[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Aug 31 09:10:28 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41b7929a by security tracker role at 2020-08-31T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
+	TODO: check
+CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask)  ...)
+	TODO: check
+CVE-2020-25031 (checkinstall 1.6.2, when used to create a package that contains a syml ...)
+	TODO: check
 CVE-2020-25030
 	RESERVED
 CVE-2020-25029
@@ -1642,7 +1648,7 @@ CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-fr
 	NOTE: https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461
 	NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c
 	NOTE: Crash in CLI tool, no security impact
-CVE-2020-24240 (GNU Bison 3.7 has a use after free (UAF) vulnerability. A local attack ...)
+CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...)
 	- bison <unfixed> (unimportant)
 	NOTE: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1)
 	NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html
@@ -1917,8 +1923,8 @@ CVE-2020-24106
 	RESERVED
 CVE-2020-24105
 	RESERVED
-CVE-2020-24104
-	RESERVED
+CVE-2020-24104 (XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router. ...)
+	TODO: check
 CVE-2020-24103
 	RESERVED
 CVE-2020-24102
@@ -22505,11 +22511,13 @@ CVE-2020-14363 [Double free in libX11 locale handling code]
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
 CVE-2020-14362
 	RESERVED
+	{DLA-2359-1}
 	- xorg-server <unfixed>
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc
 CVE-2020-14361
 	RESERVED
+	{DLA-2359-1}
 	- xorg-server <unfixed>
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
@@ -22560,16 +22568,19 @@ CVE-2020-14348
 	RESERVED
 	NOT-FOR-US: AMQ Online
 CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...)
+	{DLA-2359-1}
 	- xorg-server <unfixed> (bug #968986)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
 CVE-2020-14346
 	RESERVED
+	{DLA-2359-1}
 	- xorg-server <unfixed>
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
 CVE-2020-14345
 	RESERVED
+	{DLA-2359-1}
 	- xorg-server <unfixed>
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
@@ -39846,8 +39857,8 @@ CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefen
 	NOT-FOR-US: Bitdefender Antivirus Free
 CVE-2020-8098
 	RESERVED
-CVE-2020-8097
-	RESERVED
+CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...)
+	TODO: check
 CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...)
 	NOT-FOR-US: Bitdefender
 CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b7929a81d237d46eb93bb0762509aa8c96add5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b7929a81d237d46eb93bb0762509aa8c96add5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200831/005c8433/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list