[Git][security-tracker-team/security-tracker][master] 3 commits: Add trailing separator for consistency

Salvatore Bonaccorso carnil at debian.org
Mon Dec 14 08:01:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2663e56 by Salvatore Bonaccorso at 2020-12-14T08:27:26+01:00
Add trailing separator for consistency

- - - - -
a5962f65 by Salvatore Bonaccorso at 2020-12-14T09:00:42+01:00
Process NFUs

- - - - -
b60cb213 by Salvatore Bonaccorso at 2020-12-14T09:00:58+01:00
Add CVE-2020-2626{4,5}/golang-github-go-ethereum

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12882,9 +12882,9 @@ CVE-2020-26267 (In affected versions of TensorFlow the tf.raw_ops.DataFormatVecP
 CVE-2020-26266 (In affected versions of TensorFlow under certain cases a saved model c ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
-	TODO: check
+	- golang-github-go-ethereum <itp> (bug #890541)
 CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
-	TODO: check
+	- golang-github-go-ethereum <itp> (bug #890541)
 CVE-2020-26263
 	RESERVED
 CVE-2020-26262
@@ -15690,13 +15690,13 @@ CVE-2020-25112 (An issue was discovered in the IPv6 stack in Contiki through 3.0
 CVE-2020-25111 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...)
 	NOT-FOR-US: Contiki
 CVE-2020-25110 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
-	TODO: check
+	NOT-FOR-US: Nut/OS
 CVE-2020-25109 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
-	TODO: check
+	NOT-FOR-US: Nut/OS
 CVE-2020-25108 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
-	TODO: check
+	NOT-FOR-US: Nut/OS
 CVE-2020-25107 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
-	TODO: check
+	NOT-FOR-US: Nut/OS
 CVE-2020-25106
 	RESERVED
 CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
@@ -17394,15 +17394,15 @@ CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstr
 	NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html
 	NOTE: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27
 CVE-2020-24341 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The T ...)
-	TODO: check
+	NOT-FOR-US: picoTCP (and picoTCP-NG)
 CVE-2020-24340 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The c ...)
-	TODO: check
+	NOT-FOR-US: picoTCP (and picoTCP-NG)
 CVE-2020-24339 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The D ...)
-	TODO: check
+	NOT-FOR-US: picoTCP (and picoTCP-NG)
 CVE-2020-24338 (An issue was discovered in picoTCP through 1.7.0. The DNS domain name  ...)
-	TODO: check
+	NOT-FOR-US: picoTCP
 CVE-2020-24337 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When  ...)
-	TODO: check
+	NOT-FOR-US: picoTCP (and picoTCP-NG)
 CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG through  ...)
 	NOT-FOR-US: Contiki
 CVE-2020-24335
@@ -27797,7 +27797,7 @@ CVE-2020-19167
 CVE-2020-19166
 	RESERVED
 CVE-2020-19165 (PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_ ...)
-	TODO: check
+	NOT-FOR-US: PHPSHE
 CVE-2020-19164
 	RESERVED
 CVE-2020-19163
@@ -36186,9 +36186,9 @@ CVE-2020-15378
 CVE-2020-15377
 	RESERVED
 CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...)
-	TODO: check
+	NOT-FOR-US: Brocade Fabric OS
 CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...)
-	TODO: check
+	NOT-FOR-US: Brocade Fabric OS
 CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...)
 	NOT-FOR-US: Brocade Fabric OS
 CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...)
@@ -36226,7 +36226,7 @@ CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege esc
 CVE-2020-15359
 	RESERVED
 CVE-2020-15357 (Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and  ...)
-	TODO: check
+	NOT-FOR-US: Askey
 CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...)
 	- sqlite3 3.32.3-1
 	[buster] - sqlite3 3.27.2-3+deb10u1
@@ -37051,7 +37051,7 @@ CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allow
 CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password  ...)
 	NOT-FOR-US: Avast Antivirus
 CVE-2020-15023 (Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected b ...)
-	TODO: check
+	NOT-FOR-US: Askey
 CVE-2020-15022
 	RESERVED
 CVE-2020-15021
@@ -41349,7 +41349,7 @@ CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in Sof
 CVE-2020-13521
 	REJECTED
 CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...)
-	TODO: check
+	NOT-FOR-US: Pixar OpenUSD
 CVE-2020-13519
 	RESERVED
 CVE-2020-13518
@@ -43844,7 +43844,7 @@ CVE-2020-12518
 CVE-2020-12517
 	RESERVED
 CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88 ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2020-12515
 	RESERVED
 CVE-2020-12514
@@ -44872,9 +44872,9 @@ CVE-2020-12151
 CVE-2020-12150
 	RESERVED
 CVE-2020-12149 (The configuration backup/restore function in Silver Peak Unity ECOSTM  ...)
-	TODO: check
+	NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software
 CVE-2020-12148 (A command injection flaw identified in the nslookup API in Silver Peak ...)
-	TODO: check
+	NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software
 CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...)
 	NOT-FOR-US: Silver Peak Unity Orchestrator
 CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...)
@@ -51888,19 +51888,19 @@ CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflo
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a
 CVE-2020-9999 (A memory corruption issue was addressed with improved state management ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9998
 	RESERVED
 CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...)
 	NOT-FOR-US: Apple
