[Git][security-tracker-team/security-tracker][master] 23 commits: Track linux issues fixed in 10.7
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 5 09:57:00 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
90554e97 by Salvatore Bonaccorso at 2020-12-05T10:37:29+01:00
Track linux issues fixed in 10.7
- - - - -
89fa2aea by Salvatore Bonaccorso at 2020-12-05T10:37:30+01:00
Track vips issues fixed in 10.7
- - - - -
5258a3be by Salvatore Bonaccorso at 2020-12-05T10:37:31+01:00
Track mariadb-10.3 issues fixed in 10.7
- - - - -
9916c8a8 by Salvatore Bonaccorso at 2020-12-05T10:37:32+01:00
Track neomutt issues fixed in 10.7
- - - - -
97c798b3 by Salvatore Bonaccorso at 2020-12-05T10:37:33+01:00
Track mutt issues fixed in 10.7
- - - - -
6c7bd39a by Salvatore Bonaccorso at 2020-12-05T10:37:34+01:00
Track libxml2 issues fixed in 10.7
- - - - -
3534bda8 by Salvatore Bonaccorso at 2020-12-05T10:37:35+01:00
Track tcpdump issues fixed in 10.7
- - - - -
d55c9ff7 by Salvatore Bonaccorso at 2020-12-05T10:37:37+01:00
Track node-pathval issues fixed in 10.7
- - - - -
5ce9f798 by Salvatore Bonaccorso at 2020-12-05T10:37:38+01:00
Track node-object-path issues fixed in 10.7
- - - - -
34a9f635 by Salvatore Bonaccorso at 2020-12-05T10:37:39+01:00
Track fastd issues fixed in 10.7
- - - - -
f8fc7c50 by Salvatore Bonaccorso at 2020-12-05T10:37:40+01:00
Track ros-ros-comm issues fixed in 10.7
- - - - -
6218e3bf by Salvatore Bonaccorso at 2020-12-05T10:37:41+01:00
Track puma issues fixed in 10.7
- - - - -
b3540b0c by Salvatore Bonaccorso at 2020-12-05T10:37:42+01:00
Track libjpeg-turbo issues fixed in 10.7
- - - - -
823e5f23 by Salvatore Bonaccorso at 2020-12-05T10:37:43+01:00
Track ruby2.5 issues fixed in 10.7
- - - - -
ad8c7d63 by Salvatore Bonaccorso at 2020-12-05T10:37:44+01:00
Track sqlite3 issues fixed in 10.7
- - - - -
6dcc3f73 by Salvatore Bonaccorso at 2020-12-05T10:37:46+01:00
Track freecol issues fixed in 10.7
- - - - -
7f11c1f3 by Salvatore Bonaccorso at 2020-12-05T10:37:47+01:00
Track okular issues fixed in 10.7
- - - - -
42fc71e3 by Salvatore Bonaccorso at 2020-12-05T10:37:48+01:00
Track plinth issues fixed in 10.7
- - - - -
f657d2b8 by Salvatore Bonaccorso at 2020-12-05T10:37:49+01:00
Track tighervnc issues fixed in 10.7
- - - - -
609a9837 by Salvatore Bonaccorso at 2020-12-05T10:37:50+01:00
Track dpdk issues fixed in 10.7
- - - - -
a4f52cab by Salvatore Bonaccorso at 2020-12-05T10:37:51+01:00
Track edk2 issues fixed in 10.7
- - - - -
6edbdac3 by Salvatore Bonaccorso at 2020-12-05T10:37:52+01:00
Track sleuthkit issues fixed in 10.7
- - - - -
dc8e34a9 by Salvatore Bonaccorso at 2020-12-05T09:56:53+00:00
Merge branch 'buster-10.7' into 'master'
Track buster 10.7 point release
See merge request security-tracker-team/security-tracker!74
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1568,6 +1568,7 @@ CVE-2020-28942 (An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling wi
NOT-FOR-US: PrimeKey EJBCA
CVE-2020-28941 (An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c i ...)
- linux 5.9.11-1
+ [buster] - linux 4.19.160-1
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/19/3
CVE-2020-28940 (On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admi ...)
