[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jul 25 21:10:32 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
594753c3 by security tracker role at 2020-07-25T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -182,6 +182,7 @@ CVE-2020-15864
 	RESERVED
 CVE-2020-15863 [stack-based overflow in  xgmac_enet_send() in hw/net/xgmac.c]
 	RESERVED
+	{DLA-2288-1}
 	- qemu 1:5.0-12
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
@@ -5458,7 +5459,7 @@ CVE-2020-13767
 CVE-2020-13766
 	RESERVED
 CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
-	{DSA-4728-1 DLA-2262-1}
+	{DSA-4728-1 DLA-2288-1 DLA-2262-1}
 	- qemu 1:4.2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
@@ -5611,7 +5612,7 @@ CVE-2020-13703
 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...)
 	NOT-FOR-US: Compound Finance Compound Price Oracle
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
-	{DSA-4728-1}
+	{DSA-4728-1 DLA-2288-1}
 	- qemu 1:5.0-6
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03732.html
 CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...)
@@ -5718,7 +5719,7 @@ CVE-2020-13661
 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
-	{DSA-4728-1}
+	{DSA-4728-1 DLA-2288-1}
 	- qemu 1:5.0-6
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
@@ -6396,11 +6397,11 @@ CVE-2020-13364
 CVE-2020-13363
 	RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
-	{DSA-4728-1 DLA-2262-1}
+	{DSA-4728-1 DLA-2288-1 DLA-2262-1}
 	- qemu 1:5.0-6 (bug #961887)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c  ...)
-	{DSA-4728-1 DLA-2262-1}
+	{DSA-4728-1 DLA-2288-1 DLA-2262-1}
 	- qemu 1:5.0-6 (bug #961888)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
@@ -14402,7 +14403,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 i
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking  ...)
-	{DSA-4728-1}
+	{DSA-4728-1 DLA-2288-1}
 	- libslirp 4.3.1-1
 	- qemu 1:4.1-2
 	- slirp4netns 1.0.1-1
@@ -19620,7 +19621,7 @@ CVE-2020-8610
 CVE-2020-8609
 	RESERVED
 CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf  ...)
-	{DSA-4733-1 DLA-2144-1 DLA-2142-1}
+	{DSA-4733-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
 	- libslirp 4.2.0-1
 	- qemu 1:4.1-2
 	- qemu-kvm <removed>
@@ -21877,20 +21878,20 @@ CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes
 	NOT-FOR-US: Node bcrypt
 CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
 	NOT-FOR-US: Node mversion
-CVE-2020-7687
-	RESERVED
-CVE-2020-7686
-	RESERVED
+CVE-2020-7687 (This affects all versions of package fast-http. There is no path sanit ...)
+	TODO: check
+CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...)
+	TODO: check
 CVE-2020-7685
 	RESERVED
 CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no  ...)
 	TODO: check
-CVE-2020-7683
-	RESERVED
-CVE-2020-7682
-	RESERVED
-CVE-2020-7681
-	RESERVED
+CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...)
+	TODO: check
+CVE-2020-7682 (This affects all versions of package marked-tree. There is no path san ...)
+	TODO: check
+CVE-2020-7681 (This affects all versions of package marscode. There is no path saniti ...)
+	TODO: check
 CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS).  ...)
 	TODO: check
 CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...)
@@ -22857,7 +22858,7 @@ CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Troj
 CVE-2019-20383
 	RESERVED
 CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
-	{DSA-4665-1}
+	{DSA-4665-1 DLA-2288-1}
 	- qemu 1:4.2-1
 	[jessie] - qemu <postponed> (Minor, can be fixed along in future DLA)
 	- qemu-kvm <removed>
@@ -36691,7 +36692,7 @@ CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder
 CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which  ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...)
-	{DSA-4665-1 DLA-2262-1}
+	{DSA-4665-1 DLA-2288-1 DLA-2262-1}
 	- qemu 1:4.1-2
 	- qemu-kvm <removed>
 	- libslirp 4.2.0-2
@@ -63887,7 +63888,7 @@ CVE-2019-12070
 CVE-2019-12069
 	RESERVED
 CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...)
-	{DSA-4665-1 DLA-1927-1}
+	{DSA-4665-1 DLA-2288-1 DLA-1927-1}
 	- qemu 1:4.1-2 (low)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
@@ -175705,7 +175706,7 @@ CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not che
 CVE-2017-9504
 	REJECTED
 CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ...)
-	{DLA-1497-1}
+	{DLA-2288-1 DLA-1497-1}
 	- qemu 1:2.10.0-1 (low; bug #865754)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present)
 	- qemu-kvm <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/594753c3b3c72b077c67a3bbac510b31c7d76725

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/594753c3b3c72b077c67a3bbac510b31c7d76725
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200725/5b0cc879/attachment.html>

More information about the debian-security-tracker-commits mailing list