[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 28 08:10:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1340df8 by security tracker role at 2020-02-28T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,14 +1,60 @@
+CVE-2020-9445
+ RESERVED
+CVE-2020-9444
+ RESERVED
+CVE-2020-9443
+ RESERVED
+CVE-2020-9442
+ RESERVED
+CVE-2020-9441
+ RESERVED
+CVE-2020-9440
+ RESERVED
+CVE-2020-9439
+ RESERVED
+CVE-2020-9438
+ RESERVED
+CVE-2020-9437
+ RESERVED
+CVE-2020-9436
+ RESERVED
+CVE-2020-9435
+ RESERVED
+CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...)
+ TODO: check
+CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...)
+ TODO: check
+CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...)
+ TODO: check
+CVE-2020-9427
+ RESERVED
+CVE-2020-9426
+ RESERVED
+CVE-2020-9425
+ RESERVED
+CVE-2020-9424
+ RESERVED
+CVE-2020-9423
+ RESERVED
+CVE-2020-9422
+ RESERVED
+CVE-2020-9421
+ RESERVED
+CVE-2019-20484
+ RESERVED
+CVE-2019-20483
+ RESERVED
CVE-2020-9420
RESERVED
CVE-2020-9419
RESERVED
-CVE-2020-9431 [LTE RRC dissector memory leak]
+CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
- wireshark 3.2.2-1
[jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850
-CVE-2020-9430 [WiMax DLMAP dissector crash]
+CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
- wireshark 3.2.2-1
[jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html
@@ -16,13 +62,13 @@ CVE-2020-9430 [WiMax DLMAP dissector crash]
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790
-CVE-2020-9428 [EAP dissector crash]
+CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
- wireshark 3.2.2-1
[jessie] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2
-CVE-2020-9429 [WireGuard dissector crash]
+CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...)
- wireshark 3.2.2-1
[buster] - wireshark <not-affected> (Vulnerable code not present)
[stretch] - wireshark <not-affected> (Vulnerable code not present)
@@ -371,6 +417,7 @@ CVE-2020-9276
CVE-2020-9275
RESERVED
CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...)
+ {DLA-2123-1}
- pure-ftpd 1.0.49-4 (bug #952666)
NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa
NOTE: though the CVE description does not specifically say, the issue seems to be an
@@ -5341,24 +5388,21 @@ CVE-2020-7065
RESERVED
CVE-2020-7064
RESERVED
-CVE-2020-7063
- RESERVED
+CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
- php7.4 7.4.3-1
- php7.3 7.3.15-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
NOTE: PHP Bug: http://bugs.php.net/79082
-CVE-2020-7062
- RESERVED
+CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
- php7.4 7.4.3-1
- php7.3 7.3.15-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
NOTE: PHP Bug: http://bugs.php.net/79221
-CVE-2020-7061
- RESERVED
+CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...)
- php7.4 7.4.3-1
- php7.3 7.3.15-1
- php7.0 <removed>
@@ -6836,8 +6880,7 @@ CVE-2020-6420
RESERVED
CVE-2020-6419
RESERVED
-CVE-2020-6418
- RESERVED
+CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...)
@@ -6870,8 +6913,7 @@ CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to
CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...)
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6407
- RESERVED
+CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...)
@@ -6934,19 +6976,16 @@ CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3
CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...)
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6386
- RESERVED
+CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...)
- chromium 80.0.3987.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...)
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6384
- RESERVED
+CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...)
- chromium 80.0.3987.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6383
- RESERVED
+CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...)
- chromium 80.0.3987.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...)
@@ -9015,12 +9054,12 @@ CVE-2020-5404
RESERVED
CVE-2020-5403
RESERVED
-CVE-2020-5402
- RESERVED
-CVE-2020-5401
- RESERVED
-CVE-2020-5400
- RESERVED
+CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...)
+ TODO: check
+CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...)
+ TODO: check
+CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...)
+ TODO: check
CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...)
