[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Apr 10 09:10:28 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43b016f1 by security tracker role at 2020-04-10T08:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,36 @@
-CVE-2020-11668 [media: xirlink_cit: add missing descriptor sanity checks]
+CVE-2020-11684
 	RESERVED
+CVE-2020-11683
+	RESERVED
+CVE-2020-11682
+	RESERVED
+CVE-2020-11681
+	RESERVED
+CVE-2020-11680
+	RESERVED
+CVE-2020-11679
+	RESERVED
+CVE-2020-11678
+	RESERVED
+CVE-2020-11677
+	RESERVED
+CVE-2020-11676
+	RESERVED
+CVE-2020-11675
+	RESERVED
+CVE-2020-11674
+	RESERVED
+CVE-2020-11673
+	RESERVED
+CVE-2020-11672
+	RESERVED
+CVE-2020-11671
+	RESERVED
+CVE-2020-11670
+	RESERVED
+CVE-2020-11669
+	RESERVED
+CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
 CVE-2020-11667
@@ -6630,8 +6661,8 @@ CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110
 	NOT-FOR-US: TimeTools devices
 CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...)
 	NOT-FOR-US: D-Link
-CVE-2020-8961
-	RESERVED
+CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...)
+	TODO: check
 CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...)
 	NOT-FOR-US: Western Digital mycloud.com
 CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
@@ -6928,16 +6959,14 @@ CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef
-CVE-2020-8834 [Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability]
-	RESERVED
+CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of  ...)
 	- linux 4.18.6-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2
 CVE-2020-8833
 	RESERVED
-CVE-2020-8832 [incomplete fix for CVE-2019-14615 allows for a local information exposure]
-	RESERVED
+CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...)
 	- linux <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817047
 	TODO: check (in kernel-sec) if we have incomplete fix
@@ -27106,8 +27135,7 @@ CVE-2020-1635
 	RESERVED
 CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...)
 	NOT-FOR-US: Juniper
-CVE-2020-1633
-	RESERVED
+CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...)
 	NOT-FOR-US: Juniper
 CVE-2020-1632
 	RESERVED
@@ -30388,10 +30416,10 @@ CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible
 	NOT-FOR-US: Symantec
 CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...)
 	NOT-FOR-US: Symantec
-CVE-2019-18376
-	RESERVED
-CVE-2019-18375
-	RESERVED
+CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote attacker, with a ...)
+	TODO: check
+CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a session h ...)
+	TODO: check
 CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & ...)
 	NOT-FOR-US: Symantec
 CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...)
@@ -65110,8 +65138,7 @@ CVE-2019-7306 [Apport hook may expose sensitive information]
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
 	NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
 	NOTE: non-issue in Debian as Apport not present.
-CVE-2019-7305 [extplorer exposes /usr and /etc/extplorer over HTTP]
-	RESERVED
+CVE-2019-7305 (Information Exposure vulnerability in eXtplorer makes the /usr/ and /e ...)
 	- extplorer <removed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013
 CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socket own ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b016f11d91561e2a7901b7398833585f171332

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43b016f11d91561e2a7901b7398833585f171332
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200410/6b5105e8/attachment.html>

More information about the debian-security-tracker-commits mailing list