@@ -1696,9 +1697,9 @@ CVE-2020-28897
CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $s ...)
{DLA-2472-1}
- mutt 2.0.2-1
- [buster] - mutt <no-dsa> (Minor issue)
+ [buster] - mutt 1.10.1-2.1+deb10u4
- neomutt 20201120+dfsg.1-1
- [buster] - neomutt <no-dsa> (Minor issue)
+ [buster] - neomutt 20180716+dfsg.1-1+deb10u2
NOTE: https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
NOTE: https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
CVE-2020-28895
@@ -3971,6 +3972,7 @@ CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Serv
NOTE: https://github.com/golang/go/issues/42552
CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...)
- linux 5.9.9-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2
CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...)
@@ -6955,6 +6957,7 @@ CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were co
CVE-2020-27777
RESERVED
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
[stretch] - linux <ignored> (Only an issue when Secure Boot is implemented)
NOTE: https://git.kernel.org/linus/bd59380c5ba4147dcbaad3e582b55ccfd120b764
CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
@@ -7875,7 +7878,7 @@ CVE-2020-27614
CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
{DLA-2414-1}
- fastd 21-1 (bug #972521)
- [buster] - fastd <no-dsa> (Will be fixed via point release)
+ [buster] - fastd 18-3+deb10u1
NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses ClueCon ...)
NOT-FOR-US: BigBlueButton
@@ -7905,9 +7908,11 @@ CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateC
NOT-FOR-US: BigBlueButton
CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://xenbits.xen.org/xsa/advisory-332.html
CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://xenbits.xen.org/xsa/advisory-331.html
CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...)
{DSA-4804-1}
@@ -11182,7 +11187,7 @@ CVE-2020-26118
CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...)
{DLA-2396-1}
- tigervnc 1.10.1+dfsg-9 (bug #971272)
- [buster] - tigervnc <no-dsa> (Minor issue)
+ [buster] - tigervnc 1.9.0+dfsg-3+deb10u3
NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1176733
NOTE: https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb (v1.11.0)
NOTE: https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b (v1.11.0)
@@ -12130,10 +12135,12 @@ CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_i
NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux kernel f ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5
NOTE: https://www.saddns.net/
CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00
CVE-2020-25703 (The participants table download in Moodle always included user emails, ...)
- moodle <removed>
@@ -12257,10 +12264,12 @@ CVE-2020-25670
CVE-2020-25669
RESERVED
- linux 5.9.11-1
+ [buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/2
CVE-2020-25668 [concurrency use-after-free in vt]
RESERVED
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/30/1
NOTE: https://git.kernel.org/linus/90bfdeef83f1d6c696039b6a917190dcbbad3220
CVE-2020-25667
@@ -12338,6 +12347,7 @@ CVE-2020-25657
NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...)
NOT-FOR-US: Red Hat open-cluster-management
@@ -12500,7 +12510,7 @@ CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6
{DLA-2392-1 DLA-2391-1}
- ruby2.7 2.7.1-4
- ruby2.5 <removed>
- [buster] - ruby2.5 <no-dsa> (Minor issue)
+ [buster] - ruby2.5 2.5.5-3+deb10u3
- ruby2.3 <removed>
- jruby <unfixed> (bug #972230)
NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
@@ -13724,7 +13734,7 @@ CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to e
NOT-FOR-US: User-friendly SVN
CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...)
- plinth 20.14
- [buster] - plinth <no-dsa> (Minor issue)
+ [buster] - plinth 19.1+deb10u1
[stretch] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2
@@ -22569,7 +22579,7 @@ CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes
CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...)
{DLA-2473-1}
- vips 8.9.0-1
- [buster] - vips <no-dsa> (Minor issue)
+ [buster] - vips 8.7.4-1+deb10u1
NOTE: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1)
NOTE: https://github.com/libvips/libvips/issues/1419
CVE-2020-20738
@@ -31990,7 +32000,7 @@ CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-
NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642
CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...)
