[Git][security-tracker-team/security-tracker][master] Track several CVEs fixed for crhomium via unstable

Salvatore Bonaccorso carnil at debian.org
Tue Feb 18 05:53:12 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9584b3a8 by Salvatore Bonaccorso at 2020-02-18T06:52:39+01:00
Track several CVEs fixed for crhomium via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5885,113 +5885,111 @@ CVE-2020-6419
 CVE-2020-6418
 	RESERVED
 CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
-	- chromium <unfixed>
-	[stretch] - chromium <end-of-life> (see DSA 4562)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6407
 	RESERVED
 CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X  ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to  ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6386
 	RESERVED
 CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6384
 	RESERVED
 CVE-2020-6383
 	RESERVED
 CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
 	{DSA-4606-1}
@@ -12091,13 +12089,15 @@ CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.gi
 CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...)
 	- sqlite3 <not-affected> (Incomplete fix for CVE-2019-19880 not applied)
 	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
 	- sqlite3 3.30.1+fossil191229-1
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
+	- chromium 80.0.3987.106-1
+	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
 CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
 	- sqlite3 3.30.1+fossil191229-1
@@ -12110,7 +12110,7 @@ CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain
 	[buster] - sqlite3 <no-dsa> (Minor issue)
 	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
 	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
-	- chromium <unfixed>
+	- chromium 80.0.3987.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35
 CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9584b3a89df4dcd20eae43f8e06abd3cdf70396f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9584b3a89df4dcd20eae43f8e06abd3cdf70396f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/07ff062f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list