[Git][security-tracker-team/security-tracker][master] new mpv issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b0b4882 by Moritz Muehlenhoff at 2020-07-20T12:07:00+02:00
new mpv issue
bsdiff no-dsa

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-XXXX [mpv insecure lua loadpath]
+	- mpv 0.32.0-2
+	[buster] - mpv <no-dsa> (Minor issue)
+	NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6
 CVE-2020-15851
 	RESERVED
 CVE-2020-15850
@@ -3723,6 +3727,7 @@ CVE-2020-14316
 CVE-2020-14315
 	RESERVED
 	- bsdiff <unfixed> (bug #964796)
+	[buster] - bsdiff <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
 CVE-2020-14314 [buffer uses out of index in ext3/4 filesystem]


=====================================
data/dsa-needed.txt
=====================================
@@ -26,8 +26,6 @@ nginx
 --
 openjdk-11 (jmm)
 --
-poppler (jmm)
---
 rails (jmm)
   Sylvain Beucler proposed to help for the update, remaining CVEs to be done
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b0b488224417d3f4883af4e5bd36316658fe007

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b0b488224417d3f4883af4e5bd36316658fe007
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200720/8166b4a2/attachment.html>