[Git][security-tracker-team/security-tracker][master] automatic update

Thu Jul 9 09:10:32 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73cbb8c7 by security tracker role at 2020-07-09T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1249,10 +1249,10 @@ CVE-2020-15075
 	RESERVED
 CVE-2020-15074
 	RESERVED
-CVE-2020-15073
-	RESERVED
-CVE-2020-15072
-	RESERVED
+CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...)
+	TODO: check
+CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...)
+	TODO: check
 CVE-2020-15071
 	RESERVED
 CVE-2020-15070
@@ -2523,7 +2523,7 @@ CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies
 	NOT-FOR-US: Cellebrite
 CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
 	NOT-FOR-US: DrayTek
-CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...)
+CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 ...)
 	NOT-FOR-US: DrayTek
 CVE-2020-14471
 	RESERVED
@@ -4195,6 +4195,7 @@ CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation startin
 CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
 	NOT-FOR-US: IrfanView
 CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an  ...)
+	{DSA-4722-1}
 	- ffmpeg <unfixed>
 	NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
@@ -8228,6 +8229,7 @@ CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, th
 CVE-2020-12285
 	RESERVED
 CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...)
+	{DSA-4722-1}
 	- ffmpeg 7:4.2.3-1
 	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
@@ -22357,7 +22359,7 @@ CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x
 	NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
 	NOTE: PHP Bug: https://bugs.php.net/79329
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
-CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...)
+CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using  ...)
 	{DSA-4719-1}
 	- php7.4 7.4.5-1
 	- php7.3 <removed>
@@ -25197,8 +25199,8 @@ CVE-2020-5976
 	RESERVED
 CVE-2020-5975
 	RESERVED
-CVE-2020-5974
-	RESERVED
+CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...)
+	TODO: check
 CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
 	NOT-FOR-US: NVIDIA Virtual GPU Manager
 CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
@@ -25969,8 +25971,8 @@ CVE-2020-5606
 	RESERVED
 CVE-2020-5605
 	RESERVED
-CVE-2020-5604
-	RESERVED
+CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0 allows a ...)
+	TODO: check
 CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging Confi ...)
@@ -45341,7 +45343,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
 	NOTE: https://github.com/lz4/lz4/pull/756
 	NOTE: https://github.com/lz4/lz4/pull/760
 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
-	{DLA-2021-1}
+	{DSA-4722-1 DLA-2021-1}
 	- ffmpeg 7:4.2.1-1
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed>
@@ -45369,6 +45371,7 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
+	{DSA-4722-1}
 	- ffmpeg 7:4.2.1-1 (low)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed> (low)
@@ -59206,6 +59209,7 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier
 	NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
 	NOTE: which seems to be the actual patch for this issue.
 CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
+	{DSA-4722-1}
 	- ffmpeg 7:4.2.1-1 (low; bug #932535)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	NOTE: https://trac.ffmpeg.org/ticket/7979



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73cbb8c76ed00afa6d546e927624e330522f1a96

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73cbb8c76ed00afa6d546e927624e330522f1a96
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200709/1f786388/attachment.html>
