[Git][security-tracker-team/security-tracker][master] curl fixed in sid

Moritz Muehlenhoff jmm at debian.org
Mon Aug 24 11:04:35 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfa153e8 by Moritz Muehlenhoff at 2020-08-24T12:04:16+02:00
curl fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21609,8 +21609,8 @@ CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
-	NOTE: Original patchset introduces regression: https://bugs.debian.org/966691
-	NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116
+	NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116
+	NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
 CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE]
 	RESERVED
 	- pyyaml <unfixed> (bug #966233)
@@ -38445,7 +38445,7 @@ CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwi
 	NOT-FOR-US: Edgeswitch
 CVE-2020-8231
 	RESERVED
-	- curl <unfixed> (bug #968831)
+	- curl 7.72.0-1 (bug #968831)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
 	NOTE: https://github.com/curl/curl/pull/5824
 	NOTE: https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
@@ -38571,7 +38571,7 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18
 CVE-2020-8177
 	RESERVED
 	{DLA-2295-1}
-	- curl <unfixed> (bug #965281)
+	- curl 7.72.0-1 (bug #965281)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
 	NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
 CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...)
@@ -38595,7 +38595,7 @@ CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6
 	NOT-FOR-US: AirMax AirOS
 CVE-2020-8169
 	RESERVED
-	- curl <unfixed> (bug #965280)
+	- curl 7.72.0-1 (bug #965280)
 	[stretch] - curl <not-affected> (Vulnerable code introduced later)
 	[jessie] - curl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa153e8d171e9c44dce5c3562cafd952f8198c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfa153e8d171e9c44dce5c3562cafd952f8198c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200824/a927ab6e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list