[Git][security-tracker-team/security-tracker][master] - "new" dnsmasq issue (CVE is for Red Hat, but they essentially found the same...

Moritz Muehlenhoff jmm at debian.org
Wed Jul 1 11:11:51 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bce5996a by Moritz Muehlenhoff at 2020-07-01T12:10:45+02:00
- "new" dnsmasq issue (CVE is for Red Hat, but they essentially found the same issue Mika Prokop did back in 2014)
- new rails issue
- NFU
- add squid to dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2732,6 +2732,8 @@ CVE-2020-14313
 	RESERVED
 CVE-2020-14312
 	RESERVED
+	- dnsmasq 2.69-1 (bug #732610)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
 CVE-2020-14311
 	RESERVED
 CVE-2020-14310
@@ -2744,6 +2746,7 @@ CVE-2020-14307
 	RESERVED
 CVE-2020-14306
 	RESERVED
+	NOT-FOR-US: OpenShift
 CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
 	RESERVED
 	- linux 4.12.6-1
@@ -19156,6 +19159,9 @@ CVE-2020-8186
 	RESERVED
 CVE-2020-8185
 	RESERVED
+	[experimental] - rails <unfixed>
+	- rails <not-affected> (Introduced in rails 6.x)
+	NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
 	- ruby-rack <unfixed> (bug #963477)
 	NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c


=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,8 @@ rails
 ruby2.5/stable
   Utkarsh Gupta proposed to work on an update
 --
+squid/stable
+--
 squid3/oldstable
 --
 teeworlds/stable (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce5996ab8f2bd2b6973399354cc25c0f1d4c0e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce5996ab8f2bd2b6973399354cc25c0f1d4c0e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200701/64ca8c07/attachment.html>

More information about the debian-security-tracker-commits mailing list