[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 6 08:10:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
696c52e8 by security tracker role at 2020-12-06T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-29591
+ RESERVED
+CVE-2020-29590
+ RESERVED
+CVE-2020-29589
+ RESERVED
+CVE-2020-29588
+ RESERVED
+CVE-2020-29587
+ RESERVED
+CVE-2020-29586
+ RESERVED
+CVE-2020-29585
+ RESERVED
+CVE-2020-29584
+ RESERVED
+CVE-2020-29583
+ RESERVED
+CVE-2020-29582
+ RESERVED
+CVE-2020-29581
+ RESERVED
+CVE-2020-29580
+ RESERVED
+CVE-2020-29579
+ RESERVED
+CVE-2020-29578
+ RESERVED
+CVE-2020-29577
+ RESERVED
+CVE-2020-29576
+ RESERVED
+CVE-2020-29575
+ RESERVED
+CVE-2020-29574
+ RESERVED
+CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...)
+ TODO: check
+CVE-2020-29572 (app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp ...)
+ TODO: check
CVE-2020-29571
RESERVED
CVE-2020-29570
@@ -1567,6 +1607,7 @@ CVE-2020-28943
CVE-2020-28942 (An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST ...)
NOT-FOR-US: PrimeKey EJBCA
CVE-2020-28941 (An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c i ...)
+ {DLA-2483-1}
- linux 5.9.11-1
[buster] - linux 4.19.160-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -3972,6 +4013,7 @@ CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Serv
NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
NOTE: https://github.com/golang/go/issues/42552
CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...)
+ {DLA-2483-1}
- linux 5.9.9-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804
@@ -6958,6 +7000,7 @@ CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were co
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0)
CVE-2020-27777
RESERVED
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
[stretch] - linux <ignored> (Only an issue when Secure Boot is implemented)
@@ -7914,10 +7957,12 @@ CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism
CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...)
NOT-FOR-US: BigBlueButton
CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://xenbits.xen.org/xsa/advisory-332.html
CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://xenbits.xen.org/xsa/advisory-331.html
@@ -12141,11 +12186,13 @@ CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_i
NOTE: https://github.com/Cacti/cacti/issues/3723
NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux kernel f ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5
NOTE: https://www.saddns.net/
CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00
@@ -12270,11 +12317,13 @@ CVE-2020-25670
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25669
RESERVED
+ {DLA-2483-1}
- linux 5.9.11-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/2
CVE-2020-25668 [concurrency use-after-free in vt]
RESERVED
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/30/1
@@ -12353,6 +12402,7 @@ CVE-2020-25657
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
@@ -36902,6 +36952,7 @@ CVE-2020-14353
CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...)
NOT-FOR-US: librepo
CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/
@@ -52962,6 +53013,7 @@ CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Pr
- intel-microcode 3.20201110.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...)
+ {DLA-2483-1}
- linux 5.9.9-1
[buster] - linux 4.19.160-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
@@ -63074,6 +63126,7 @@ CVE-2020-4790
CVE-2020-4789
RESERVED
CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...)
+ {DLA-2483-1}
- linux 5.9.11-1
[buster] - linux 4.19.160-1
[stretch] - linux <ignored> (powerpc architectures not included in LTS)
@@ -66483,7 +66536,7 @@ CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- {DLA-2385-1}
+ {DLA-2483-1 DLA-2385-1}
- linux 5.2.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
@@ -67647,6 +67700,7 @@ CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation fo
CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
NOT-FOR-US: Cisco
CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free ...)
+ {DLA-2483-1}
- linux 5.7.17-1
[buster] - linux 4.19.160-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
@@ -71760,6 +71814,7 @@ CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can
CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- linux <unfixed>
CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
+ {DLA-2483-1}
- linux 5.6.7-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
@@ -73056,6 +73111,7 @@ CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61
CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...)
NOT-FOR-US: KairosDB
CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Li ...)
+ {DLA-2483-1}
- linux 5.6.7-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
@@ -77782,6 +77838,7 @@ CVE-2020-0425 (There is a possible way to view notifications even when the "Lock
CVE-2020-0424 (In send_vc of res_send.cpp, there is a possible out of bounds read due ...)
NOT-FOR-US: Android
CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...)
+ {DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696c52e87d7902ccdc419f50d8c6c70e87ee00f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696c52e87d7902ccdc419f50d8c6c70e87ee00f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201206/2404b41c/attachment.html>
More information about the debian-security-tracker-commits
mailing list