[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-35681/python-django-channels
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c3e1395b by Salvatore Bonaccorso at 2021-01-06T07:32:47+01:00 Track fixed version for CVE-2020-35681/python-django-channels - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3586,7 +3586,7 @@ CVE-2020-35682 RESERVED CVE-2020-35681 [Potential leakage of session identifiers using legacy AsgiHandler] RESERVED - - python-django-channels (bug #979376) + - python-django-channels 3.0.3-1 (bug #979376) NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html NOTE: https://github.com/django/channels/commit/e85874d9630474986a6937430eac52db79a2a022 (3.0.3) CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3e1395b712ff8e2543ec66e321cc2cd9171167f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3e1395b712ff8e2543ec66e321cc2cd9171167f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] LTS: re-claim shiro in dla-needed.txt
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker Commits: 46715607 by Roberto C. Sánchez at 2021-01-05T18:27:18-05:00 LTS: re-claim shiro in dla-needed.txt - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -146,7 +146,7 @@ ruby-kaminari NOTE: 20201009: This (↑) is an app-level patch for a rails app. A library-level patch NOTE: 20201009: will needed to be written. Opened an issue at upstream, though somewhat inactive. (utkarsh) -- -shiro +shiro (Roberto C. Sánchez) NOTE: 20200920: WIP NOTE: 20200928: Still awaiting reponse to request for assistance sent to upstream dev list. (roberto) NOTE: 20201004: Sent additional request to upstream dev list; stil no response. (roberto) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46715607a66873a2aabfc3b7e60a10f59f59bebb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46715607a66873a2aabfc3b7e60a10f59f59bebb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35681/python-django-channels
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cd39301c by Salvatore Bonaccorso at 2021-01-05T22:42:47+01:00 Add Debian bug reference for CVE-2020-35681/python-django-channels - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3586,7 +3586,7 @@ CVE-2020-35682 RESERVED CVE-2020-35681 [Potential leakage of session identifiers using legacy AsgiHandler] RESERVED - - python-django-channels + - python-django-channels (bug #979376) NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html NOTE: https://github.com/django/channels/commit/e85874d9630474986a6937430eac52db79a2a022 (3.0.3) CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd39301c64167c8e53bc9406583d06763e05af17 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd39301c64167c8e53bc9406583d06763e05af17 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-35681: Add upstream commit to adress issue
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 69fbd81d by Salvatore Bonaccorso at 2021-01-05T22:41:34+01:00 CVE-2020-35681: Add upstream commit to adress issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3588,6 +3588,7 @@ CVE-2020-35681 [Potential leakage of session identifiers using legacy AsgiHandle RESERVED - python-django-channels NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html + NOTE: https://github.com/django/channels/commit/e85874d9630474986a6937430eac52db79a2a022 (3.0.3) CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ...) - opensmtpd 6.8.0p2-1 (bug #978039) NOTE: https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69fbd81dbb30a30dc384c372a425460714f717a3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69fbd81dbb30a30dc384c372a425460714f717a3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] CVE-2020-35681: Correct temporary description missing word
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c94858e6 by Salvatore Bonaccorso at 2021-01-05T22:32:04+01:00 CVE-2020-35681: Correct temporary description missing word - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3584,7 +3584,7 @@ CVE-2020-35683 RESERVED CVE-2020-35682 RESERVED -CVE-2020-35681 [Potential leakage of session identifiers using legacy] +CVE-2020-35681 [Potential leakage of session identifiers using legacy AsgiHandler] RESERVED - python-django-channels NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c94858e6abba326b412d2835351cbd720dc61271 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c94858e6abba326b412d2835351cbd720dc61271 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2020-35652/asterisk
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4aa6f3b3 by Salvatore Bonaccorso at 2021-01-05T22:17:06+01:00 Add Debian bug reference for CVE-2020-35652/asterisk - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3652,7 +3652,7 @@ CVE-2020-35653 RESERVED CVE-2020-35652 [remote crash in res_pjsip_diversion] RESERVED - - asterisk + - asterisk (bug #979372) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29191 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29219 NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa6f3b3a1322e6eb15b3d43a3e6ee0207bc7e37 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4aa6f3b3a1322e6eb15b3d43a3e6ee0207bc7e37 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for regression update for minidlna
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59ffeed3 by Salvatore Bonaccorso at 2021-01-05T21:54:45+01:00
Reserve DSA number for regression update for minidlna
