[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jul 31 21:11:04 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ba4106e by security tracker role at 2020-07-31T20:10:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2020-16254
+	RESERVED
+CVE-2020-16253
+	RESERVED
+CVE-2020-16252
+	RESERVED
+CVE-2020-16251
+	RESERVED
+CVE-2020-16250
+	RESERVED
+CVE-2020-16249
+	RESERVED
+CVE-2020-16248
+	RESERVED
+CVE-2020-16247
+	RESERVED
+CVE-2020-16246
+	RESERVED
+CVE-2020-16245
+	RESERVED
+CVE-2020-16244
+	RESERVED
+CVE-2020-16243
+	RESERVED
+CVE-2020-16242
+	RESERVED
+CVE-2020-16241
+	RESERVED
+CVE-2020-16240
+	RESERVED
+CVE-2020-16239
+	RESERVED
+CVE-2020-16238
+	RESERVED
+CVE-2020-16237
+	RESERVED
+CVE-2020-16236
+	RESERVED
+CVE-2020-16235
+	RESERVED
+CVE-2020-16234
+	RESERVED
+CVE-2020-16233
+	RESERVED
+CVE-2020-16232
+	RESERVED
+CVE-2020-16231
+	RESERVED
+CVE-2020-16230
+	RESERVED
+CVE-2020-16229
+	RESERVED
+CVE-2020-16228
+	RESERVED
+CVE-2020-16227
+	RESERVED
+CVE-2020-16226
+	RESERVED
+CVE-2020-16225
+	RESERVED
+CVE-2020-16224
+	RESERVED
+CVE-2020-16223
+	RESERVED
+CVE-2020-16222
+	RESERVED
+CVE-2020-16221
+	RESERVED
+CVE-2020-16220
+	RESERVED
+CVE-2020-16219
+	RESERVED
+CVE-2020-16218
+	RESERVED
+CVE-2020-16217
+	RESERVED
+CVE-2020-16216
+	RESERVED
+CVE-2020-16215
+	RESERVED
+CVE-2020-16214
+	RESERVED
+CVE-2020-16213
+	RESERVED
+CVE-2020-16212
+	RESERVED
+CVE-2020-16211
+	RESERVED
+CVE-2020-16210
+	RESERVED
+CVE-2020-16209
+	RESERVED
+CVE-2020-16208
+	RESERVED
+CVE-2020-16207
+	RESERVED
+CVE-2020-16206
+	RESERVED
+CVE-2020-16205
+	RESERVED
+CVE-2020-16204
+	RESERVED
+CVE-2020-16203
+	RESERVED
+CVE-2020-16202
+	RESERVED
+CVE-2020-16201
+	RESERVED
+CVE-2020-16200
+	RESERVED
+CVE-2020-16199
+	RESERVED
+CVE-2020-16198
+	RESERVED
+CVE-2020-16197
+	RESERVED
+CVE-2020-16196
+	RESERVED
 CVE-2020-16195
 	RESERVED
 CVE-2020-16194
@@ -117,8 +235,8 @@ CVE-2020-16138
 	RESERVED
 CVE-2020-16137
 	RESERVED
-CVE-2020-16136
-	RESERVED
+CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...)
+	TODO: check
 CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...)
 	- libssh <unfixed> (bug #966560)
 	NOTE: https://bugs.libssh.org/T232
@@ -2466,10 +2584,10 @@ CVE-2020-15136
 	RESERVED
 CVE-2020-15135
 	RESERVED
-CVE-2020-15134
-	RESERVED
-CVE-2020-15133
-	RESERVED
+CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...)
+	TODO: check
+CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...)
+	TODO: check
 CVE-2020-15132
 	RESERVED
 CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...)
@@ -2478,8 +2596,8 @@ CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a v
 	NOT-FOR-US: Node slpjs
 CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists  ...)
 	NOT-FOR-US: Traefik
-CVE-2020-15128
-	RESERVED
+CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...)
+	TODO: check
 CVE-2020-15127
 	RESERVED
 CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...)
