[Git][security-tracker-team/security-tracker][master] NFU

Thu Jul 2 21:14:33 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f5e2ed0 by Moritz Muehlenhoff at 2020-07-02T22:14:07+02:00
NFU
one IM fixup in CVE list

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -977,7 +977,7 @@ CVE-2020-15048
 CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...)
 	- trojita <itp> (bug #795701)
 CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
-	TODO: check
+	NOT-FOR-US: Node traceroute
 CVE-2018-21267
 	RESERVED
 CVE-2018-21266
@@ -14490,7 +14490,8 @@ CVE-2020-10253
 CVE-2020-10252
 	RESERVED
 CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
-	- imagemagick <unfixed> (bug #953741)
+	- imagemagick <unfixed> (low; bug #953741)
+	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
 	[jessie] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859
@@ -20332,7 +20333,7 @@ CVE-2020-7818
 CVE-2020-7817
 	RESERVED
 CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
-	TODO: check
+	NOT-FOR-US: DaView
 CVE-2020-7815
 	RESERVED
 CVE-2020-7814
@@ -20586,9 +20587,9 @@ CVE-2020-7691
 CVE-2020-7690
 	RESERVED
 CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...)
-	TODO: check
+	NOT-FOR-US: Node bcrypt
 CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
-	TODO: check
+	NOT-FOR-US: Node mversion
 CVE-2020-7687
 	RESERVED
 CVE-2020-7686
@@ -20606,7 +20607,7 @@ CVE-2020-7681
 CVE-2020-7680
 	RESERVED
 CVE-2020-7679 (The mergeObjects utility function is susceptible to Prototype Pollutio ...)
-	TODO: check
+	NOT-FOR-US: Node casperjs
 CVE-2020-7678
 	RESERVED
 CVE-2020-7677
@@ -20619,9 +20620,9 @@ CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-
 	NOTE: https://github.com/angular/angular.js/pull/17028
 	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
 CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...)
-	TODO: check
+	NOT-FOR-US: Node cd-messenger
 CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...)
-	TODO: check
+	NOT-FOR-US: Node access-policy
 CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...)
 	TODO: check
 CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...)
@@ -59014,8 +59015,8 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (bug #931447)
-	[stretch] - imagemagick <postponed> (Needs further clarification on patch)
+	- imagemagick <unfixed> (low; bug #931447)
+	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01


=====================================
data/DSA/list
=====================================
@@ -12,7 +12,7 @@
 	[stretch] - firefox-esr 68.10.0esr-1~deb9u1
 	[buster] - firefox-esr 68.10.0esr-1~deb10u1
 [30 Jun 2020] DSA-4712-1 imagemagick - security update
-	{CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949}
+	{CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-13391}
 	[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1
 [29 Jun 2020] DSA-4711-1 coturn - security update
 	{CVE-2020-4067 CVE-2020-6061 CVE-2020-6062}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f5e2ed0fddc73403b6f6f665006727c6ed559cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f5e2ed0fddc73403b6f6f665006727c6ed559cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200702/207ec580/attachment-0001.html>
