[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Dec 4 20:10:26 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3015d05 by security tracker role at 2020-12-04T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-29571
+	RESERVED
+CVE-2020-29570
+	RESERVED
+CVE-2020-29569
+	RESERVED
+CVE-2020-29568
+	RESERVED
+CVE-2020-29567
+	RESERVED
+CVE-2020-29566
+	RESERVED
 CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2, 16.x befor ...)
 	TODO: check
 CVE-2020-29564
@@ -3812,13 +3824,13 @@ CVE-2020-28416
 	RESERVED
 CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
 	RESERVED
-	{DSA-4792-1}
+	{DSA-4792-1 DLA-2481-1}
 	- openldap 2.4.56+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56)
 CVE-2020-25709 [assertion failure in Certificate List syntax validation]
 	RESERVED
-	{DSA-4792-1}
+	{DSA-4792-1 DLA-2481-1}
 	- openldap 2.4.56+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56)
@@ -3917,6 +3929,7 @@ CVE-2020-28370
 CVE-2020-28369
 	RESERVED
 CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive  ...)
+	{DSA-4804-1}
 	- xen 4.14.0+80-gd101b417b7-1
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-351.html
@@ -5648,7 +5661,7 @@ CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0 thr
 	TODO: check
 CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through  ...)
 	NOT-FOR-US: Node deephas
-CVE-2020-28270 (Prototype pollution vulnerability in ‘object-hierarchy-access&#8 ...)
+CVE-2020-28270 (Prototype pollution vulnerability in 'object-hierarchy-access' version ...)
 	NOT-FOR-US: Node object-hierarchy-access
 CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...)
 	NOT-FOR-US: Node field
@@ -6977,8 +6990,7 @@ CVE-2020-27772
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11
-CVE-2020-27771
-	RESERVED
+CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas where  ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
@@ -6986,8 +6998,7 @@ CVE-2020-27771
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a07ecde4c1c3a3efaa628434adc903295f6bb2b3
-CVE-2020-27770
-	RESERVED
+CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is possible ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue, UBSAN offset overflowed warning)
@@ -7010,16 +7021,14 @@ CVE-2020-27768
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a
-CVE-2020-27767
-	RESERVED
+CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1
-CVE-2020-27766
-	RESERVED
+CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
@@ -7027,8 +7036,7 @@ CVE-2020-27766
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
 	NOTE: Same fix as CVE-2020-27774
-CVE-2020-27765
-	RESERVED
+CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An attacker w ...)
 	- imagemagick 8:6.9.11.24+dfsg-1
 	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while package is mainly CLI)
@@ -7904,18 +7912,22 @@ CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as us
 	- linux 5.9.6-1
 	NOTE: https://xenbits.xen.org/xsa/advisory-331.html
 CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...)
+	{DSA-4804-1}
 	- xen 4.14.0+80-gd101b417b7-1
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-286.html
 CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
+	{DSA-4804-1}
 	- xen 4.14.0+80-gd101b417b7-1
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-345.html
 CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH ...)
+	{DSA-4804-1}
 	- xen 4.14.0+80-gd101b417b7-1
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-346.html
 CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
+	{DSA-4804-1}
 	- xen 4.14.0+80-gd101b417b7-1
 	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-347.html
@@ -8305,10 +8317,10 @@ CVE-2020-27411
 	RESERVED
 CVE-2020-27410
 	RESERVED
-CVE-2020-27409
-	RESERVED
-CVE-2020-27408
-	RESERVED
+CVE-2020-27409 (OpenSIS Community Edition before 7.5 is affected by a cross-site scrip ...)
+	TODO: check
+CVE-2020-27408 (OpenSIS Community Edition through 7.6 is affected by incorrect access  ...)
+	TODO: check
 CVE-2020-27407
 	RESERVED
 CVE-2020-27406
@@ -9213,7 +9225,7 @@ CVE-2020-26971
 	RESERVED
 CVE-2020-26970
 	RESERVED
-	{DSA-4802-1}
+	{DSA-4802-1 DLA-2479-1}
 	- thunderbird 1:78.5.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
 CVE-2020-26969
@@ -12095,6 +12107,7 @@ CVE-2020-25713 [Out of bounds read leads to segfault in raptor_xml_writer_start_
 	NOTE: https://bugs.librdf.org/mantis/view.php?id=650
 CVE-2020-25712 [Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows]
 	RESERVED
+	{DSA-4803-1}
 	- xorg-server 2:1.20.10-1 (bug #976216)
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
 CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where authorization permis ...)
@@ -12563,6 +12576,7 @@ CVE-2020-25594
 CVE-2020-25593
 	RESERVED
 CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...)
+	{DLA-2480-1}
 	- salt 3002.1+dfsg1-1
 	NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
 	NOTE: https://gitlab.com/saltstack/open/salt-patches/-/blob/master/patches/2020/09/25/2018.3.5.patch (2018.3.5)
@@ -12814,16 +12828,16 @@ CVE-2020-25467
 	RESERVED
 CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
 	NOT-FOR-US: CRMEB
-CVE-2020-25465
-	RESERVED
-CVE-2020-25464
-	RESERVED
-CVE-2020-25463
-	RESERVED
-CVE-2020-25462
-	RESERVED
-CVE-2020-25461
-	RESERVED
+CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
+	TODO: check
+CVE-2020-25464 (Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK  ...)
+	TODO: check
+CVE-2020-25463 (Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon. ...)
+	TODO: check
+CVE-2020-25462 (Heap buffer overflow in the fxCheckArrowFunction function at moddable/ ...)
+	TODO: check
+CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/xs/sou ...)
+	TODO: check
 CVE-2020-25460
 	RESERVED
 CVE-2020-25459
@@ -29092,6 +29106,7 @@ CVE-2020-17492
 CVE-2020-17491
 	RESERVED
 CVE-2020-17490 (The TLS module within SaltStack Salt through 3002 creates certificates ...)
+	{DLA-2480-1}
 	- salt 3002.1+dfsg1-1
 	NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
 	NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x)
@@ -30414,6 +30429,7 @@ CVE-2020-16848
 CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...)
 	NOT-FOR-US: Extreme Management Center
 CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending crafte ...)
+	{DLA-2480-1}
 	- salt 3002.1+dfsg1-1
 	NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
 	NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x)
@@ -36823,6 +36839,7 @@ CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9.
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
 CVE-2020-14360 [Check SetMap request length carefully]
 	RESERVED
+	{DSA-4803-1}
 	- xorg-server 2:1.20.10-1 (bug #976216)
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
 CVE-2020-14359
@@ -60553,8 +60570,8 @@ CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and
 	NOT-FOR-US: GROWI
 CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information  ...)
 	NOT-FOR-US: GROWI
-CVE-2020-5675
-	RESERVED
+CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD  ...)
+	TODO: check
 CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
 	NOT-FOR-US: SEIKO EPSON products
 CVE-2020-5673



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3015d052d8855f3e925c931e0a9079716a98965

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3015d052d8855f3e925c931e0a9079716a98965
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201204/d53e3a45/attachment.html>

More information about the debian-security-tracker-commits mailing list