[Git][security-tracker-team/security-tracker][master] 2 commits: data/CVE/list: Go over open CVEs for libvncserver (stretch+buster) and tag...
Mike Gabriel
sunweaver at debian.org
Fri Aug 28 22:24:05 BST 2020
Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b2699bf by Mike Gabriel at 2020-08-28T23:22:13+02:00
data/CVE/list: Go over open CVEs for libvncserver (stretch+buster) and tag some as <not-affected> or <ignored>.
- - - - -
40134cf4 by Mike Gabriel at 2020-08-28T23:23:45+02:00
Reserve DLA-2347-1 for libvncserver
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -19851,6 +19851,8 @@ CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty
NOT-FOR-US: Activision
CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...)
- libvncserver 0.9.12+dfsg-3
+ [buster] - libvncserver <ignored> (Required change too invasive, minor issue)
+ [stretch] - libvncserver <ignored> (Required change too invasive, minor issue)
NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
@@ -22361,7 +22363,9 @@ CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.
NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
- libvncserver 0.9.13+dfsg-1
- [jessie] - libvncserver <ignored> (Proposed patch might break ABI consumers)
+ [buster] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
+ [stretch] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
+ [jessie] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b
CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
{DLA-2264-1}
@@ -22369,6 +22373,8 @@ CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
- libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver <not-affected> (Vulnerable code not present)
+ [stretch] - libvncserver <not-affected> (Vulnerable code not present)
[jessie] - libvncserver <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
CVE-2020-14395
@@ -22872,6 +22878,8 @@ CVE-2020-14216
RESERVED
CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...)
- libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver <not-affected> (Vulnerable code not present)
+ [stretch] - libvncserver <not-affected> (Vulnerable code not present)
[jessie] - libvncserver <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Aug 2020] DLA-2347-1 libvncserver - security update
+ {CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405}
+ [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u5
[27 Aug 2020] DLA-2346-1 firefox-esr - security update
{CVE-2020-15664 CVE-2020-15669}
[stretch] - firefox-esr 68.12.0esr-1~deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -98,8 +98,6 @@ jetty9
jupyter-notebook (Mike Gabriel)
NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
--
-libvncserver (Mike Gabriel)
---
libx11 (Emilio)
NOTE: 20200825: regression update (pochu)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/08ea8b40f384ca8e484161b0fe3ac32c866c6e25...40134cf446c649b78b7321254dd29bb772a920d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/08ea8b40f384ca8e484161b0fe3ac32c866c6e25...40134cf446c649b78b7321254dd29bb772a920d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200828/3e250a5c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list