- - - - -
2 changed files:
- data/DSA/list
- data/dsa-needed.txt
Changes:
=
data/DSA/list
=
@@ -1,3 +1,5 @@
+[05 Jan 2021] DSA-4806-2 minidlna - regression update
+ [buster] - minidlna 1.2.1+dfsg-2+deb10u2
[04 Jan 2021] DSA-4825-1 dovecot - security update
{CVE-2020-24386 CVE-2020-25275}
[buster] - dovecot 1:2.3.4.1-5+deb10u5
=
data/dsa-needed.txt
=
@@ -24,9 +24,6 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
--
-minidlna
- Regression update
---
netty
--
nodejs
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59ffeed37daab29a8587fc9fa20847b833da749a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59ffeed37daab29a8587fc9fa20847b833da749a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 653bb286 by Salvatore Bonaccorso at 2021-01-05T21:25:00+01:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2021-3023 CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...) - TODO: check + NOT-FOR-US: ISPConfig CVE-2021-3020 RESERVED CVE-2021-22685 @@ -391,7 +391,7 @@ CVE-2021-22496 CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...) - TODO: check + NOT-FOR-US: Samsung Note20 mobile devices CVE-2021-22493 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) @@ -1061,7 +1061,7 @@ CVE-2021-22161 CVE-2021-22160 RESERVED CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...) - TODO: check + NOT-FOR-US: Veritas CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...) TODO: check CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...) @@ -9990,7 +9990,7 @@ CVE-2020-29479 (An issue was discovered in Xen through 4.14.x. In the Ocaml xens [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-353.html CVE-2020-29478 (CA Service Catalog 17.2 and 17.3 contain a vulnerability in the defaul ...) - TODO: check + NOT-FOR-US: CA Service Catalog CVE-2021-1635 RESERVED CVE-2021-1634 @@ -21157,9 +21157,9 @@ CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an CVE-2020-26047 RESERVED CVE-2020-26046 (FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. Th ...) - TODO: check + NOT-FOR-US: FUEL CMS CVE-2020-26045 (FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/per ...) - TODO: check + NOT-FOR-US: FUEL CMS CVE-2020-26044 RESERVED CVE-2020-26043 (An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerabil ...) @@ -49166,7 +49166,7 @@ CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functiona CVE-2020-13542 (A local privilege elevation vulnerability exists in the file system pe ...) NOT-FOR-US: LogicalDoc CVE-2020-13541 (An exploitable local privilege elevation vulnerability exists in the f ...) - TODO: check + NOT-FOR-US: Mobile-911 Server CVE-2020-13540 (An exploitable local privilege elevation vulnerability exists in the f ...) TODO: check CVE-2020-13539 (An exploitable local privilege elevation vulnerability exists in the f ...) @@ -66730,7 +66730,7 @@ CVE-2020-7204 CVE-2020-7203 (A potential security vulnerability has been identified in HPE iLO Ampl ...) NOT-FOR-US: HPE CVE-2020-7202 (A potential security vulnerability has been identified in HPE Integrat ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-7201 (A potential security vulnerability has been identified in the HPE Stor ...) NOT-FOR-US: HPE CVE-2020-7200 (A potential security vulnerability has been identified in HPE Systems ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653bb286fe42b4a8882bcfdbae1edd0dd93b7983 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/653bb286fe42b4a8882bcfdbae1edd0dd93b7983 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for nodejs issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 85472ac0 by Salvatore Bonaccorso at 2021-01-05T21:20:25+01:00 Add Debian bug reference for nodejs issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -63995,7 +63995,7 @@ CVE-2020-8288 RESERVED CVE-2020-8287 [nodejs: HTTP Request Smuggling] RESERVED - - nodejs + - nodejs (bug #979364) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1) @@ -64058,7 +64058,7 @@ CVE-2020-8266 RESERVED CVE-2020-8265 [nodejs: use-after-free in TLSWrap] RESERVED - - nodejs + - nodejs (bug #979364) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85472ac08d6d8ed7f7a749a21a8bed66e866d26b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/85472ac08d6d8ed7f7a749a21a8bed66e866d26b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8b37149a by Salvatore Bonaccorso at 2021-01-05T21:16:14+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2021-3024 CVE-2021-3023 RESERVED CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) - TODO: check + NOT-FOR-US: LG mobile devices CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...) TODO: check CVE-2021-3020 @@ -389,13 +389,13 @@ CVE-2021-22497 CVE-2021-22496 RESERVED CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...) TODO: check CVE-2021-22493 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) - TODO: check + NOT-FOR-US: Samsung mobile devices CVE-2021-22491 RESERVED CVE-2021-22490 @@ -72977,7 +72977,7 @@ CVE-2020-4901 CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...) NOT-FOR-US: IBM CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4898 RESERVED CVE-2020-4897 @@ -73254,9 +73254,9 @@ CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request fo CVE-2020-4763 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through ...) NOT-FOR-US: IBM CVE-2020-4762 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4760 