- ros-ros-comm 1.15.8+ds1-2
- [buster] - ros-ros-comm <no-dsa> (Minor issue)
+ [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u2
[stretch] - ros-ros-comm <no-dsa> (Minor issue)
NOTE: https://github.com/ros/ros_comm/pull/2065
CVE-2020-16123 (An Ubuntu-specific patch in PulseAudio created a race condition where ...)
@@ -34096,7 +34106,7 @@ CVE-2020-15357
RESERVED
CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...)
- sqlite3 3.32.3-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
@@ -34336,7 +34346,7 @@ CVE-2020-15257 (containerd is an industry-standard container runtime and is avai
TODO: check details
CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...)
- node-object-path 0.11.5-3
- [buster] - node-object-path <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - node-object-path 0.11.4-2+deb10u1
[stretch] - node-object-path <postponed> (Minor issue)
NOTE: https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...)
@@ -35403,7 +35413,7 @@ CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mariadb-10.5 1:10.5.8-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
- mariadb-10.3 <unfixed>
- [buster] - mariadb-10.3 <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
- mariadb-10.1 <removed>
- mysql-5.7 <unfixed> (bug #972824)
- mysql-8.0 <unfixed> (bug #972623)
@@ -35473,7 +35483,7 @@ CVE-2020-14789 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mariadb-10.5 1:10.5.8-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
- mariadb-10.3 <unfixed>
- [buster] - mariadb-10.3 <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
- mysql-5.7 <unfixed> (bug #972824)
- mysql-8.0 <unfixed> (bug #972623)
NOTE: Fixed in MariaDB 10.5.7, 10.3.26
@@ -35514,7 +35524,7 @@ CVE-2020-14776 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mariadb-10.5 1:10.5.8-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
- mariadb-10.3 <unfixed>
- [buster] - mariadb-10.3 <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
- mysql-8.0 <unfixed> (bug #972623)
- mysql-5.7 <unfixed> (bug #972824)
NOTE: Fixed in MariaDB 10.5.7, 10.3.26
@@ -35545,7 +35555,7 @@ CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mariadb-10.5 1:10.5.8-1
[experimental] - mariadb-10.3 1:10.3.27-1~exp1
- mariadb-10.3 <unfixed>
- [buster] - mariadb-10.3 <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
- mariadb-10.1 <removed>
- mysql-8.0 <unfixed> (bug #972623)
- mysql-5.7 <unfixed> (bug #972824)
@@ -36757,27 +36767,27 @@ CVE-2020-14379
RESERVED
CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...)
- dpdk 19.11.5-1 (bug #971269)
- [buster] - dpdk <no-dsa> (Minor issue)
+ [buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
- [buster] - dpdk <no-dsa> (Minor issue)
+ [buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
- [buster] - dpdk <no-dsa> (Minor issue)
+ [buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
- [buster] - dpdk <no-dsa> (Minor issue)
+ [buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
- [buster] - dpdk <no-dsa> (Minor issue)
+ [buster] - dpdk 18.11.10-1~deb10u1
[stretch] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...)
@@ -36874,6 +36884,7 @@ CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directo
NOT-FOR-US: librepo
CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/
CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...)
{DLA-2331-1}
@@ -38517,7 +38528,7 @@ CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an o
CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
{DLA-2302-1}
- libjpeg-turbo 1:2.0.5-1 (bug #962829)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
@@ -38938,7 +38949,7 @@ CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
{DLA-2340-1}
- sqlite3 3.32.0-1
- [buster] - sqlite3 <no-dsa> (Minor issue, will be fixed in point release)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
@@ -38953,7 +38964,7 @@ CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the
CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
{DLA-2340-1}
- sqlite3 3.32.0-1
- [buster] - sqlite3 <no-dsa> (Minor issue, will be fixed in point release)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <not-affected> (Vulnerable code not found)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
NOTE: https://sqlite.org/src/info/0d69f76f0865f962
@@ -39377,7 +39388,7 @@ CVE-2020-13436
RESERVED
CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...)
- sqlite3 3.32.1-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1
@@ -39386,7 +39397,7 @@ CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCod
CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...)
{DLA-2340-1 DLA-2221-1}
- sqlite3 3.32.1-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
NOTE: https://www.sqlite.org/src/info/23439ea582241138
NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
@@ -46571,12 +46582,12 @@ CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unesc
CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...)