@@ -3823,8 +3941,8 @@ CVE-2020-14522
 	RESERVED
 CVE-2020-14521
 	RESERVED
-CVE-2020-14520
-	RESERVED
+CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...)
+	TODO: check
 CVE-2020-14519
 	RESERVED
 CVE-2020-14518
@@ -4551,16 +4669,14 @@ CVE-2020-14339 [leak of /dev/mapper/control into QEMU guests]
 	NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html
 CVE-2020-14338
 	RESERVED
-CVE-2020-14337
-	RESERVED
+CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2020-14336
 	RESERVED
 	NOT-FOR-US: OpenShift
 CVE-2020-14335
 	RESERVED
-CVE-2020-14334
-	RESERVED
+CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...)
 	- foreman <itp> (bug #663101)
 CVE-2020-14333
 	RESERVED
@@ -5026,6 +5142,7 @@ CVE-2020-14153 (In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-boun
 	- libjpeg-turbo <not-affected> (Vulnerable code not present; problematic condition cannot be reached)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
+	{DLA-2302-1}
 	- libjpeg9 1:9d-1 (low)
 	- libjpeg-turbo 1:1.5.2-1 (low)
 	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
@@ -6060,6 +6177,7 @@ CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an o
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html
 CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
+	{DLA-2302-1}
 	- libjpeg-turbo 1:2.0.5-1 (bug #962829)
 	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
 	[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
@@ -10212,8 +10330,8 @@ CVE-2020-12083
 	RESERVED
 CVE-2020-12082
 	RESERVED
-CVE-2020-12081
-	RESERVED
+CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...)
+	TODO: check
 CVE-2020-12080
 	RESERVED
 CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...)
@@ -15175,8 +15293,8 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspa
 	[jessie] - linux <ignored> (Does not affect supported architectures)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1
 	NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413
-CVE-2020-10731
-	RESERVED
+CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...)
+	TODO: check
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
 	- ldb 2:2.1.4-1
 	[buster] - ldb <no-dsa> (Minor issue)
@@ -18838,10 +18956,10 @@ CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(
 	NOT-FOR-US: Huawei
 CVE-2020-9250
 	RESERVED
-CVE-2020-9249
-	RESERVED
-CVE-2020-9248
-	RESERVED
+CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...)
+	TODO: check
+CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...)
+	TODO: check
 CVE-2020-9247
 	RESERVED
 CVE-2020-9246
@@ -21219,7 +21337,7 @@ CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which
 	NOT-FOR-US: Node canvas
 CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an atta ...)
 	NOT-FOR-US: servey
-CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect v1.13.3  ...)
+CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...)
 	NOT-FOR-US: UniFi Protect
 CVE-2020-8212
 	RESERVED
@@ -28184,8 +28302,8 @@ CVE-2020-5386
 	RESERVED
 CVE-2020-5385
 	RESERVED
-CVE-2020-5384
-	RESERVED
+CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...)
+	TODO: check
 CVE-2020-5383
 	RESERVED
 CVE-2020-5382
@@ -112372,7 +112490,7 @@ CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, relate
 CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS vulner ...)
 	NOT-FOR-US: HYBBS
 CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...)
-	{DLA-1719-1}
+	{DLA-2302-1 DLA-1719-1}
 	- libjpeg-turbo 1:2.0.5-1 (low; bug #924678)
 	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
 	- mozjpeg <itp> (bug #741487)
@@ -150097,7 +150215,7 @@ CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration
 CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the se ...)
 	NOT-FOR-US: Burp Suite (different from src:burp)
 CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...)
-	{DLA-1638-1}
+	{DLA-2302-1 DLA-1638-1}
 	- libjpeg-turbo 1:2.0.5-1 (low; bug #902950)
 	[buster] - libjpeg-turbo <no-dsa> (Minor issue)
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ba4106e9fdcf809ed16089e1c70dad7b2b4a569

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ba4106e9fdcf809ed16089e1c70dad7b2b4a569
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200731/f18fc72f/attachment.html>

More information about the debian-security-tracker-commits mailing list