[Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
jmm at debian.org
Thu Feb 13 09:46:47 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
59629278 by Moritz Muehlenhoff at 2020-02-13T10:46:19+01:00
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1021,7 +1021,9 @@ CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (web
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...)
- python3.8 <unfixed>
- python3.7 <unfixed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
- python3.4 <removed>
- python2.7 <unfixed>
[buster] - python2.7 <no-dsa> (Minor issue)
@@ -2080,9 +2082,11 @@ CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read f
NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc
CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...)
- virglrenderer 0.8.2-1 (bug #949954)
+ [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42
CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
- virglrenderer 0.8.2-1 (bug #949954)
+ [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5
CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...)
NOT-FOR-US: Intellian Aptus application for Android
@@ -15206,6 +15210,7 @@ CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-B
NOT-FOR-US: Oracle
CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
- openjfx 11+26-1
+ [stretch] - openjfx <no-dsa> (Minor issue)
NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed
CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #949994)
@@ -22945,19 +22950,23 @@ CVE-2019-18392
RESERVED
CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
+ [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971
CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function in vrend ...)
- virglrenderer 0.8.1-1
+ [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151
CVE-2019-18389 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
+ [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921
CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...)
- virglrenderer 0.8.1-1
+ [buster] - virglrenderer <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16
NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/596292786a59bf96d8c565d903a00f8d455dfbeb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/596292786a59bf96d8c565d903a00f8d455dfbeb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200213/4e537a33/attachment.html>
More information about the debian-security-tracker-commits
mailing list