[Git][security-tracker-team/security-tracker][master] buster triage

Thu Jul 9 18:45:01 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa31a1d0 by Moritz Muehlenhoff at 2020-07-09T19:43:51+02:00
buster triage
mark Google Closure Library as NFU, if this were a security issue as bundled
  in Chromium, it would get fixed via Chromium updates anyway

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -178,6 +178,7 @@ CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.
 	NOT-FOR-US: Whoopsie
 CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...)
 	- milkytracker <unfixed>
+	[buster] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
 CVE-2020-15568
 	RESERVED
@@ -14601,7 +14602,9 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
 	NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
 CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...)
 	- pillow <unfixed>
-	[jessie] - pillow <no-dsa> (Minor issue)
+	[buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
+	[stretch] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
+	[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
 	NOTE: https://github.com/python-pillow/Pillow/pull/4538
 	NOTE: Fixed in 6.2.3 and 7.1.0
 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an out-of-bou ...)
@@ -17993,9 +17996,7 @@ CVE-2020-8912
 CVE-2020-8911
 	RESERVED
 CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...)
-	- chromium <unfixed>
-	[stretch] - chromium <end-of-life> (see DSA 4562)
-	NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
+	NOT-FOR-US: Google Closure Library
 CVE-2020-8909
 	RESERVED
 CVE-2020-8908
@@ -18173,6 +18174,7 @@ CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converte
 CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...)
 	{DLA-2116-1}
 	- libpam-radius-auth 1.4.0-3 (bug #951396)
+	[buster] - libpam-radius-auth <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa31a1d00b6697e9206b40bd534c5a4b309920d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa31a1d00b6697e9206b40bd534c5a4b309920d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200709/31c39cb6/attachment-0001.html>
