[Git][security-tracker-team/security-tracker][master] 3 commits: Add new GRUB2 issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bba4198d by Salvatore Bonaccorso at 2020-07-29T18:03:53+02:00
Add new GRUB2 issues

- - - - -
d69e0ef8 by Salvatore Bonaccorso at 2020-07-29T18:08:57+02:00
Reserve DSA number for grub2 update

- - - - -
257a156b by Salvatore Bonaccorso at 2020-07-29T18:37:52+02:00
Demote CVE-2020-15705 to unimportant

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -920,10 +920,14 @@ CVE-2020-15708
 	RESERVED
 CVE-2020-15707
 	RESERVED
+	- grub2 <unfixed>
 CVE-2020-15706
 	RESERVED
+	- grub2 <unfixed>
 CVE-2020-15705
 	RESERVED
+	- grub2 <unfixed> (unimportant)
+	NOTE: Issue does not affect standard SB Debian setup.
 CVE-2020-15704
 	RESERVED
 CVE-2020-15703
@@ -4409,12 +4413,16 @@ CVE-2020-14312
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
 CVE-2020-14311
 	RESERVED
+	- grub2 <unfixed>
 CVE-2020-14310
 	RESERVED
+	- grub2 <unfixed>
 CVE-2020-14309
 	RESERVED
+	- grub2 <unfixed>
 CVE-2020-14308
 	RESERVED
+	- grub2 <unfixed>
 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...)
 	- wildfly <itp> (bug #752018)
 CVE-2020-14306
@@ -15008,6 +15016,8 @@ CVE-2020-10714
 	NOT-FOR-US: WildFly Elytron
 CVE-2020-10713
 	RESERVED
+	- grub2 <unfixed>
+	NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
 CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)
 	NOT-FOR-US: image registry operator in OpenShift Container Platform
 CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Jul 2020] DSA-4735-1 grub2 - security update
+	{CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707}
+	[buster] - grub2 2.02+dfsg1-20+deb10u1
 [26 Jul 2020] DSA-4734-1 openjdk-11 - security update
 	{CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621}
 	[buster] - openjdk-11 11.0.8+10-1~deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430b76f50c00ff468d7b961ef756101253349360...257a156b1eeead4dd658ccfbf3d97026e57f50fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430b76f50c00ff468d7b961ef756101253349360...257a156b1eeead4dd658ccfbf3d97026e57f50fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200729/ee072960/attachment.html>