa by Salvatore Bonaccorso at 2020-07-31T08:34:20+02:00 Add tracking of source package for CVE-2020-6098/freediameter - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26505,6 +26505,8 @@ CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atid CVE-2020-6099 RESERVED CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...) + - freediameter + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 TODO: check CVE-2020-6097 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a96a5aa4c4f1d0df07d0418767283f6b4015bfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a96a5aa4c4f1d0df07d0418767283f6b4015bfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-14337 as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b8d17e9e by Salvatore Bonaccorso at 2020-07-31T08:17:59+02:00 Add CVE-2020-14337 as NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -4472,6 +4472,7 @@ CVE-2020-14338 RESERVED CVE-2020-14337 RESERVED + NOT-FOR-US: Ansible Tower CVE-2020-14336 RESERVED NOT-FOR-US: OpenShift View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d17e9ea1248cdf355ffb022b7bb599b76f1d94 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d17e9ea1248cdf355ffb022b7bb599b76f1d94 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync CVE-2020-15899 NFU wording in related entries
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4555f7f1 by Salvatore Bonaccorso at 2020-07-31T08:16:59+02:00 Sync CVE-2020-15899 NFU wording in related entries - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -574,7 +574,7 @@ CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...) - NOT-FOR-US: grin + NOT-FOR-US: Grin CVE-2020-15898 RESERVED CVE-2020-15897 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4555f7f18d3b9a11062e623b0636909690cf6c9b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4555f7f18d3b9a11062e623b0636909690cf6c9b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-16092/qemu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 64ba9e40 by Salvatore Bonaccorso at 2020-07-31T08:15:37+02:00 Add CVE-2020-16092/qemu - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -159,8 +159,11 @@ CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a mali NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 RESERVED -CVE-2020-16092 +CVE-2020-16092 [reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c ] RESERVED + - qemu + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 + TODO: check details CVE-2020-16091 RESERVED CVE-2020-16090 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64ba9e405ae6e199a7801930204a3e4ca1f23ee1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64ba9e405ae6e199a7801930204a3e4ca1f23ee1 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dd CVE-2020-6070/f2fs-tools
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 97d072a7 by Salvatore Bonaccorso at 2020-07-31T08:10:06+02:00 dd CVE-2020-6070/f2fs-tools - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -26602,6 +26602,8 @@ CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the reso NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6070 RESERVED + - f2fs-tools + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988 CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97d072a72c45f888f9d1fd534436d3f5889d3292 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97d072a72c45f888f9d1fd534436d3f5889d3292 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1d337436 by Salvatore Bonaccorso at 2020-07-31T08:04:13+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) - TODO: check + NOT-FOR-US: SpringBlade CVE-2020-16164 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) - TODO: check + NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) - TODO: check + NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) - TODO: check + NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16161 RESERVED CVE-2020-16160 @@ -430,7 +430,7 @@ CVE-2020-15959 CVE-2020-15958 RESERVED CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) - TODO: check + NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 RESERVED CVE-2020-15955 @@ -4915,7 +4915,7 @@ CVE-2020-14160 CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...) NOT-FOR-US: ConnectWise CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...) - TODO: check + NOT-FOR-US: ABUS Secvest FUMO50110 hybrid module CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...) NOT-FOR-US: ABUS CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...) @@ -21135,7 +21135,7 @@ CVE-2020-8215 (A buffer overflow is present in canvas version = 1.6.9, which CVE-2020-8214 (A path traversal vulnerability in servey version 3 allows an atta ...) NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect v1.13.3 ...) - TODO: check + NOT-FOR-US: UniFi Protect CVE-2020-8212 RESERVED CVE-2020-8211 @@ -22218,11 +22218,11 @@ CVE-2020-7831 CVE-2020-7830 RESERVED CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) - TODO: check + NOT-FOR-US: DaviewIndy CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) - TODO: check + NOT-FOR-US: DaviewIndy CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...) - TODO: check + NOT-FOR-US: DaviewIndy CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...) NOT-FOR-US: EyeSurfer BflyInstallerX.ocx CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...) @@ -23585,7 +23585,7 @@ CVE-2020-7207 CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...) TODO: check CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-7204 RESERVED CVE-2020-7203 @@ -27255,13 +27255,13 @@ CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vuln CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...) NOT-FOR-US: MX Player Android App CVE-2020-5763 (Grandstream HT800 series firmware version 1.0.17.5 and below contain a ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5762 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5761 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5760 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) @@ -27559,9 +27559,9 @@ CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...) TODO: check CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...) - TODO: check + NOT-FOR-US: Social Sharing Plugin for WordPress CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...) - TODO: check + NOT-FOR-US: Global TechStream (GTS) for TOYOTA dealers CVE-2020-5609