{DLA-2398-1}
- puma 4.3.6-1 (bug #972102)
- [buster] - puma <no-dsa> (Minor issue)
+ [buster] - puma 3.12.0-2+deb10u2
NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...)
{DLA-2398-1}
- puma 4.3.6-1 (bug #972102)
- [buster] - puma <no-dsa> (Minor issue)
+ [buster] - puma 3.12.0-2+deb10u2
NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...)
@@ -49209,7 +49220,7 @@ CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...)
{DLA-2137-1}
- sleuthkit 4.9.0+dfsg-2 (low; bug #953976)
- [buster] - sleuthkit <no-dsa> (Minor issue)
+ [buster] - sleuthkit 4.6.5-1+deb10u1
[stretch] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
@@ -51346,7 +51357,7 @@ CVE-2020-9360
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
{DLA-2159-1}
- okular 4:19.12.3-2 (bug #954891)
- [buster] - okular <no-dsa> (Minor issue, will be fixed via point update)
+ [buster] - okular 4:17.12.2-2.2+deb10u1
[stretch] - okular <no-dsa> (Minor issue)
NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
NOTE: https://kde.org/info/security/advisory-20200312-1.txt
@@ -52932,6 +52943,7 @@ CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Pr
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...)
- linux 5.9.9-1
+ [buster] - linux 4.19.160-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71
CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...)
@@ -54601,6 +54613,7 @@ CVE-2020-8038
CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
{DLA-2444-1}
- tcpdump 4.9.3-7 (unimportant; bug #973877)
+ [buster] - tcpdump 4.9.3-1~deb10u2
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
- tcpdump <not-affected> (Vulnerable code and support for SOME/IP protocol added later)
@@ -55407,7 +55420,7 @@ CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This p
NOT-FOR-US: Node systeminformation
CVE-2020-7751 (This affects all versions of package pathval. ...)
- node-pathval 1.1.0-4 (bug #972895)
- [buster] - node-pathval <no-dsa> (Minor issue)
+ [buster] - node-pathval 1.1.0-3+deb10u1
NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926
NOTE: https://github.com/chaijs/pathval/pull/58
CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...)
@@ -55776,7 +55789,7 @@ CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execut
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
{DLA-2369-1}
- libxml2 2.9.10+dfsg-2.1 (bug #949582)
- [buster] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
@@ -56032,7 +56045,7 @@ CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/conf
CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
{DLA-2369-1}
- libxml2 2.9.10+dfsg-2.1 (bug #949583)
- [buster] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a
CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
@@ -61583,7 +61596,7 @@ CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their
NOT-FOR-US: PrestaShop
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
- puma 3.12.4-1 (bug #953122)
- [buster] - puma <no-dsa> (Minor issue)
+ [buster] - puma 3.12.0-2+deb10u2
[stretch] - puma <not-affected> (early_hint feature added in later version)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
@@ -61594,7 +61607,7 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a
NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
- puma 3.12.4-1 (bug #952766)
- [buster] - puma <no-dsa> (Minor issue)
+ [buster] - puma 3.12.0-2+deb10u2
[stretch] - puma <no-dsa> (intrusive to backport)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3)
@@ -62047,7 +62060,7 @@ CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueC
CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
{DLA-2340-1}
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
@@ -63042,6 +63055,7 @@ CVE-2020-4789
RESERVED
CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...)
- linux 5.9.11-1
+ [buster] - linux 4.19.160-1
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
CVE-2020-4787
RESERVED
@@ -65270,7 +65284,7 @@ CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resi
NOTE: https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable)
CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec
@@ -65283,7 +65297,7 @@ CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before
{DLA-2369-1 DLA-2048-1}
[experimental] - libxml2 2.9.10+dfsg-1
- libxml2 2.9.10+dfsg-2
- [buster] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (v2.9.10-rc1)
CVE-2019-19955
@@ -65381,7 +65395,7 @@ CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain erro
CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
{DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
- chromium 80.0.3987.106-1
@@ -65396,7 +65410,7 @@ CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related
CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
{DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
- chromium 80.0.3987.106-1
@@ -66451,6 +66465,7 @@ CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
{DLA-2385-1}
- linux 5.2.6-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux 5.3.7-1
@@ -67613,6 +67628,7 @@ CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation fo
NOT-FOR-US: Cisco
CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free ...)
