[Git][security-tracker-team/security-tracker][master] firefox/firefox-esr fixed
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 12 11:03:51 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d8949c0 by Moritz Muehlenhoff at 2020-02-12T12:03:25+01:00
firefox/firefox-esr fixed
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -535,10 +535,14 @@ CVE-2020-8633
RESERVED
CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
- cloud-init <unfixed>
+ [buster] - cloud-init <no-dsa> (Minor issue)
+ [stretch] - cloud-init <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
NOTE: https://github.com/canonical/cloud-init/pull/189
CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...)
- cloud-init <unfixed>
+ [buster] - cloud-init <no-dsa> (Minor issue)
+ [stretch] - cloud-init <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
NOTE: https://github.com/canonical/cloud-init/pull/204
CVE-2020-8630
@@ -588,6 +592,8 @@ CVE-2020-8609
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...)
- libslirp <unfixed>
- qemu 1:4.1-2
+ [buster] - qemu <postponed> (Minor issue)
+ [stretch] - qemu <postponed> (Minor issue)
- qemu-kvm <removed>
- slirp <unfixed>
- slirp4netns <unfixed>
@@ -845,6 +851,8 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
- python3.5 <removed>
- python3.4 <removed>
- python2.7 <unfixed>
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39503
NOTE: https://github.com/python/cpython/pull/18284
NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
@@ -4602,12 +4610,12 @@ CVE-2020-6802
RESERVED
CVE-2020-6801
RESERVED
- - firefox <unfixed>
+ - firefox 73.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
CVE-2020-6800
RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox 73.0-1
+ - firefox-esr 68.5.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800
@@ -4620,8 +4628,8 @@ CVE-2020-6799
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
CVE-2020-6798
RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox 73.0-1
+ - firefox-esr 68.5.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798
@@ -4636,8 +4644,8 @@ CVE-2020-6797
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
CVE-2020-6796
RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox 73.0-1
+ - firefox-esr 68.5.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796
CVE-2020-6795
@@ -8649,7 +8657,9 @@ CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac <unfixed> (low)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1335
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)
CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -17786,6 +17796,7 @@ CVE-2020-1701
NOT-FOR-US: KubeVirt
CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
- ceph 14.2.7-1
+ [buster] - ceph <no-dsa> (Minor issue)
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
[jessie] - ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://tracker.ceph.com/issues/42531
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d8949c0f9fbceb2b7bc9e0ef3a321e2be43c273
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d8949c0f9fbceb2b7bc9e0ef3a321e2be43c273
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200212/fbe11cde/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list