[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jun 7 21:10:29 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b8c95a2 by security tracker role at 2020-06-07T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-13908
+	RESERVED
+CVE-2020-13907
+	RESERVED
+CVE-2020-13906
+	RESERVED
+CVE-2020-13905
+	RESERVED
+CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an  ...)
+	TODO: check
+CVE-2020-13903
+	RESERVED
+CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...)
+	TODO: check
 CVE-2020-13901
 	RESERVED
 CVE-2020-13900
@@ -2903,6 +2917,7 @@ CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
 CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...)
+	{DLA-2236-1}
 	- graphicsmagick 1.4+really1.3.35-2 (bug #960000)
 	[buster] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
 	[stretch] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
@@ -26135,6 +26150,7 @@ CVE-2020-3899 (A memory consumption issue was addressed with improved memory han
 	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
 	RESERVED
+	{DLA-2237-1}
 	- cups 2.3.1-12
 	[buster] - cups 2.2.10-6+deb10u3
 	[stretch] - cups <no-dsa> (Minor issue)
@@ -68459,6 +68475,7 @@ CVE-2019-8843
 	RESERVED
 CVE-2019-8842 [he `ippReadIO` function may under-read an extension field]
 	RESERVED
+	{DLA-2237-1}
 	- cups 2.3.1-12
 	[buster] - cups 2.2.10-6+deb10u3
 	[stretch] - cups <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8c95a2048519d7e4a27a8f197b175d4e7e28d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b8c95a2048519d7e4a27a8f197b175d4e7e28d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200607/fd8a8d4a/attachment.html>

More information about the debian-security-tracker-commits mailing list