[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Jul 27 09:10:22 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a6ef9a8 by security tracker role at 2020-07-27T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
+	TODO: check
+CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other  ...)
+	TODO: check
+CVE-2020-15952
+	RESERVED
+CVE-2020-15951
+	RESERVED
+CVE-2020-15950
+	RESERVED
+CVE-2020-15949
+	RESERVED
+CVE-2020-15948
+	RESERVED
 CVE-2020-XXXX [RUSTSEC-2020-0026]
 	- rust-linked-hash-map <unfixed> (bug #966246)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html
@@ -904,6 +918,7 @@ CVE-2020-15571
 CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...)
 	NOT-FOR-US: Whoopsie
 CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...)
+	{DLA-2292-1}
 	- milkytracker <unfixed> (bug #964797)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
@@ -5044,7 +5059,7 @@ CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation startin
 CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
 	NOT-FOR-US: IrfanView
 CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an  ...)
-	{DSA-4722-1}
+	{DSA-4722-1 DLA-2291-1}
 	- ffmpeg <unfixed>
 	NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
@@ -26944,8 +26959,8 @@ CVE-2020-5613
 	RESERVED
 CVE-2020-5612
 	RESERVED
-CVE-2020-5611
-	RESERVED
+CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...)
+	TODO: check
 CVE-2020-5610
 	RESERVED
 CVE-2020-5609
@@ -46358,7 +46373,7 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
 	NOTE: https://github.com/lz4/lz4/pull/756
 	NOTE: https://github.com/lz4/lz4/pull/760
 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
-	{DSA-4722-1 DLA-2021-1}
+	{DSA-4722-1 DLA-2291-1 DLA-2021-1}
 	- ffmpeg 7:4.2.1-1
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	- libav <removed>
@@ -55608,14 +55623,14 @@ CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/c
 	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://www.videolan.org/security/sb-vlc308.html
 CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
-	{DLA-1961-1}
+	{DLA-2292-1 DLA-1961-1}
 	- milkytracker 1.02.00+dfsg-2 (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
 	NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
 	NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
 CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
-	{DLA-1961-1}
+	{DLA-2292-1 DLA-1961-1}
 	- milkytracker 1.02.00+dfsg-2 (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -55733,7 +55748,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a
 	NOTE: https://github.com/schismtracker/schismtracker/issues/198
 	NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
 CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a  ...)
-	{DLA-1961-1}
+	{DLA-2292-1 DLA-1961-1}
 	- milkytracker 1.02.00+dfsg-2 (bug #933964)
 	[buster] - milkytracker <no-dsa> (Minor issue)
 	[stretch] - milkytracker <no-dsa> (Minor issue)
@@ -60247,7 +60262,7 @@ CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier
 	NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
 	NOTE: which seems to be the actual patch for this issue.
 CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
-	{DSA-4722-1}
+	{DSA-4722-1 DLA-2291-1}
 	- ffmpeg 7:4.2.1-1 (low; bug #932535)
 	[stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
 	NOTE: https://trac.ffmpeg.org/ticket/7979



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6ef9a8bbcd4f910d78e38d009f3c2c3f332d7b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a6ef9a8bbcd4f910d78e38d009f3c2c3f332d7b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200727/33ebc67e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list