[Git][security-tracker-team/security-tracker][master] firefox/firefox-esr fixed

Moritz Muehlenhoff jmm at debian.org
Wed Feb 12 11:03:51 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d8949c0 by Moritz Muehlenhoff at 2020-02-12T12:03:25+01:00
firefox/firefox-esr fixed
buster/stretch triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -535,10 +535,14 @@ CVE-2020-8633
 	RESERVED
 CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
 	- cloud-init <unfixed>
+	[buster] - cloud-init <no-dsa> (Minor issue)
+	[stretch] - cloud-init <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
 	NOTE: https://github.com/canonical/cloud-init/pull/189
 CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...)
 	- cloud-init <unfixed>
+	[buster] - cloud-init <no-dsa> (Minor issue)
+	[stretch] - cloud-init <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
 	NOTE: https://github.com/canonical/cloud-init/pull/204
 CVE-2020-8630
@@ -588,6 +592,8 @@ CVE-2020-8609
 CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf  ...)
 	- libslirp <unfixed>
 	- qemu 1:4.1-2
+	[buster] - qemu <postponed> (Minor issue)
+	[stretch] - qemu <postponed> (Minor issue)
 	- qemu-kvm <removed>
 	- slirp <unfixed>
 	- slirp4netns <unfixed>
@@ -845,6 +851,8 @@ CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10,
 	- python3.5 <removed>
 	- python3.4 <removed>
 	- python2.7 <unfixed>
+	[buster] - python2.7 <no-dsa> (Minor issue)
+	[stretch] - python2.7 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue39503
 	NOTE: https://github.com/python/cpython/pull/18284
 	NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html
@@ -4602,12 +4610,12 @@ CVE-2020-6802
 	RESERVED
 CVE-2020-6801
 	RESERVED
-	- firefox <unfixed>
+	- firefox 73.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
 CVE-2020-6800
 	RESERVED
-	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox 73.0-1
+	- firefox-esr 68.5.0esr-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800
@@ -4620,8 +4628,8 @@ CVE-2020-6799
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
 CVE-2020-6798
 	RESERVED
-	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox 73.0-1
+	- firefox-esr 68.5.0esr-1
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798
@@ -4636,8 +4644,8 @@ CVE-2020-6797
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
 CVE-2020-6796
 	RESERVED
-	- firefox <unfixed>
-	- firefox-esr <unfixed>
+	- firefox 73.0-1
+	- firefox-esr 68.5.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796
 CVE-2020-6795
@@ -8649,7 +8657,9 @@ CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
 CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
 	{DLA-2072-1}
-	- gpac <unfixed>
+	- gpac <unfixed> (low)
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1335
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)
 CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -17786,6 +17796,7 @@ CVE-2020-1701
 	NOT-FOR-US: KubeVirt
 CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
 	- ceph 14.2.7-1
+	[buster] - ceph <no-dsa> (Minor issue)
 	[stretch] - ceph <not-affected> (Vulnerable code introduced later)
 	[jessie] - ceph <not-affected> (Vulnerable code introduced later)
 	NOTE: https://tracker.ceph.com/issues/42531



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d8949c0f9fbceb2b7bc9e0ef3a321e2be43c273

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d8949c0f9fbceb2b7bc9e0ef3a321e2be43c273
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200212/fbe11cde/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list