[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jul 19 21:10:24 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb6e401a by security tracker role at 2020-07-19T20:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4060,6 +4060,7 @@ CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc
 	NOTE: https://github.com/ngircd/ngircd/pull/276
 	NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
 CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...)
+	{DSA-4731-1}
 	- redis 5:6.0.0-1
 	[stretch] - redis <not-affected> (Vulnerable code reintroduced later)
 	[jessie] - redis <not-affected> (Vulnerable code reintroduced later)
@@ -5289,6 +5290,7 @@ CVE-2020-13703
 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...)
 	NOT-FOR-US: Compound Finance Compound Price Oracle
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
+	{DSA-4728-1}
 	- qemu 1:5.0-6
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
@@ -5395,6 +5397,7 @@ CVE-2020-13661
 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
+	{DSA-4728-1}
 	- qemu 1:5.0-6
 	[stretch] - qemu <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
@@ -6072,11 +6075,11 @@ CVE-2020-13364
 CVE-2020-13363
 	RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
-	{DLA-2262-1}
+	{DSA-4728-1 DLA-2262-1}
 	- qemu 1:5.0-6 (bug #961887)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c  ...)
-	{DLA-2262-1}
+	{DSA-4728-1 DLA-2262-1}
 	- qemu 1:5.0-6 (bug #961888)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
@@ -14063,6 +14066,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 i
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking  ...)
+	{DSA-4728-1}
 	- libslirp 4.3.1-1
 	- qemu 1:4.1-2
 	[stretch] - qemu <postponed> (Minor issue)
@@ -30368,6 +30372,7 @@ CVE-2020-4056
 CVE-2020-4055
 	RESERVED
 CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...)
+	{DSA-4730-1}
 	- ruby-sanitize 4.6.6-2.1 (bug #963808)
 	[stretch] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
 	[jessie] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
@@ -47047,6 +47052,7 @@ CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA
 CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
 	NOT-FOR-US: WiKID 2FA Enterprise Server
 CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...)
+	{DSA-4729-1}
 	- libopenmpt 0.4.9-1
 	NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
 	NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
@@ -56130,6 +56136,7 @@ CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer der
 	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2.x series)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/
 CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...)
+	{DSA-4729-1}
 	- libopenmpt 0.4.5-1 (low)
 	[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2 branch)
 	NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb6e401a7f393964298d87aaf5df295f4f68b06a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200719/eda759a0/attachment.html>

More information about the debian-security-tracker-commits mailing list