NOT-FOR-US: Cloud Foundry CredHub
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
@@ -13330,46 +13369,43 @@ CVE-2020-3880
RESERVED
CVE-2020-3879
RESERVED
-CVE-2020-3878
- RESERVED
-CVE-2020-3877
- RESERVED
+CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2020-3876
RESERVED
-CVE-2020-3875
- RESERVED
-CVE-2020-3874
- RESERVED
-CVE-2020-3873
- RESERVED
-CVE-2020-3872
- RESERVED
-CVE-2020-3871
- RESERVED
-CVE-2020-3870
- RESERVED
-CVE-2020-3869
- RESERVED
-CVE-2020-3868
- RESERVED
+CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
+CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...)
+ TODO: check
+CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...)
+ TODO: check
+CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...)
+ TODO: check
+CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...)
+ TODO: check
+CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3867
- RESERVED
+CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3866
- RESERVED
-CVE-2020-3865
- RESERVED
+CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...)
+ TODO: check
+CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -13386,32 +13422,31 @@ CVE-2020-3864
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3863
RESERVED
-CVE-2020-3862
- RESERVED
+CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3861
- RESERVED
-CVE-2020-3860
- RESERVED
-CVE-2020-3859
- RESERVED
-CVE-2020-3858
- RESERVED
-CVE-2020-3857
- RESERVED
-CVE-2020-3856
- RESERVED
+CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
CVE-2020-3855
RESERVED
-CVE-2020-3854
- RESERVED
-CVE-2020-3853
- RESERVED
+CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
CVE-2020-3852
RESERVED
CVE-2020-3851
@@ -13424,50 +13459,50 @@ CVE-2020-3848
RESERVED
CVE-2020-3847
RESERVED
-CVE-2020-3846
- RESERVED
-CVE-2020-3845
- RESERVED
-CVE-2020-3844
- RESERVED
-CVE-2020-3843
- RESERVED
-CVE-2020-3842
- RESERVED
-CVE-2020-3841
- RESERVED
-CVE-2020-3840
- RESERVED
-CVE-2020-3839
- RESERVED
-CVE-2020-3838
- RESERVED
-CVE-2020-3837
- RESERVED
-CVE-2020-3836
- RESERVED
-CVE-2020-3835
- RESERVED
-CVE-2020-3834
- RESERVED
-CVE-2020-3833
- RESERVED
+CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...)
+ TODO: check
+CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ TODO: check
+CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...)
+ TODO: check
+CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
+CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...)
+ TODO: check
+CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...)
+ TODO: check
+CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
CVE-2020-3832
RESERVED
-CVE-2020-3831
- RESERVED
-CVE-2020-3830
- RESERVED
-CVE-2020-3829
- RESERVED
-CVE-2020-3828
- RESERVED
-CVE-2020-3827
- RESERVED
-CVE-2020-3826
- RESERVED
-CVE-2020-3825
- RESERVED
+CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
+CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...)
+ TODO: check
+CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ TODO: check
+CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...)
+ TODO: check
CVE-2019-19890 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...)
NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
CVE-2019-19889 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...)
@@ -107377,10 +107412,10 @@ CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't
NOT-FOR-US: Lutron Quantum BACnet Integration
CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
NOT-FOR-US: ASUS
-CVE-2018-8878
- RESERVED
-CVE-2018-8877
- RESERVED
+CVE-2018-8878 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...)
+ TODO: check
+CVE-2018-8877 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...)
+ TODO: check
CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
@@ -199629,6 +199664,7 @@ CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU,
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
CVE-2016-5104 (The socket_create function in common/socket.c in libimobiledevice and ...)
+ {DLA-2122-1 DLA-2121-1}
- libimobiledevice 1.2.0+dfsg-3 (bug #825553)
[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1340df804ba82c72a5a3e6f3fcfb1f74579f126
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1340df804ba82c72a5a3e6f3fcfb1f74579f126
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200228/a305e0c7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list