[Git][security-tracker-team/security-tracker][master] python no-dsa
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 2 08:22:38 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e96da2a by Moritz Muehlenhoff at 2020-07-02T09:22:12+02:00
python no-dsa
IM updates
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2543,7 +2543,9 @@ CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in
CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
- python3.8 3.8.4~rc1-1
- python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
- python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
- python3.4 <removed>
[jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
NOTE: https://bugs.python.org/issue41004
@@ -30030,7 +30032,7 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
{DSA-4712-1 DLA-2049-1}
- imagemagick <unfixed> (low; bug #947309)
- [stretch] - imagemagick <no-dsa> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
@@ -58672,7 +58674,8 @@ CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses th
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
- - imagemagick <unfixed> (bug #931633)
+ - imagemagick <unfixed> (low; bug #931633)
+ [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
@@ -58952,7 +58955,8 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #931455)
+ - imagemagick <unfixed> (low; bug #931455)
+ [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
NOTE: Some older version before the fixing commit did as well not check for
@@ -58963,7 +58967,8 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
{DSA-4712-1 DLA-1888-1}
- - imagemagick <unfixed> (bug #931457)
+ - imagemagick <unfixed> (low; bug #931457)
+ [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...)
=====================================
data/DSA/list
=====================================
@@ -6,7 +6,7 @@
[stretch] - firefox-esr 68.10.0esr-1~deb9u1
[buster] - firefox-esr 68.10.0esr-1~deb10u1
[30 Jun 2020] DSA-4712-1 imagemagick - security update
- {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949}
+ {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949}
[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1
[29 Jun 2020] DSA-4711-1 coturn - security update
{CVE-2020-4067 CVE-2020-6061 CVE-2020-6062}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e96da2a7ee2c52e81a195c1cfbf7755ee358a89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e96da2a7ee2c52e81a195c1cfbf7755ee358a89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200702/5ee3c5c7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list