[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 2 09:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5080947c by security tracker role at 2020-07-02T08:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-15501
+ RESERVED
+CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
+ TODO: check
+CVE-2020-15499
+ RESERVED
+CVE-2020-15498
+ RESERVED
CVE-2020-15497
RESERVED
CVE-2020-15496
@@ -12,10 +20,10 @@ CVE-2020-15492
RESERVED
CVE-2020-15491
RESERVED
-CVE-2020-15490
- RESERVED
-CVE-2020-15489
- RESERVED
+CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+ TODO: check
+CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+ TODO: check
CVE-2020-15488
RESERVED
CVE-2020-15487
@@ -19979,8 +19987,8 @@ CVE-2019-20419
RESERVED
CVE-2019-20418
RESERVED
-CVE-2019-20417
- RESERVED
+CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ TODO: check
CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...)
@@ -22517,7 +22525,7 @@ CVE-2019-20378 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS
CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...)
NOT-FOR-US: TopList
CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP chunks ...)
- {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
+ {DSA-4714-1 DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
- firefox 76.0-1
- firefox-esr 68.8.0esr-1
- thunderbird 1:68.8.0-1
@@ -23357,20 +23365,24 @@ CVE-2020-6510
RESERVED
CVE-2020-6509
RESERVED
+ {DSA-4714-1}
- chromium 83.0.4103.116-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6508
RESERVED
CVE-2020-6507
RESERVED
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6506
RESERVED
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6505
RESERVED
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6504 (Insufficient policy enforcement in notifications in Google Chrome prio ...)
@@ -23398,136 +23410,179 @@ CVE-2020-6499 (Inappropriate implementation in AppCache in Google Chrome prior t
- chromium 80.0.3987.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6498 (Incorrect implementation in user interface in Google Chrome on iOS pri ...)
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6497 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...)
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6496 (Use after free in payments in Google Chrome on MacOS prior to 83.0.410 ...)
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6495 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6494 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.0.410 ...)
+ {DSA-4714-1}
- chromium 83.0.4103.106-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6492
RESERVED
CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...)
- chromium <not-affected> (Only affects installer)
CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6470 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6469 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6468 (Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6467 (Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowe ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6466 (Use after free in media in Google Chrome prior to 83.0.4103.61 allowed ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6465 (Use after free in reader mode in Google Chrome on Android prior to 83. ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6464 (Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowe ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6463 (Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6462 (Use after free in task scheduling in Google Chrome prior to 81.0.4044. ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6461 (Use after free in storage in Google Chrome prior to 81.0.4044.129 allo ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6460 (Insufficient data validation in URL formatting in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6459 (Use after free in payments in Google Chrome prior to 81.0.4044.122 all ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6458 (Out of bounds read and write in PDFium in Google Chrome prior to 81.0. ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6457 (Use after free in speech recognizer in Google Chrome prior to 81.0.404 ...)
+ {DSA-4714-1}
- chromium 83.0.4103.83-1 (bug #958450)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6453 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...)
@@ -23551,60 +23606,79 @@ CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 a
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
@@ -23632,6 +23706,7 @@ CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 a
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...)
@@ -26377,8 +26452,8 @@ CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can
NOT-FOR-US: wagtail-2fa
CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
NOT-FOR-US: Mailu
-CVE-2020-5238
- RESERVED
+CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...)
+ TODO: check
CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...)
NOT-FOR-US: oneup/uploader-bundle
CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
@@ -31720,8 +31795,8 @@ CVE-2020-3404
RESERVED
CVE-2020-3403
RESERVED
-CVE-2020-3402
- RESERVED
+CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
+ TODO: check
CVE-2020-3401
RESERVED
CVE-2020-3400
@@ -31742,8 +31817,8 @@ CVE-2020-3393
RESERVED
CVE-2020-3392
RESERVED
-CVE-2020-3391
- RESERVED
+CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
+ TODO: check
CVE-2020-3390
RESERVED
CVE-2020-3389
@@ -31848,8 +31923,8 @@ CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVir
[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
-CVE-2020-3340
- RESERVED
+CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
NOT-FOR-US: Cisco
CVE-2020-3338
@@ -31938,8 +32013,8 @@ CVE-2020-3299
RESERVED
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
NOT-FOR-US: Cisco
-CVE-2020-3297
- RESERVED
+CVE-2020-3297 (A vulnerability in session management for the web-based interface of C ...)
+ TODO: check
CVE-2020-3296 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2020-3295 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -51214,12 +51289,12 @@ CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers t
- tikiwiki <removed>
CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...)
NOT-FOR-US: Zimbra Collaboration
-CVE-2019-15312
- RESERVED
-CVE-2019-15311
- RESERVED
-CVE-2019-15310
- RESERVED
+CVE-2019-15312 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...)
+ TODO: check
+CVE-2019-15311 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...)
+ TODO: check
+CVE-2019-15310 (An issue was discovered on various devices via the Linkplay firmware. ...)
+ TODO: check
CVE-2019-15309
RESERVED
CVE-2019-15308
@@ -58909,7 +58984,7 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DLA-1888-1}
+ {DSA-4712-1 DLA-1888-1}
- imagemagick <unfixed> (bug #931449)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
NOTE: initial fix:
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5080947cff7f70a0c2bc6e4617fd626b04905047
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5080947cff7f70a0c2bc6e4617fd626b04905047
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200702/7724c5da/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list