[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jan 20 20:10:32 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6638748 by security tracker role at 2020-01-20T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-20382
+	RESERVED
 CVE-2020-7238
 	RESERVED
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
@@ -1855,14 +1857,18 @@ CVE-2020-6381
 	RESERVED
 CVE-2020-6380
 	RESERVED
+	{DSA-4606-1}
 	- chromium 79.0.3945.130-1
 CVE-2020-6379
 	RESERVED
+	{DSA-4606-1}
 	- chromium 79.0.3945.130-1
 CVE-2020-6378
 	RESERVED
+	{DSA-4606-1}
 	- chromium 79.0.3945.130-1
 CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.130-1
 CVE-2020-6376
 	RESERVED
@@ -4637,6 +4643,7 @@ CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and E
 CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
 	NOT-FOR-US: themes for WordPress
 CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based  ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <no-dsa> (Minor issue)
@@ -4833,11 +4840,13 @@ CVE-2019-20173
 CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
 	NOT-FOR-US: SerenityOS
 CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1337
 	NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
 	NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c
 CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1328
 	NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03
@@ -4861,6 +4870,7 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 	NOTE: https://github.com/gpac/gpac/issues/1331
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
 CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1338
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)
@@ -4869,14 +4879,17 @@ CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 	NOTE: https://github.com/gpac/gpac/issues/1332
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
 CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1335
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)
 CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1327
 	NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77
 CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
+	{DLA-2072-1}
 	- gpac <unfixed>
 	NOTE: https://github.com/gpac/gpac/issues/1320
 	NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956
@@ -23058,7 +23071,7 @@ CVE-2019-17027
 	RESERVED
 CVE-2019-17026
 	RESERVED
-	{DSA-4603-1 DSA-4600-1 DLA-2061-1}
+	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
 	- firefox 72.0.1-1 (bug #948452)
 	- firefox-esr 68.4.1esr-1
 	- thunderbird 1:68.4.1-1
@@ -23068,7 +23081,7 @@ CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefo
 	- firefox 72.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025
 CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...)
-	{DSA-4603-1 DSA-4600-1 DLA-2061-1}
+	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	- thunderbird 1:68.4.1-1
@@ -23082,7 +23095,7 @@ CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiat
 	NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
 	NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78
 CVE-2019-17022 (When pasting a &lt;style&gt; tag from the clipboard into a ric ...)
-	{DSA-4603-1 DSA-4600-1 DLA-2061-1}
+	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	- thunderbird 1:68.4.1-1
@@ -23106,7 +23119,7 @@ CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboar
 	- firefox <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018
 CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...)
-	{DSA-4603-1 DSA-4600-1 DLA-2061-1}
+	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	- thunderbird 1:68.4.1-1
@@ -23114,7 +23127,7 @@ CVE-2019-17017 (Due to a missing case handling object types, a type confusion vu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17017
 CVE-2019-17016 (When pasting a &lt;style&gt; tag from the clipboard into a ric ...)
-	{DSA-4603-1 DSA-4600-1 DLA-2061-1}
+	{DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1}
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	- thunderbird 1:68.4.1-1
@@ -24985,12 +24998,14 @@ CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_b
 	NOTE: Introduced in https://github.com/gpac/gpac/commit/6cfd65819add78426d9635e3f8358f8bc149b645 (v0.6.0)
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.)
 CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1  ...)
+	{DLA-2072-1}
 	- gpac <unfixed> (bug #940882)
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <no-dsa> (Minor issue)
 	NOTE: https://github.com/gpac/gpac/issues/1180
 	NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13
 CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...)
+	{DLA-2072-1}
 	- gpac <unfixed> (bug #940882)
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <no-dsa> (Minor issue)
@@ -33229,6 +33244,7 @@ CVE-2019-13769
 CVE-2019-13768
 	RESERVED
 CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 79.0.3945.88  ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.130-1
 CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 ...)
 	{DSA-4562-1}
@@ -33237,84 +33253,121 @@ CVE-2019-13765 (Use-after-free in content delivery manager in Google Chrome prio
 	{DSA-4562-1}
 	- chromium 78.0.3904.87-1
 CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome prior to  ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13762 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13761 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13760
 	RESERVED
 CVE-2019-13759 (Incorrect security UI in interstitials in Google Chrome prior to 79.0. ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13758 (Insufficient policy enforcement in navigation in Google Chrome on Andr ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13757 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13756 (Incorrect security UI in printing in Google Chrome prior to 79.0.3945. ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13755 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13754 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13753 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13752 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13751 (Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 al ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13750 (Insufficient data validation in SQLite in Google Chrome prior to 79.0. ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13749 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13748 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13747 (Uninitialized data in rendering in Google Chrome on Android prior to 7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13746 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13745 (Insufficient policy enforcement in audio in Google Chrome prior to 79. ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13744 (Insufficient policy enforcement in cookies in Google Chrome prior to 7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13743 (Incorrect security UI in external protocol handling in Google Chrome p ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13742 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13741 (Insufficient validation of untrusted input in Blink in Google Chrome p ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13740 (Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13739 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13738 (Insufficient policy enforcement in navigation in Google Chrome prior t ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13737 (Insufficient policy enforcement in autocomplete in Google Chrome prior ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13736 (Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allo ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13735 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13734 (Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 a ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13733
 	RESERVED
 CVE-2019-13732 (Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allo ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13731
 	RESERVED
 CVE-2019-13730 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13729 (Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 al ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13728 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13727 (Insufficient policy enforcement in WebSockets in Google Chrome prior t ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13726 (Buffer overflow in password manager in Google Chrome prior to 79.0.394 ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13725 (Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 all ...)
+	{DSA-4606-1}
 	- chromium 79.0.3945.79-1
 CVE-2019-13724 (Out of bounds memory access in WebBluetooth in Google Chrome prior to  ...)
 	{DSA-4575-1}
@@ -33646,6 +33699,7 @@ CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9
 CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-bas ...)
+	{DLA-2072-1}
 	- gpac <unfixed> (low; bug #932242)
 	[buster] - gpac <no-dsa> (Minor issue)
 	[stretch] - gpac <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6638748e013b653b1e792019987909827a0572d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6638748e013b653b1e792019987909827a0572d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200120/55736007/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list