[Git][security-tracker-team/security-tracker][master] automatic update

Sun Aug 30 21:10:36 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e4e8794 by security tracker role at 2020-08-30T20:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-25030
+	RESERVED
+CVE-2020-25029
+	RESERVED
+CVE-2020-25028
+	RESERVED
+CVE-2020-25027
+	RESERVED
+CVE-2020-25026
+	RESERVED
+CVE-2020-25025
+	RESERVED
 CVE-2020-25024
 	RESERVED
 CVE-2020-25023
@@ -210,8 +222,8 @@ CVE-2020-24919
 	RESERVED
 CVE-2020-24918
 	RESERVED
-CVE-2020-24917
-	RESERVED
+CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
+	TODO: check
 CVE-2020-24916
 	RESERVED
 CVE-2020-24915
@@ -1667,8 +1679,8 @@ CVE-2020-24225
 	RESERVED
 CVE-2020-24224
 	RESERVED
-CVE-2020-24223
-	RESERVED
+CVE-2020-24223 (Mara CMS 7.5 allows contact.php?theme= XSS. ...)
+	TODO: check
 CVE-2020-24222
 	RESERVED
 CVE-2020-24221
@@ -20073,14 +20085,14 @@ CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows
 CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...)
 	NOT-FOR-US: Nozomi Guardian
 CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.2-1
 	- openexr 2.5.3-2
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54
 CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.2-1
 	- openexr 2.5.3-2
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -22523,8 +22535,7 @@ CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-Afte
 	NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1)
 CVE-2020-14353
 	REJECTED
-CVE-2020-14352
-	RESERVED
+CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...)
 	NOT-FOR-US: librepo
 CVE-2020-14351
 	RESERVED
@@ -30064,7 +30075,7 @@ CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak is
 CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...)
 	NOT-FOR-US: iFAX AvantFAX
 CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -30072,7 +30083,7 @@ CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
 CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -30080,14 +30091,14 @@ CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
 CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/d0303d1785d2a8cb994efee9efa81f8ee4be4c17
 CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -30095,21 +30106,21 @@ CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
 CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
 CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
 CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -30117,7 +30128,7 @@ CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of inte
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f
 CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	[experimental] - openexr 2.5.0-1
 	- openexr 2.5.3-2 (bug #959444)
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -34539,6 +34550,7 @@ CVE-2020-10291
 CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...)
 	NOT-FOR-US: Universal Robots controller
 CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
+	{DLA-2357-1}
 	- ros-actionlib 1.13.1-4 (bug #968830)
 	[buster] - ros-actionlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/ros/actionlib/pull/171
@@ -39432,8 +39444,8 @@ CVE-2020-8246
 	RESERVED
 CVE-2020-8245
 	RESERVED
-CVE-2020-8244
-	RESERVED
+CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and ...)
+	TODO: check
 CVE-2020-8243
 	RESERVED
 CVE-2020-8242
@@ -40831,8 +40843,8 @@ CVE-2020-7714
 	RESERVED
 CVE-2020-7713
 	RESERVED
-CVE-2020-7712
-	RESERVED
+CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject  ...)
+	TODO: check
 CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...)
 	- golang-github-russellhaering-goxmldsig <unfixed> (bug #968928)
 	NOTE: https://github.com/russellhaering/goxmldsig/issues/48
@@ -186072,6 +186084,7 @@ CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an
 	[stretch] - opencv <no-dsa> (Minor issue)
 	NOTE: https://github.com/opencv/opencv/issues/9309
 CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
+	{DLA-2358-1}
 	- openexr 2.2.0-11.1 (bug #877352)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr 1.6.1-6+deb7u1
@@ -196467,47 +196480,47 @@ CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verify
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
 	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
 CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
-	{DLA-1083-1}
+	{DLA-2358-1 DLA-1083-1}
 	- openexr 2.2.0-11.1 (bug #864078)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	- openexr 2.5.3-2 (bug #873885)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in  ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	- openexr 2.5.3-2 (bug #873885)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	- openexr 2.5.3-2 (low; bug #873885)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
-	{DLA-1083-1}
+	{DLA-2358-1 DLA-1083-1}
 	- openexr 2.2.0-11.1 (bug #864078)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function  ...)
-	{DSA-4755-1}
+	{DSA-4755-1 DLA-2358-1}
 	- openexr 2.5.3-2 (bug #873885)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	[wheezy] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
 	NOTE: https://github.com/openexr/openexr/issues/232
 CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function  ...)
-	{DLA-1083-1}
+	{DLA-2358-1 DLA-1083-1}
 	- openexr 2.2.0-11.1 (bug #864078)
 	[jessie] - openexr <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e4e8794c2876eec27fb1a60521bb8c10aa51172

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e4e8794c2876eec27fb1a60521bb8c10aa51172
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200830/11916d83/attachment.html>
