[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 30 09:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b295eba by security tracker role at 2020-08-30T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-25024
+ RESERVED
CVE-2020-25023
RESERVED
CVE-2020-25022
@@ -98,8 +100,8 @@ CVE-2020-24974
RESERVED
CVE-2020-24973
RESERVED
-CVE-2020-24972
- RESERVED
+CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...)
+ TODO: check
CVE-2020-24971
RESERVED
CVE-2020-24970
@@ -186,8 +188,8 @@ CVE-2020-24930
RESERVED
CVE-2020-24929
RESERVED
-CVE-2020-24928
- RESERVED
+CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...)
+ TODO: check
CVE-2020-24927
RESERVED
CVE-2020-24926
@@ -246,10 +248,10 @@ CVE-2020-24900
RESERVED
CVE-2020-24899
RESERVED
-CVE-2020-24898
- RESERVED
-CVE-2020-24897
- RESERVED
+CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...)
+ TODO: check
+CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...)
+ TODO: check
CVE-2020-24896
RESERVED
CVE-2020-24895
@@ -19663,6 +19665,7 @@ CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of s
CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...)
NOT-FOR-US: RaspberryTortoise
CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
+ {DLA-2354-1}
- ndpi <unfixed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
@@ -25046,16 +25049,19 @@ CVE-2020-13400
CVE-2020-13399
RESERVED
CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -31007,6 +31013,7 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w
CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
NOT-FOR-US: Zoho
CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
@@ -31014,6 +31021,7 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
@@ -31027,18 +31035,21 @@ CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 thro
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
@@ -32084,6 +32095,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...)
+ {DLA-2353-1}
- bacula 9.6.5-1
[buster] - bacula <no-dsa> (Minor issue; can be fixed via point release)
- bareos <unfixed> (bug #968957)
@@ -32101,6 +32113,7 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by
CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...)
NOT-FOR-US: AEgir
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -32135,6 +32148,7 @@ CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -32150,6 +32164,7 @@ CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -32157,6 +32172,7 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -32177,6 +32193,7 @@ CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -38524,13 +38541,13 @@ CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22)
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22)
CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...)
- {DSA-4752-1}
+ {DSA-4752-1 DLA-2355-1}
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8623
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6)
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22)
CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...)
- {DSA-4752-1}
+ {DSA-4752-1 DLA-2355-1}
- bind9 1:9.16.6-1
NOTE: https://kb.isc.org/docs/cve-2020-8622
NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6)
@@ -302020,6 +302037,7 @@ CVE-2013-7261
CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer befor ...)
NOT-FOR-US: RealPlayer
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...)
+ {DLA-2356-1}
- freerdp <removed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b295eba6cb6ddd9f49c19b6b74b3fc77ac91bbf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b295eba6cb6ddd9f49c19b6b74b3fc77ac91bbf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200830/89cb4b74/attachment.html>
More information about the debian-security-tracker-commits
mailing list