[Git][security-tracker-team/security-tracker][master] Add new nethack issues

Wed Jan 29 09:24:14 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7b57021 by Salvatore Bonaccorso at 2020-01-29T10:23:36+01:00
Add new nethack issues

All likely to be just maked no-dsa for buster and stretch but adding
those just for the initial tracking.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6880,17 +6880,25 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection
 CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
 	TODO: check
 CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
-	TODO: check
+	- nethack <unfixed>
+	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
 CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
-	TODO: check
+	- nethack <unfixed>
+	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
 CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
-	TODO: check
+	- nethack <unfixed>
+	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
 CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the  ...)
-	TODO: check
+	- nethack <unfixed>
+	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7
 CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
-	TODO: check
+	- nethack <unfixed>
+	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
+	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can  ...)
-	TODO: check
+	- nethack <unfixed>
+	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
+	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 CVE-2020-5208
 	RESERVED
 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7b57021a88a45130688a3bc4af6cae90ec489ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7b57021a88a45130688a3bc4af6cae90ec489ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/5b40991c/attachment-0001.html>