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable ...) @@ -128783,7 +128783,7 @@ CVE-2019-4730 CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4728 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4727 RESERVED CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b37149a963619f25b9c0da823f51576bebc0117 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b37149a963619f25b9c0da823f51576bebc0117 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0a0d5c6f by security tracker role at 2021-01-05T20:10:23+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,1067 @@ +CVE-2021-3024 + RESERVED +CVE-2021-3023 + RESERVED +CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) + TODO: check +CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...) + TODO: check +CVE-2021-3020 + RESERVED +CVE-2021-22685 + RESERVED +CVE-2021-22684 + RESERVED +CVE-2021-22683 + RESERVED +CVE-2021-22682 + RESERVED +CVE-2021-22681 + RESERVED +CVE-2021-22680 + RESERVED +CVE-2021-22679 + RESERVED +CVE-2021-22678 + RESERVED +CVE-2021-22677 + RESERVED +CVE-2021-22676 + RESERVED +CVE-2021-22675 + RESERVED +CVE-2021-22674 + RESERVED +CVE-2021-22673 + RESERVED +CVE-2021-22672 + RESERVED +CVE-2021-22671 + RESERVED +CVE-2021-22670 + RESERVED +CVE-2021-22669 + RESERVED +CVE-2021-22668 + RESERVED +CVE-2021-22667 + RESERVED +CVE-2021-22666 + RESERVED +CVE-2021-22665 + RESERVED +CVE-2021-22664 + RESERVED +CVE-2021-22663 + RESERVED +CVE-2021-22662 + RESERVED +CVE-2021-22661 + RESERVED +CVE-2021-22660 + RESERVED +CVE-2021-22659 + RESERVED +CVE-2021-22658 + RESERVED +CVE-2021-22657 + RESERVED +CVE-2021-22656 + RESERVED +CVE-2021-22655 + RESERVED +CVE-2021-22654 + RESERVED +CVE-2021-22653 + RESERVED +CVE-2021-22652 + RESERVED +CVE-2021-22651 + RESERVED +CVE-2021-22650 + RESERVED +CVE-2021-22649 + RESERVED +CVE-2021-22648 + RESERVED +CVE-2021-22647 + RESERVED +CVE-2021-22646 + RESERVED +CVE-2021-22645 + RESERVED +CVE-2021-22644 + RESERVED +CVE-2021-22643 + RESERVED +CVE-2021-22642 + RESERVED +CVE-2021-22641 + RESERVED +CVE-2021-22640 + RESERVED +CVE-2021-22639 + RESERVED +CVE-2021-22638 + RESERVED +CVE-2021-22637 + RESERVED +CVE-2021-22636 + RESERVED +CVE-2021-22635 + RESERVED +CVE-2021-22634 + RESERVED +CVE-2021-22633 + RESERVED +CVE-2021-22632 + RESERVED +CVE-2021-22631 + RESERVED +CVE-2021-22630 + RESERVED +CVE-2021-22629 + RESERVED +CVE-2021-22628 + RESERVED +CVE-2021-22627 + RESERVED +CVE-2021-22626 + RESERVED +CVE-2021-22625 + RESERVED +CVE-2021-22624 + RESERVED +CVE-2021-22623 + RESERVED +CVE-2021-22622 + RESERVED +CVE-2021-22621 + RESERVED +CVE-2021-22620 + RESERVED +CVE-2021-22619 + RESERVED +CVE-2021-22618 + RESERVED +CVE-2021-22617 + RESERVED +CVE-2021-22616 + RESERVED +CVE-2021-22615 + RESERVED +CVE-2021-22614 + RESERVED +CVE-2021-22613 + RESERVED +CVE-2021-22612 + RESERVED +CVE-2021-22611 + RESERVED +CVE-2021-22610 + RESERVED +CVE-2021-22609 + RESERVED +CVE-2021-22608 + RESERVED +CVE-2021-22607 + RESERVED +CVE-2021-22606 + RESERVED +CVE-2021-22605 + RESERVED +CVE-2021-22604 + RESERVED +CVE-2021-22603 + RESERVED +CVE-2021-22602 + RESERVED +CVE-2021-22601 + RESERVED +CVE-2021-22600 + RESERVED +CVE-2021-22599 + RESERVED +CVE-2021-22598 + RESERVED +CVE-2021-22597 + RESERVED +CVE-2021-22596 + RESERVED +CVE-2021-22595 + RESERVED +CVE-2021-22594 + RESERVED +CVE-2021-22593 + RESERVED +CVE-2021-22592 + RESERVED +CVE-2021-22591 + RESERVED +CVE-2021-22590 + RESERVED +CVE-2021-22589 + RESERVED +CVE-2021-22588 + RESERVED +CVE-2021-22587 + RESERVED +CVE-2021-22586 + RESERVED +CVE-2021-22585 + RESERVED +CVE-2021-22584 + RESERVED +CVE-2021-22583 + RESERVED +CVE-2021-22582 + RESERVED +CVE-2021-22581 + RESERVED +CVE-2021-22580 + RESERVED +CVE-2021-22579 + RESERVED +CVE-2021-22578 + RESERVED +CVE-2021-22577 + RESERVED +CVE-2021-22576 + RESERVED +CVE-2021-22575 + RESERVED +CVE-2021-22574 + RESERVED +CVE-2021-22573 + RESERVED +CVE-2021-22572 + RESERVED +CVE-2021-22571 + RESERVED +CVE-2021-22570 + RESERVED +CVE-2021-22569 + RESERVED +CVE-2021-22568 + RESERVED +CVE-2021-22567 + RESERVED +CVE-2021-22566 + RESERVED +CVE-2021-22565 + RESERVED +CVE-2021-22564 + RESERVED +CVE-2021-22563 + RESERVED +CVE-2021-22562 + RESERVED +CVE-2021-22561 + RESERVED +CVE-2021-22560 + RESERVED +CVE-2021-22559 + RESERVED +CVE-2021-22558 + RESERVED +CVE-2021-22557 + RESERVED +CVE-2021-22556 + RESERVED +CVE-2021-22555 + RESERVED +CVE-2021-22554 +
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for dovecot issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a3509a68 by Salvatore Bonaccorso at 2021-01-05T21:07:41+01:00
Add Debian bug reference for dovecot issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -21964,7 +21964,7 @@ CVE-2020-25276 (An issue was discovered in PrimeKey
EJBCA 6.x and 7.x before 7.4
NOT-FOR-US: PrimeKey
CVE-2020-25275 (Dovecot before 2.3.13 has Improper Input Validation in lda,
lmtp, and ...)
{DSA-4825-1}
- - dovecot
+ - dovecot (bug #979363)
NOTE:
https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
NOTE:
https://github.com/dovecot/core/commit/67f792cb98267ee74c425772e766e7a2525c0d8f
NOTE:
https://github.com/dovecot/core/commit/6ae93c3936fc870c313a6fdf44a0999d4129d9b8
@@ -23962,7 +23962,7 @@ CVE-2020-24387 (An issue was discovered in the
yh_create_session() function of y
NOT-FOR-US: yubihsm-shell
CVE-2020-24386 (An issue was discovered in Dovecot before 2.3.13. By using
IMAP IDLE, ...)
