[Git][security-tracker-team/security-tracker][master] buster triage

Sun Aug 23 18:48:51 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ad3c92a by Moritz Muehlenhoff at 2020-08-23T19:48:32+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14224,7 +14224,9 @@ CVE-2020-17508
 	RESERVED
 CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
 	- qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)
+	[buster] - qtbase-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
+	[buster] - qt4-x11 <no-dsa> (Minor issue)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch)
@@ -14246,6 +14248,7 @@ CVE-2020-17499
 	RESERVED
 CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...)
 	- wireshark 3.2.6-1
+	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
 	[stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b
@@ -14497,6 +14500,7 @@ CVE-2020-17381
 CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c]
 	RESERVED
 	- qemu <unfixed>
+	[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
 CVE-2020-17379
 	RESERVED
@@ -17201,6 +17205,7 @@ CVE-2020-16093
 	RESERVED
 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
 	- qemu <unfixed>
+	[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
 CVE-2020-16091
@@ -18146,10 +18151,13 @@ CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing tok
 	NOT-FOR-US: Joomla!
 CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...)
 	- nim 1.2.6-1
+	[buster] - nim <no-dsa> (Minor issue)
 CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
 	- nim 1.2.6-1
+	[buster] - nim <no-dsa> (Minor issue)
 CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
 	- nim 1.2.6-1
+	[buster] - nim <no-dsa> (Minor issue)
 CVE-2020-15691
 	RESERVED
 CVE-2020-15690
@@ -18988,6 +18996,7 @@ CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authent
 	NOT-FOR-US: Venki
 CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...)
 	- node-ajv 6.12.4-1
+	[buster] - node-ajv <no-dsa> (Minor issue)
 	NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
 	- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
@@ -41203,6 +41212,7 @@ CVE-2020-7068
 	RESERVED
 	- php7.4 7.4.9-1
 	- php7.3 <removed>
+	[buster] - php7.3 <postponed> (Minor issue, fix along in future DSA)
 	- php7.0 <removed>
 	NOTE: Fixed in PHP 7.4.9, 7.3.21, 7.2.33
 	NOTE: PHP Bug: https://bugs.php.net/79797


=====================================
data/dsa-needed.txt
=====================================
@@ -16,7 +16,7 @@ chromium
 --
 curl (ghedo)
 --
-icingaweb2
+icingaweb2 (jmm)
   Maintainer prepared an update
 --
 knot-resolver



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad3c92ad003fc49bacbeef3fec836ef94cf7fe1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ad3c92ad003fc49bacbeef3fec836ef94cf7fe1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200823/18783d41/attachment-0001.html>