 CVE-2020-9996 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9995
 	RESERVED
 CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...)
 	NOT-FOR-US: Apple
 CVE-2020-9993 (The issue was addressed with improved UI handling. This issue is fixed ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...)
 	NOT-FOR-US: Apple
 CVE-2020-9991 (This issue was addressed with improved checks. This issue is fixed in  ...)
@@ -51911,11 +51911,11 @@ CVE-2020-9991 (This issue was addressed with improved checks. This issue is fixe
 CVE-2020-9990 (A race condition was addressed with additional validation. This issue  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9989 (The issue was addressed with improved deletion. This issue is fixed in ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9988 (The issue was addressed with improved deletion. This issue is fixed in ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9987 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...)
 	NOT-FOR-US: Apple
 CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...)
@@ -51932,7 +51932,7 @@ CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds c
 CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9981 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...)
 	NOT-FOR-US: Apple
 CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...)
@@ -51940,35 +51940,35 @@ CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue
 CVE-2020-9978
 	RESERVED
 CVE-2020-9977 (A validation issue existed in the entitlement verification. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2020-9975
 	RESERVED
 CVE-2020-9974 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2020-9972 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9971
 	RESERVED
 CVE-2020-9970
 	RESERVED
 CVE-2020-9969 (An access issue was addressed with additional sandbox restrictions. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9967
 	RESERVED
 CVE-2020-9966 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9965 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...)
 	NOT-FOR-US: Apple
 CVE-2020-9963 (The issue was addressed with improved handling of icon caches. This is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9962
 	RESERVED
 CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -51986,7 +51986,7 @@ CVE-2020-9956
 CVE-2020-9955
 	RESERVED
 CVE-2020-9954 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9953
 	RESERVED
 CVE-2020-9952 (An input validation issue was addressed with improved input validation ...)
@@ -52004,9 +52004,9 @@ CVE-2020-9951 (A use after free issue was addressed with improved memory managem
 	- wpewebkit 2.30.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9950 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9949 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...)
 	{DSA-4797-1}
 	- webkit2gtk 2.30.1-1
@@ -52015,17 +52015,17 @@ CVE-2020-9948 (A type confusion issue was addressed with improved memory handlin
 	- wpewebkit 2.30.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9947 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9944 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9943 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9942 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...)
@@ -52070,7 +52070,7 @@ CVE-2020-9924 (A logic issue was addressed with improved state management. This
 CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...)
 	NOT-FOR-US: Apple
 CVE-2020-9922 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...)
 	NOT-FOR-US: Apple
 CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...)
@@ -52473,37 +52473,37 @@ CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which ar
 	- wpewebkit 2.28.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0003.html
 CVE-2020-10017 (An out-of-bounds write was addressed with improved input validation. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10016 (A memory corruption issue was addressed with improved state management ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10015
 	RESERVED
 CVE-2020-10014 (A parsing issue in the handling of directory paths was addressed with  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10013 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10012 (An access issue was addressed with improved access restrictions. This  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10011 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10010 (A path handling issue was addressed with improved validation. This iss ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10009 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10008
 	RESERVED
 CVE-2020-10007 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10005
 	RESERVED
 CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-10001
 	RESERVED
 CVE-2020-10000


=====================================
data/dsa-needed.txt
=====================================
@@ -43,3 +43,4 @@ xcftools
 xerces-c (seb)
   Sylvain Beucler proposed an update, but the test fails on 32bit
   architectures so we'll need another pass at the test suite
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea88bd0d20f68853f66f39bb17eda3907ce16fe...b60cb213dcbbcdc8a9dc80ab32fceef73506a89a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea88bd0d20f68853f66f39bb17eda3907ce16fe...b60cb213dcbbcdc8a9dc80ab32fceef73506a89a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201214/509bd8a1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list