{DSA-4825-1}
- - dovecot
+ - dovecot (bug #979363)
NOTE:
https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
NOTE:
https://github.com/dovecot/core/commit/00df2308b0733e810824545183d73276c416cdd3
NOTE:
https://github.com/dovecot/core/commit/b4a9872b833b7985c7d0e7615f1b7fc812dd4c55
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3509a6807fc602897c4c832a4e471b5cdfda0b9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3509a6807fc602897c4c832a4e471b5cdfda0b9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-12658/gssproxy as unimportant
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f45a70ca by Salvatore Bonaccorso at 2021-01-05T20:49:11+01:00
Mark CVE-2020-12658/gssproxy as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -50335,8 +50335,9 @@ CVE-2020-12659 (An issue was discovered in the Linux
kernel before 5.6.7. xdp_um
NOTE:
https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2)
CVE-2020-12658 (gssproxy (aka gss-proxy) before 0.8.3 does not unlock
cond_mutex befor ...)
{DLA-2516-1}
- - gssproxy (bug #978931)
+ - gssproxy (unimportant; bug #978931)
NOTE:
https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003
(v0.8.3)
+ NOTE: code change in question only happens in a shutdown path.
CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5.
There is a u ...)
- linux 5.6.7-1
[buster] - linux 4.19.118-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f45a70ca8ef9adf2e932f2eba59c3434043d3073
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f45a70ca8ef9adf2e932f2eba59c3434043d3073
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2518-1 for cairo
Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe75c878 by Utkarsh Gupta at 2021-01-06T01:01:49+05:30
Reserve DLA-2518-1 for cairo
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[06 Jan 2021] DLA-2518-1 cairo - security update
+ {CVE-2020-35492}
+ [stretch] - cairo 1.14.8-1+deb9u1
[05 Jan 2021] DLA-2517-1 dovecot - security update
{CVE-2020-24386 CVE-2020-25275}
[stretch] - dovecot 1:2.2.27-3+deb9u7
=
data/dla-needed.txt
=
@@ -25,8 +25,6 @@ ansible (Markus Koschany)
NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
NOTE: 20201228: apo: Partial update will be released this week now.
--
-cairo (Utkarsh Gupta)
---
ceph (Emilio)
NOTE: 20200707: Vulnerable to at least CVE-2018-14662. (lamby)
NOTE: 20200707: Some discussion regarding removal
(lamby)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe75c878b67607389a6746b1f475352d7cd0d8ac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe75c878b67607389a6746b1f475352d7cd0d8ac
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 3f5ed7c8 by Moritz Muehlenhoff at 2021-01-05T19:43:11+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14126,6 +14126,7 @@ CVE-2021-0302 RESERVED CVE-2021-0301 RESERVED + NOT-FOR-US: MediaTek components for Android CVE-2020-28335 RESERVED CVE-2020-28334 (Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 ...) @@ -55065,10 +55066,13 @@ CVE-2020-11263 RESERVED CVE-2020-11262 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11261 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11260 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11259 RESERVED CVE-2020-11258 @@ -55089,6 +55093,7 @@ CVE-2020-11251 RESERVED CVE-2020-11250 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11249 RESERVED CVE-2020-11248 @@ -55107,22 +55112,28 @@ CVE-2020-11242 RESERVED CVE-2020-11241 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11240 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11239 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11238 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11237 RESERVED CVE-2020-11236 RESERVED CVE-2020-11235 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11234 RESERVED CVE-2020-11233 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11232 RESERVED CVE-2020-11231 @@ -55236,8 +55247,10 @@ CVE-2020-11183 NOT-FOR-US: Qualcomm components for Android CVE-2020-11182 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11181 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11180 RESERVED CVE-2020-11179 @@ -55286,6 +55299,7 @@ CVE-2020-11160 NOT-FOR-US: Qualcomm components for Android CVE-2020-11159 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...) NOT-FOR-US: Qualcomm CVE-2020-11157 (u'Lack of handling unexpected control messages while encryption was in ...) @@ -55349,6 +55363,7 @@ CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser NOT-FOR-US: Snapdragon CVE-2020-11134 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...) NOT-FOR-US: Snapdragon CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...) @@ -55365,6 +55380,7 @@ CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of ta NOT-FOR-US: Qualcomm components for Android CVE-2020-11126 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to lack of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5ed7c8fbd138dc24525077587e06cc1fd52989 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5ed7c8fbd138dc24525077587e06cc1fd52989 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-2517-1 for dovecot
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f37aa017 by Chris Lamb at 2021-01-05T16:40:01+00:00
Reserve DLA-2517-1 for dovecot
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,6 @@
+[05 Jan 2021] DLA-2517-1 dovecot - security update
+ {CVE-2020-24386 CVE-2020-25275}
+ [stretch] - dovecot 1:2.2.27-3+deb9u7
[04 Jan 2021] DLA-2516-1 gssproxy - security update
{CVE-2020-12658}
[stretch] - gssproxy 0.5.1-2+deb9u1
=
data/dla-needed.txt
=
@@ -43,8 +43,6 @@ condor
NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o
(roberto)
NOTE: 20200727: Waiting on maintainer feedback:
https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
--
-dovecot (Chris Lamb)
---
f2fs-tools
NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0
and 1.13.0, but it is not trivial to
NOTE: 20200815: to detect which of the patches correlates to the CVE.