- linux 5.7.17-1
+ [buster] - linux 4.19.160-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...)
@@ -71725,6 +71741,7 @@ CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem
- linux <unfixed>
CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
- linux 5.6.7-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...)
NOT-FOR-US: Octopus Deploy
@@ -73020,6 +73037,7 @@ CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showError
NOT-FOR-US: KairosDB
CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Li ...)
- linux 5.6.7-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
CVE-2019-19038
RESERVED
@@ -77745,6 +77763,7 @@ CVE-2020-0424 (In send_vc of res_send.cpp, there is a possible out of bounds rea
NOT-FOR-US: Android
CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...)
- linux 5.9.6-1
+ [buster] - linux 4.19.160-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/f3277cbfba763cd2826396521b9296de67cf1bbc
CVE-2020-0422 (In constructImportFailureNotification of NotificationImportExportListe ...)
@@ -84188,7 +84207,7 @@ CVE-2019-16149
CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
{DLA-2340-1}
- sqlite3 3.29.0-2
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
@@ -89268,7 +89287,7 @@ CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user to
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may allow an ...)
- edk2 2020.05-4 (bug #968819)
- [buster] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 0~20181115.85588389-3+deb10u2
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
@@ -122715,7 +122734,7 @@ CVE-2018-1000826 (Microweber version <= 1.0.7 contains a Cross Site Scripting
NOT-FOR-US: Microweber
CVE-2018-1000825 (FreeCol version <= nightly-2018-08-22 contains a XML External Entit ...)
- freecol 0.11.6+dfsg2-3 (bug #917023; low)
- [buster] - freecol <no-dsa> (Minor issue, will be fixed via spu)
+ [buster] - freecol 0.11.6+dfsg2-2+deb10u1
[stretch] - freecol <no-dsa> (Minor issue)
[jessie] - freecol <end-of-life> (Games are not supported)
NOTE: https://github.com/FreeCol/freecol/issues/26
@@ -126234,7 +126253,7 @@ CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible
NOT-FOR-US: Android media framework
CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...)
- libjpeg-turbo 1:2.0.5-1 (low)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
NOTE: https://source.android.com/security/bulletin/2019-11-01
@@ -145378,7 +145397,7 @@ CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers t
{DLA-2369-1 DLA-1524-1}
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- libxml2 2.9.10+dfsg-2
- [buster] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14566
@@ -145569,7 +145588,7 @@ CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS
CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...)
{DLA-2302-1 DLA-1719-1}
- libjpeg-turbo 1:2.0.5-1 (low; bug #924678)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
- mozjpeg <itp> (bug #741487)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
@@ -145872,7 +145891,7 @@ CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:x
{DLA-2369-1 DLA-1524-1}
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- libxml2 2.9.10+dfsg-2 (low; bug #901817)
- [buster] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
@@ -159685,7 +159704,7 @@ CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows r
{DLA-2369-1 DLA-1524-1}
[experimental] - libxml2 2.9.7+dfsg-1
- libxml2 2.9.10+dfsg-2 (low; bug #895245)
- [buster] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
@@ -183276,7 +183295,7 @@ CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate t
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...)
{DLA-2302-1 DLA-1638-1}
- libjpeg-turbo 1:2.0.5-1 (low; bug #902950)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...)
NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub
=====================================
data/next-point-update.txt
=====================================
@@ -1,134 +1,3 @@
-CVE-2020-10232
- [buster] - sleuthkit 4.6.5-1+deb10u1
-CVE-2019-14562
- [buster] - edk2 0~20181115.85588389-3+deb10u2
-CVE-2020-14374
- [buster] - dpdk 18.11.10-1~deb10u1
-CVE-2020-14375
- [buster] - dpdk 18.11.10-1~deb10u1
-CVE-2020-14376
- [buster] - dpdk 18.11.10-1~deb10u1
-CVE-2020-14377
- [buster] - dpdk 18.11.10-1~deb10u1
-CVE-2020-14378
- [buster] - dpdk 18.11.10-1~deb10u1
-CVE-2020-26117
- [buster] - tigervnc 1.9.0+dfsg-3+deb10u3
-CVE-2020-25073
- [buster] - plinth 19.1+deb10u1
-CVE-2020-9359
- [buster] - okular 4:17.12.2-2.2+deb10u1
-CVE-2018-1000825
- [buster] - freecol 0.11.6+dfsg2-2+deb10u1
-CVE-2019-19923
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2019-19925
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2019-19959
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2019-20218
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2020-13434
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2020-13435
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2020-13630
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2020-13632
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2020-15358
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2019-16168
- [buster] - sqlite3 3.27.2-3+deb10u1
-CVE-2020-25613
- [buster] - ruby2.5 2.5.5-3+deb10u3
-CVE-2018-1152
- [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-CVE-2018-14498
- [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-CVE-2019-2201
- [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-CVE-2020-13790
- [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
-CVE-2020-5247
- [buster] - puma 3.12.0-2+deb10u2
-CVE-2020-5249
- [buster] - puma 3.12.0-2+deb10u2
-CVE-2020-11076
- [buster] - puma 3.12.0-2+deb10u2
-CVE-2020-11077
- [buster] - puma 3.12.0-2+deb10u2
-CVE-2020-16124
- [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u2
-CVE-2020-27638
- [buster] - fastd 18-3+deb10u1
-CVE-2020-15256
- [buster] - node-object-path 0.11.4-2+deb10u1
-CVE-2020-7751
- [buster] - node-pathval 1.1.0-3+deb10u1
-CVE-2020-8037
- [buster] - tcpdump 4.9.3-1~deb10u2
-CVE-2017-18258
- [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
-CVE-2018-14404
- [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
-CVE-2018-14567
- [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
-CVE-2019-19956
- [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
-CVE-2019-20388
- [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
-CVE-2020-7595
- [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
-CVE-2020-28896
- [buster] - mutt 1.10.1-2.1+deb10u4
- [buster] - neomutt 20180716+dfsg.1-1+deb10u2
-CVE-2020-14812
- [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
-CVE-2020-14789
- [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
-CVE-2020-14776
- [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
-CVE-2020-14765
- [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
-CVE-2020-20739
- [buster] - vips 8.7.4-1+deb10u1
-CVE-2019-19039
- [buster] - linux 4.19.160-1
-CVE-2019-19377
- [buster] - linux 4.19.160-1
-CVE-2019-19770
- [buster] - linux 4.19.160-1
-CVE-2019-19816
- [buster] - linux 4.19.160-1
-CVE-2020-0423
- [buster] - linux 4.19.160-1
-CVE-2020-14351
- [buster] - linux 4.19.160-1
-CVE-2020-25656
- [buster] - linux 4.19.160-1
-CVE-2020-25668
- [buster] - linux 4.19.160-1
-CVE-2020-25669
- [buster] - linux 4.19.160-1
-CVE-2020-25704
- [buster] - linux 4.19.160-1
-CVE-2020-25705
- [buster] - linux 4.19.160-1
-CVE-2020-27673
- [buster] - linux 4.19.160-1
-CVE-2020-27675
- [buster] - linux 4.19.160-1
-CVE-2020-27777
- [buster] - linux 4.19.160-1
-CVE-2020-28941
- [buster] - linux 4.19.160-1
-CVE-2020-28974
- [buster] - linux 4.19.160-1
-CVE-2020-4788
- [buster] - linux 4.19.160-1
-CVE-2020-8694
- [buster] - linux 4.19.160-1
CVE-2019-20446
[buster] - librsvg 2.44.10-2.1+deb10u1
CVE-2019-10203
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/adaaa6ff01deb2858abd54d451e384c25f589cfe...dc8e34a9f2828324acd9f588a2351d77b250e97c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/adaaa6ff01deb2858abd54d451e384c25f589cfe...dc8e34a9f2828324acd9f588a2351d77b250e97c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201205/ff03c9cb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list