[Git][security-tracker-team/security-tracker][master] new glibc issue
Moritz Muehlenhoff
jmm at debian.org
Thu Apr 2 10:47:46 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1ec87d4 by Moritz Muehlenhoff at 2020-04-02T11:47:18+02:00
new glibc issue
vague Apple libxml issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3867,33 +3867,33 @@ CVE-2020-9783 (A use after free issue was addressed with improved memory managem
CVE-2020-9782
RESERVED
CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9779
RESERVED
CVE-2020-9778
RESERVED
CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9774
RESERVED
CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9772
RESERVED
CVE-2020-9771
RESERVED
CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9767
RESERVED
CVE-2020-10028
@@ -5821,7 +5821,7 @@ CVE-2020-8968
CVE-2020-8967
RESERVED
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
- TODO: check
+ NOT-FOR-US: Tiki-Wiki Groupware
CVE-2020-8965
RESERVED
CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
@@ -12483,7 +12483,8 @@ CVE-2020-6098
CVE-2020-6097
RESERVED
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
- TODO: check
+ - glibc <unfixed>
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620
CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...)
- gst-rtsp-server1.0 1.16.2-3 (low)
[buster] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
@@ -18236,83 +18237,83 @@ CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnera
NOTE: https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
NOTE: Negligible security impact
CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3918
RESERVED
CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3915
RESERVED
CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3912 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...)
- TODO: check
+ - libxml2 <undetermined>
CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ - libxml2 <undetermined>
CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3906 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3905 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3904 (Multiple memory corruption issues were addressed with improved state m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3902 (An input validation issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3898
RESERVED
CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3896
RESERVED
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3891 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3890 (The issue was addressed with improved deletion. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3889 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3886
RESERVED
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3884 (An injection issue was addressed with improved validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3882
RESERVED
CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3880
RESERVED
CVE-2020-3879
@@ -18400,13 +18401,13 @@ CVE-2020-3852
CVE-2020-3851
RESERVED
CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3848 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3847 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...)
NOT-FOR-US: Apple
CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -32275,7 +32276,7 @@ CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3
- trafficserver 8.0.6+ds-1
NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E
CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...)
- TODO: check
+ NOT-FOR-US: Dubbo
CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...)
{DSA-4596-1 DLA-2077-1}
- tomcat9 9.0.31-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ec87d48dbc5e4c6ca30f2387dff20300a82679
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ec87d48dbc5e4c6ca30f2387dff20300a82679
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200402/562ede8c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list