Contacting upstream might be necessary. (sunweaver)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f37aa0173eaee218228f312a3dd52339bf3615fb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f37aa0173eaee218228f312a3dd52339bf3615fb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2021-0323
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 236f2162 by Salvatore Bonaccorso at 2021-01-05T17:06:59+01:00 Add CVE-2021-0323 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14068,6 +14068,7 @@ CVE-2021-0324 RESERVED CVE-2021-0323 RESERVED + NOTE: Duplicate for CVE-2020-10767, clarification with Android security team pending CVE-2021-0322 RESERVED NOT-FOR-US: Android View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/236f21624de6c702afdd1c0a506631d6beb7181e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/236f21624de6c702afdd1c0a506631d6beb7181e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fccf309 by Moritz Muehlenhoff at 2021-01-05T16:46:24+01:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14070,44 +14070,57 @@ CVE-2021-0323 RESERVED CVE-2021-0322 RESERVED + NOT-FOR-US: Android CVE-2021-0321 RESERVED + NOT-FOR-US: Android CVE-2021-0320 RESERVED CVE-2021-0319 RESERVED + NOT-FOR-US: Android CVE-2021-0318 RESERVED + NOT-FOR-US: Android CVE-2021-0317 RESERVED + NOT-FOR-US: Android CVE-2021-0316 RESERVED CVE-2021-0315 RESERVED + NOT-FOR-US: Android CVE-2021-0314 RESERVED CVE-2021-0313 RESERVED + NOT-FOR-US: Android CVE-2021-0312 RESERVED CVE-2021-0311 RESERVED CVE-2021-0310 RESERVED + NOT-FOR-US: Android CVE-2021-0309 RESERVED + NOT-FOR-US: Android CVE-2021-0308 RESERVED CVE-2021-0307 RESERVED + NOT-FOR-US: Android CVE-2021-0306 RESERVED + NOT-FOR-US: Android CVE-2021-0305 RESERVED CVE-2021-0304 RESERVED + NOT-FOR-US: Android CVE-2021-0303 RESERVED + NOT-FOR-US: Android CVE-2021-0302 RESERVED CVE-2021-0301 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fccf309c5b15c982152806b379b59db3a04441e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fccf309c5b15c982152806b379b59db3a04441e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync stretch status for CVE-2021-0342
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4855fbe8 by Salvatore Bonaccorso at 2021-01-05T16:43:24+01:00 Sync stretch status for CVE-2021-0342 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14028,6 +14028,7 @@ CVE-2021-0342 RESERVED - linux 5.7.6-1 [buster] - linux 4.19.131-1 + [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f CVE-2021-0341 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4855fbe89db9b77de339966a6c9bb37853adc277 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4855fbe89db9b77de339966a6c9bb37853adc277 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Sync version information for CVE-2021-0342 with kernel-sec
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8208cbc4 by Salvatore Bonaccorso at 2021-01-05T16:40:12+01:00 Sync version information for CVE-2021-0342 with kernel-sec - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14026,7 +14026,8 @@ CVE-2021-0343 RESERVED CVE-2021-0342 RESERVED - - linux 5.8.7-1 + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f CVE-2021-0341 RESERVED View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8208cbc4513137ba68e388e3549123770176c8f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8208cbc4513137ba68e388e3549123770176c8f4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new linux issue, NFUs from Pixel advisory
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: a00b161a by Moritz Muehlenhoff at 2021-01-05T16:35:57+01:00 new linux issue, NFUs from Pixel advisory - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -14026,6 +14026,8 @@ CVE-2021-0343 RESERVED CVE-2021-0342 RESERVED + - linux 5.8.7-1 + NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f CVE-2021-0341 RESERVED CVE-2021-0340 @@ -17701,6 +17703,7 @@ CVE-2020-27060 RESERVED CVE-2020-27059 RESERVED + NOT-FOR-US: Android CVE-2020-27058 RESERVED CVE-2020-27057 (In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, the ...) @@ -55261,8 +55264,10 @@ CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input pa NOT-FOR-US: Qualcomm components for Android CVE-2020-11161 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11160 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2020-11159 RESERVED CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a00b161a02d25ddcab55d1cc48b905ca043aa46c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a00b161a02d25ddcab55d1cc48b905ca043aa46c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] remove obsolete TODO
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 834d1ded by Moritz Muehlenhoff at 2021-01-05T15:12:12+01:00 remove obsolete TODO - - - - - 1 changed file: - − org/TODO Changes: = org/TODO deleted = @@ -1,74 +0,0 @@ -To Do List of the Security Team -=== -Items which are not related to preparing security updates, e.g. work on -infrastructure - -Category - - task (who is on it) - ---BEGIN -Infrastructure - - remove all reference to Security Audit - https://www.debian.org/security/audit/ - - svnsync setup on soler to back up alioth in near-realtime (fw) - - sec-private Subversion or Git repository on seger (fw, carnil) - - check for using git-remote-gcrypt (carnil) - - notify DSA and verify it is part of the backup - - Disable RT queues for Security; clarify with DSA if a 'autoresponder - not including the mailtext can be activated for a transitional period - to redirect to request to be resent to the team alias - - Clarify with ftp-masters status of unembargoed and embargoed queues - on security-master - - Plan for renaming alioth project from secure-testing -> - security-tracker. Contact alioth admins. - -Security Tracker - - ask Jon Wiltshire if new status to differentiate between "no-dsa, if - the maintainer wants to fix in a point update go ahead" and "no-dsa, - was ignored because it's possible to backport" is still needed. (fw) - -Security Tracker svn to git conversion - - svn author list generation and conversion of svn repository to git - repository: - * Guide: https://git-scm.com/book/en/Git-and-Other-Systems-Migrating-to-Git - - joeyh's commit script needs to be adopted to git - * When fixing the joeyh one, I think it makes sense to move it to a - role account on alioth (as previously discussed), rather than this - personal account, at the same time. - - External check cronjob from Raphael - * When fixing it, also migrate to the role account - - Daily DSA status report to team alias - * Should also move to role account - - the tracker itself needs to be adopted - - Checkout on moszumanska in /home/groups/secure-testing (See - README.repo there) - - There's also a very useful pre-commit hook that checks syntax of - commits to data/*. This is something that also would need a place - somewhere/in the git repository. - - the sectracker user is subscribed to the commits mailinglists, and - the commit messages trigger updates of the tracker. - - https://security-team.debian.org (on dillon.debian.org) is updated from svn, - needs to be switched (simple) - - https://contributors.debian.org/source/Debian%20Security%20Tracker - - Allocating DSA's + DLA's: svn guarantees we do not race on DSA+DLA - allocations via DSA/DLA files. Having distributed VCS we would need - to avoid races on DSA+DLA allocations. - -Organisation - - Compile a list of packages for which helpers with test setups are - wanted (jmm) - - -Web pages - - rename "Mitre CVE database" to "CVE IDs" (fw) - - replace CVE cross-reference with links to approrate security tracker - information - - check if the developers-reference (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security) - still holds updated information. - - check if the security related information in wiki.debian.org is updated. (luciano) - - Teams/TestingSecurity (tagged as deprecated) - - http://testing-security.debian.net/ - - https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-security-support-testing - - Create webpage like release team has (https://release.debian.org) e.g. pointing - to https://security-team.debian.org holding all relevant entry points for tasks, - relevant information on workflows, etc ... (luciano) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/834d1dedcc3af8b23a064161e3bd2f33f2142d84 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/834d1dedcc3af8b23a064161e3bd2f33f2142d84 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim python-autobahn
