[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Dec 4 08:10:27 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
809ee646 by security tracker role at 2020-12-04T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,76 @@
-CVE-2020-29534 [io_uring: don't rely on weak ->files references]
+CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2, 16.x befor ...)
+	TODO: check
+CVE-2020-29564
+	RESERVED
+CVE-2020-29563
+	RESERVED
+CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...)
+	TODO: check
+CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does ...)
+	TODO: check
+CVE-2020-29560
+	RESERVED
+CVE-2020-29559
+	RESERVED
+CVE-2020-29558
+	RESERVED
+CVE-2020-29557
+	RESERVED
+CVE-2020-29556
+	RESERVED
+CVE-2020-29555
+	RESERVED
+CVE-2020-29554
+	RESERVED
+CVE-2020-29553
+	RESERVED
+CVE-2020-29552
+	RESERVED
+CVE-2020-29551
+	RESERVED
+CVE-2020-29550
+	RESERVED
+CVE-2020-29549
+	RESERVED
+CVE-2020-29548
+	RESERVED
+CVE-2020-29547
+	RESERVED
+CVE-2020-29546
+	RESERVED
+CVE-2020-29545
+	RESERVED
+CVE-2020-29544
+	RESERVED
+CVE-2020-29543
+	RESERVED
+CVE-2020-29542
+	RESERVED
+CVE-2020-29541
+	RESERVED
+CVE-2020-29540
+	RESERVED
+CVE-2020-29539
+	RESERVED
+CVE-2020-29538
+	RESERVED
+CVE-2020-29537
+	RESERVED
+CVE-2020-29536
+	RESERVED
+CVE-2020-29535
+	RESERVED
+CVE-2020-29533
+	RESERVED
+CVE-2020-29532
+	RESERVED
+CVE-2020-29531
+	RESERVED
+CVE-2020-29530
+	RESERVED
+CVE-2018-21270 (Versions less than 0.0.6 of the Node.js stringstream module are vulner ...)
+	TODO: check
+CVE-2020-29534 (An issue was discovered in the Linux kernel before 5.9.3. io_uring tak ...)
 	- linux 5.9.6-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -1551,8 +1623,7 @@ CVE-2020-28918
 	RESERVED
 CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
 	NOT-FOR-US: TYPO3 extension
-CVE-2020-28916 [e1000e: infinite loop scenario in case of null packet descriptor]
-	RESERVED
+CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
 	- qemu <unfixed>
 	[buster] - qemu <postponed> (Fix along in future DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
@@ -8351,8 +8422,8 @@ CVE-2020-27350
 	RESERVED
 CVE-2020-27349
 	RESERVED
-CVE-2020-27348
-	RESERVED
+CVE-2020-27348 (In some conditions, a snap package built by snapcraft includes the cur ...)
+	TODO: check
 CVE-2020-27346
 	REJECTED
 CVE-2020-27345
@@ -10767,8 +10838,8 @@ CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oa
 	TODO: check
 CVE-2020-26249
 	RESERVED
-CVE-2020-26248
-	RESERVED
+CVE-2020-26248 (In the PrestaShop module "productcomments" before version 4.2.1, an at ...)
+	TODO: check
 CVE-2020-26247
 	RESERVED
 CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...)
@@ -31902,8 +31973,7 @@ CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC libr
 	[buster] - ros-ros-comm <no-dsa> (Minor issue)
 	[stretch] - ros-ros-comm <no-dsa> (Minor issue)
 	NOTE: https://github.com/ros/ros_comm/pull/2065
-CVE-2020-16123
-	RESERVED
+CVE-2020-16123 (An Ubuntu-specific patch in PulseAudio created a race condition where  ...)
 	- pulseaudio <not-affected> (Ubuntu-specific issue)
 CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as trusted. ...)
 	{DLA-2399-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/809ee6467ba9aa2f8acf27004b5be9095b2c215c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/809ee6467ba9aa2f8acf27004b5be9095b2c215c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201204/6edb8e6e/attachment.html>

More information about the debian-security-tracker-commits mailing list