[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Aug 12 09:10:24 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa0982d1 by security tracker role at 2020-08-12T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
+	TODO: check
+CVE-2020-17494
+	RESERVED
+CVE-2020-17493
+	RESERVED
+CVE-2020-17492
+	RESERVED
+CVE-2020-17491
+	RESERVED
+CVE-2020-17490
+	RESERVED
+CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
+	TODO: check
+CVE-2020-17488
+	RESERVED
+CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causing a s ...)
+	TODO: check
 CVE-2020-17486
 	RESERVED
 CVE-2020-17485
@@ -2652,8 +2670,8 @@ CVE-2020-16172
 	RESERVED
 CVE-2020-16171
 	RESERVED
-CVE-2020-16170
-	RESERVED
+CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...)
+	TODO: check
 CVE-2020-16169 (Temi Robox OS 117.21 through 119.24 allows Authentication Bypass via a ...)
 	NOT-FOR-US: Temi Robox OS
 CVE-2020-16168 (Temi firmware 20190419.165201 does not properly verify that the source ...)
@@ -2705,7 +2723,7 @@ CVE-2020-16146
 	RESERVED
 CVE-2020-16145 [Fix cross-site scripting (XSS) via HTML messages with malicious svg content]
 	RESERVED
-	{DLA-2322-1}
+	{DSA-4744-1 DLA-2322-1}
 	- roundcube 1.4.8+dfsg.1-1 (bug #968216)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15)
@@ -22330,10 +22348,10 @@ CVE-2020-8914
 	RESERVED
 CVE-2020-8913
 	RESERVED
-CVE-2020-8912
-	RESERVED
-CVE-2020-8911
-	RESERVED
+CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...)
+	TODO: check
+CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...)
+	TODO: check
 CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...)
 	NOT-FOR-US: Google Closure Library
 CVE-2020-8909
@@ -26887,8 +26905,8 @@ CVE-2020-7031
 	RESERVED
 CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
 	NOT-FOR-US: IP Office
-CVE-2020-7029
-	RESERVED
+CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...)
+	TODO: check
 CVE-2020-7028
 	RESERVED
 CVE-2020-7027
@@ -47719,20 +47737,15 @@ CVE-2020-0262
 	RESERVED
 CVE-2020-0261
 	RESERVED
-CVE-2020-0260
-	RESERVED
+CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0259
-	RESERVED
+CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a possible way  ...)
 	NOT-FOR-US: Android
-CVE-2020-0258
-	RESERVED
+CVE-2020-0258 (In stopZygoteLocked of AppZygote.java, there is an insufficient cleanu ...)
 	NOT-FOR-US: Android
-CVE-2020-0257
-	RESERVED
+CVE-2020-0257 (In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a  ...)
 	NOT-FOR-US: Android
-CVE-2020-0256
-	RESERVED
+CVE-2020-0256 (In LoadPartitionTable of gpt.cc, there is a possible out of bounds wri ...)
 	NOT-FOR-US: Android
 CVE-2020-0255
 	RESERVED
@@ -47743,29 +47756,21 @@ CVE-2020-0255
 	NOTE: https://android.googlesource.com/kernel/common/+/fb73974172ff
 	NOTE: https://source.android.com/security/bulletin/2020-08-01
 	NOTE: Duplicate of CVE-2020-10751
-CVE-2020-0254
-	RESERVED
+CVE-2020-0254 (There is a possible out of bounds read due to an incorrect bounds chec ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0253
-	RESERVED
+CVE-2020-0253 (There is a possible memory corruption due to a use after free.Product: ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0252
-	RESERVED
+CVE-2020-0252 (There is a possible memory corruption due to a use after free.Product: ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0251
-	RESERVED
+CVE-2020-0251 (There is a possible out of bounds read due to an incorrect bounds chec ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0250
-	RESERVED
+CVE-2020-0250 (In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there  ...)
 	NOT-FOR-US: Android
-CVE-2020-0249
-	RESERVED
+CVE-2020-0249 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2020-0248
-	RESERVED
+CVE-2020-0248 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2020-0247
-	RESERVED
+CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a poss ...)
 	NOT-FOR-US: Android
 CVE-2020-0246
 	RESERVED
@@ -47773,23 +47778,17 @@ CVE-2020-0245
 	RESERVED
 CVE-2020-0244
 	RESERVED
-CVE-2020-0243
-	RESERVED
+CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...)
 	NOT-FOR-US: Android media framework
-CVE-2020-0242
-	RESERVED
+CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible use-after-free due ...)
 	NOT-FOR-US: Android media framework
-CVE-2020-0241
-	RESERVED
+CVE-2020-0241 (In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is poss ...)
 	NOT-FOR-US: Android media framework
-CVE-2020-0240
-	RESERVED
+CVE-2020-0240 (In NewFixedDoubleArray of factory.cc, there is a possible out of bound ...)
 	NOT-FOR-US: Android
-CVE-2020-0239
-	RESERVED
+CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a possible  ...)
 	NOT-FOR-US: Android
-CVE-2020-0238
-	RESERVED
+CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there is a  ...)
 	NOT-FOR-US: Android
 CVE-2020-0237
 	RESERVED
@@ -48066,8 +48065,7 @@ CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write du
 	NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2)
 CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...)
 	NOT-FOR-US: Android
-CVE-2020-0108
-	RESERVED
+CVE-2020-0108 (In postNotification of ServiceRecord.java, there is a possible bypass  ...)
 	NOT-FOR-US: Android
 CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...)
 	NOT-FOR-US: Android
@@ -50463,8 +50461,8 @@ CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware vers
 	NOT-FOR-US: D-Link
 CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
 	NOT-FOR-US: JFinal
-CVE-2019-17339
-	RESERVED
+CVE-2019-17339 (The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabr ...)
+	TODO: check
 CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0982d131faf364e2ed6b2678d9f9c5e7f29719

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0982d131faf364e2ed6b2678d9f9c5e7f29719
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200812/c30cbbf3/attachment.html>

More information about the debian-security-tracker-commits mailing list