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker Commits: 888c3d12 by Abhijith PA at 2021-01-05T18:11:39+05:30 data/dla-needed.txt: Claim python-autobahn - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -116,7 +116,7 @@ php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- -python-autobahn +python-autobahn (Abhijith PA) -- qemu (Adrian Bunk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/888c3d122ab3727ebe597b836b3a39703073e8de -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/888c3d122ab3727ebe597b836b3a39703073e8de You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2020-1751{8,9} as NFU
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c8af0d4 by Salvatore Bonaccorso at 2021-01-05T13:01:49+01:00
Add CVE-2020-1751{8,9} as NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -37783,8 +37783,10 @@ CVE-2020-17520 (In the Pulsar manager 0.1.0 version,
malicious users will be abl
NOT-FOR-US: Apache Pulsar
CVE-2020-17519
RESERVED
+ NOT-FOR-US: Apache Flink
CVE-2020-17518
RESERVED
+ NOT-FOR-US: Apache Flink
CVE-2020-17517
RESERVED
CVE-2020-17516
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c8af0d497ec383fa2eced3ba438a138462afdf7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c8af0d497ec383fa2eced3ba438a138462afdf7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage python-autobahn for stretch LTS (CVE-2020-35678).
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 625b173e by Chris Lamb at 2021-01-05T11:54:25+00:00 data/dla-needed.txt: Triage python-autobahn for stretch LTS (CVE-2020-35678). - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -116,6 +116,8 @@ php-horde-trean NOTE: 20200829: Reconsidering CVE-2019-12095 and what has been written in https://bugs.horde.org/ticket/14926 (sunweaver) NOTE: 20200829: We may not expect too much activity regarding this by upstream. (sunweaver) -- +python-autobahn +-- qemu (Adrian Bunk) -- reel View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/625b173e84c8067b9b985fd00fcd6f69bcc77870 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/625b173e84c8067b9b985fd00fcd6f69bcc77870 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2020-8265 & CVE-2020-8287 in nodejs for stretch LTS.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: 90197274 by Chris Lamb at 2021-01-05T11:46:19+00:00 Triage CVE-2020-8265 CVE-2020-8287 in nodejs for stretch LTS. - - - - - e649746a by Chris Lamb at 2021-01-05T11:49:43+00:00 Triage CVE-2019-25013 in glibc for stretch LTS. - - - - - 8721392d by Chris Lamb at 2021-01-05T11:51:33+00:00 data/dla-needed.txt: Triage dovecot for stretch LTS (CVE-2020-24386). - - - - - 3bee5826 by Chris Lamb at 2021-01-05T11:51:41+00:00 data/dla-needed.txt: Claim dovecot. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -1833,6 +1833,7 @@ CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and befor CVE-2019-25013 (The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...) - glibc 2.31-9 (bug #979273) [buster] - glibc (Minor issue) + [stretch] - glibc (Minor issue; can be fixed in next update) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24973 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows remote attack ...) @@ -62897,6 +62898,7 @@ CVE-2020-8288 CVE-2020-8287 [nodejs: HTTP Request Smuggling] RESERVED - nodejs + [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1) CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...) @@ -62959,6 +62961,7 @@ CVE-2020-8266 CVE-2020-8265 [nodejs: use-after-free in TLSWrap] RESERVED - nodejs + [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1) CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode] = data/dla-needed.txt = @@ -43,6 +43,8 @@ condor NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto) NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto) -- +dovecot (Chris Lamb) +-- f2fs-tools NOTE: 20200815: About CVE-2020-6070. The fix got introduced between 1.12.0 and 1.13.0, but it is not trivial to NOTE: 20200815: to detect which of the patches correlates to the CVE. Contacting upstream might be necessary. (sunweaver) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cbce0649ef97dde19e17f61bb0d3ad104db1725f...3bee5826da806c56db434e2470283dbae7fc02b5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cbce0649ef97dde19e17f61bb0d3ad104db1725f...3bee5826da806c56db434e2470283dbae7fc02b5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] update on Intel Bluebooth firmware issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cbce0649 by Moritz Muehlenhoff at 2021-01-05T09:32:46+01:00 update on Intel Bluebooth firmware issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -51209,21 +51209,21 @@ CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth( - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html - TODO: check, maybe fixed all already in firmware-nonfree/20201022 (and so next sid upload, but part of the fixes are in 20200918-1) + NOTE: See notes for CVE-2020-12313 CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...) NOT-FOR-US: Intel CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html - TODO: check details + NOTE: See notes for CVE-2020-12313 CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...) NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...) - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html - TODO: check details + NOTE: See notes for CVE-2020-12313 CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...) NOT-FOR-US: Intel CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...) @@ -51234,7 +51234,12 @@ CVE-2020-12313 (Insufficient control flow management in some Intel(R) PROSet/Wir - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html - TODO: check details + NOTE: Fixed firmware blobs: + NOTE: ibt-18-16-1.sfi: FW Build: REL17064 Release Version: 22.20.0.3 + NOTE: ibt-hw-37.8.10-fw-22.50.19.14.f.bseq + NOTE: Not shipped in Debian: Wi-Fi 6 AX200, Wireless-AC 9560, Wireless-AC 9462, Wireless-AC 9461, Dual Band Wireless-AC 3165 + NOTE: Intel seems to have missed the update for ibt-12-16.sfi, last update from May 2019 + NOTE: Intel seems to have missed the update for ibt-11-5.sfi, last update from Jan 2019 CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) NOT-FOR-US: Intel CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbce0649ef97dde19e17f61bb0d3ad104db1725f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbce0649ef97dde19e17f61bb0d3ad104db1725f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: Add references to upstream commits for 10.23.1 fixed for nodejs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
902e9400 by Salvatore Bonaccorso at 2021-01-05T09:19:14+01:00
Add references to upstream commits for 10.23.1 fixed for nodejs
- - - - -
30e9907f by Salvatore Bonaccorso at 2021-01-05T09:21:37+01:00
Process new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,7 +1,7 @@
CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read
/../conf/config.p ...)
TODO: check
CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable
to an un ...)
- TODO: check
+ NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS)
CVE-2021-3017
RESERVED
CVE-2021-3016
@@ -8660,11 +8660,11 @@ CVE-2020-29500
CVE-2020-29499
RESERVED
CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an
open redir ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse Management Suite
CVE-2020-29497 (Dell Wyse Management Suite versions prior to 3.1 contain a
stored cros ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse Management Suite
CVE-2020-29496 (Dell Wyse Management Suite versions prior to 3.1 contain a
stored cros ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse Management Suite
CVE-2020-29495
RESERVED
CVE-2020-29494
@@ -8672,9 +8672,9 @@ CVE-2020-29494
CVE-2020-29493
RESERVED
CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure
default co ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse ThinOS
CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure
default co ...)
- TODO: check
+ NOT-FOR-US: Dell Wyse ThinOS
CVE-2020-29490
RESERVED
CVE-2020-29489
@@ -62893,6 +62893,7 @@ CVE-2020-8287 [nodejs: HTTP Request Smuggling]
RESERVED
- nodejs
NOTE: https://nodejs.org/en/blog/release/v10.23.1/
+ NOTE:
https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e
(v10.23.1)
CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check
for cert ...)
{DLA-2500-1}
- curl 7.74.0-1 (bug #977161)
@@ -62954,6 +62955,7 @@ CVE-2020-8265 [nodejs: use-after-free in TLSWrap]
RESERVED
- nodejs
NOTE: https://nodejs.org/en/blog/release/v10.23.1/
+ NOTE:
https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed
(v10.23.1)
CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode]
RESERVED
- rails 2:6.0.3.4+dfsg-1 (bug #971988)
@@ -70337,7 +70339,7 @@ CVE-2020-5363 (Select Dell Client Consumer and
Commercial platforms include an i
CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an
improper auth ...)
NOT-FOR-US: Dell
CVE-2020-5361 (Select Dell Client Commercial and Consumer platforms support a
BIOS pa ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are
vulnerable ...)
NOT-FOR-US: Dell
CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are
vulnerable ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7db2ddec8ee1e62e531b98ee3881b4ea883afeb9...30e9907fa9ef93c463bb84be9ec75287929c7069
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7db2ddec8ee1e62e531b98ee3881b4ea883afeb9...30e9907fa9ef93c463bb84be9ec75287929c7069
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7db2ddec by security tracker role at 2021-01-05T08:10:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,389 @@ +CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...) + TODO: check +CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...) + TODO: check +CVE-2021-3017 + RESERVED +CVE-2021-3016 + RESERVED +CVE-2021-3015 + RESERVED +CVE-2021-22159 + RESERVED +CVE-2021-22158 + RESERVED +CVE-2021-22157 + RESERVED +CVE-2021-22156 + RESERVED +CVE-2021-22155 + RESERVED +CVE-2021-22154 + RESERVED +CVE-2021-22153 + RESERVED +CVE-2021-22152 + RESERVED +CVE-2021-22151 + RESERVED +CVE-2021-22150 + RESERVED +CVE-2021-22149 + RESERVED +CVE-2021-22148 + RESERVED +CVE-2021-22147 + RESERVED +CVE-2021-22146 + RESERVED +CVE-2021-22145 + RESERVED +CVE-2021-22144 + RESERVED +CVE-2021-22143 + RESERVED +CVE-2021-22142 + RESERVED +CVE-2021-22141 + RESERVED +CVE-2021-22140 + RESERVED +CVE-2021-22139 + RESERVED +CVE-2021-22138 + RESERVED +CVE-2021-22137 + RESERVED +CVE-2021-22136 + RESERVED +CVE-2021-22135 + RESERVED +CVE-2021-22134 + RESERVED +CVE-2021-22133 + RESERVED +CVE-2021-22132 + RESERVED +CVE-2021-22131 + RESERVED +CVE-2021-22130 + RESERVED +CVE-2021-22129 + RESERVED +CVE-2021-22128 + RESERVED +CVE-2021-22127 + RESERVED +CVE-2021-22126 + RESERVED +CVE-2021-22125 + RESERVED +CVE-2021-22124 + RESERVED +CVE-2021-22123 + RESERVED +CVE-2021-22122 + RESERVED +CVE-2021-22121 + RESERVED +CVE-2021-22120 + RESERVED +CVE-2021-22119 + RESERVED +CVE-2021-22118 + RESERVED +CVE-2021-22117 + RESERVED +CVE-2021-22116 + RESERVED +CVE-2021-22115 + RESERVED +CVE-2021-22114 + RESERVED +CVE-2021-22113 + RESERVED +CVE-2021-22112 + RESERVED +CVE-2021-22111 + RESERVED +CVE-2021-22110 + RESERVED +CVE-2021-22109 + RESERVED +CVE-2021-22108 + RESERVED +CVE-2021-22107 + RESERVED +CVE-2021-22106 + RESERVED +CVE-2021-22105 + RESERVED +CVE-2021-22104 + RESERVED +CVE-2021-22103 + RESERVED +CVE-2021-22102 + RESERVED +CVE-2021-22101 + RESERVED +CVE-2021-22100 + RESERVED +CVE-2021-22099 + RESERVED +CVE-2021-22098 + RESERVED +CVE-2021-22097 + RESERVED +CVE-2021-22096 + RESERVED +CVE-2021-22095 + RESERVED +CVE-2021-22094 + RESERVED +CVE-2021-22093 + RESERVED +CVE-2021-22092 + RESERVED +CVE-2021-22091 + RESERVED +CVE-2021-22090 + RESERVED +CVE-2021-22089 + RESERVED +CVE-2021-22088 + RESERVED +CVE-2021-22087 + RESERVED +CVE-2021-22086 + RESERVED +CVE-2021-22085 + RESERVED +CVE-2021-22084 + RESERVED +CVE-2021-22083 + RESERVED +CVE-2021-22082 + RESERVED +CVE-2021-22081 + RESERVED +CVE-2021-22080 + RESERVED +CVE-2021-22079 + RESERVED +CVE-2021-22078 + RESERVED +CVE-2021-22077 + RESERVED +CVE-2021-22076 + RESERVED +CVE-2021-22075 + RESERVED +CVE-2021-22074 + RESERVED +CVE-2021-22073 + RESERVED +CVE-2021-22072 + RESERVED +CVE-2021-22071 + RESERVED +CVE-2021-22070 + RESERVED +CVE-2021-22069 + RESERVED +CVE-2021-22068 + RESERVED +CVE-2021-22067 + RESERVED +CVE-2021-22066 + RESERVED +CVE-2021-22065 + RESERVED +CVE-2021-22064 + RESERVED +CVE-2021-22063 + RESERVED +CVE-2021-22062 + RESERVED +CVE-2021-22061 + RESERVED +CVE-2021-22060 + RESERVED +CVE-2021-22059 + RESERVED +CVE-2021-22058 + RESERVED +CVE-2021-22057 + RESERVED +CVE-2021-22056 + RESERVED +CVE-2021-22055 + RESERVED +CVE-2021-22054 + RESERVED +CVE-2021-22053 + RESERVED +CVE-2021-22052 + RESERVED +CVE-2021-22051 + RESERVED +CVE-2021-22050 + RESERVED +CVE-2021-22049 + RESERVED +CVE-2021-22048 + RESERVED +CVE-2021-22047 + RESERVED +CVE-2021-22046 + RESERVED +CVE-2021-22045 + RESERVED +CVE-2021-22044 + RESERVED +CVE-2021-22043 + RESERVED +CVE-2021-22042 + RESERVED +CVE-2021-22041 + RESERVED +CVE-2021-22040 + RESERVED +CVE-2021-22039 + RESERVED +CVE-2021-22038 + RESERVED +CVE-2021-22037 + RESERVED +CVE-2021-22036 + RESERVED +CVE-2021-22035 + RESERVED +CVE-2021-22034 + RESERVED +CVE-2021-22033 + RESERVED +CVE-2021-22032 + RESERVED +CVE-2021-22031 + RESERVED +CVE-2021-22030 + RESERVED +CVE-2021-22029 + RESERVED
[Git][security-tracker-team/security-tracker][master] new nodejs issues
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c01d4a22 by Moritz Muehlenhoff at 2021-01-05T09:07:33+01:00
new nodejs issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=
data/CVE/list
=
@@ -62503,8 +62503,10 @@ CVE-2020-8289 (Backblaze for Windows before 7.0.1.433
and Backblaze for macOS be
NOT-FOR-US: Backblaze
CVE-2020-8288
RESERVED
-CVE-2020-8287
+CVE-2020-8287 [nodejs: HTTP Request Smuggling]
RESERVED
+ - nodejs
+ NOTE: https://nodejs.org/en/blog/release/v10.23.1/
CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check
for cert ...)
{DLA-2500-1}
- curl 7.74.0-1 (bug #977161)
@@ -62562,8 +62564,10 @@ CVE-2020-8267 (A security issue was found in UniFi
Protect controller v1.14.10 a
NOT-FOR-US: UniFi Protect controller
CVE-2020-8266
RESERVED
-CVE-2020-8265
+CVE-2020-8265 [nodejs: use-after-free in TLSWrap]
RESERVED
+ - nodejs
+ NOTE: https://nodejs.org/en/blog/release/v10.23.1/
CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode]
RESERVED
- rails 2:6.0.3.4+dfsg-1 (bug #971988)
=
data/dsa-needed.txt
=
@@ -29,6 +29,8 @@ minidlna
--
netty
--
+nodejs
+--
salt (carnil)
--
slurm-llnl (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c01d4a227209f59c1d28b89aceb99bad989c9bc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c01d4a227209f59c1d28b89aceb99bad989c9bc8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
