[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 9 21:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c0b85f7 by security tracker role at 2020-06-09T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...)
+ TODO: check
+CVE-2020-13979
+ RESERVED
+CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...)
+ TODO: check
+CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...)
+ TODO: check
+CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...)
+ TODO: check
+CVE-2020-13975
+ RESERVED
CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
@@ -572,6 +584,7 @@ CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The pr
[stretch] - linux 4.9.210-1
NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe
CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...)
+ {DSA-4698-1 DLA-2242-1}
- linux 4.19.37-1
[jessie] - linux 3.16.72-1
NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
@@ -1460,6 +1473,7 @@ CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1
- qemu <unfixed> (bug #961888)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
+ {DSA-4698-1 DLA-2242-1}
- linux 5.2.6-1
[buster] - linux 4.19.118-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -1667,8 +1681,8 @@ CVE-2020-13268
RESERVED
CVE-2020-13267
RESERVED
-CVE-2020-13266
- RESERVED
+CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
+ TODO: check
CVE-2020-13265
RESERVED
CVE-2020-13264
@@ -1902,8 +1916,8 @@ CVE-2020-13162
RESERVED
CVE-2020-13161
RESERVED
-CVE-2020-13160
- RESERVED
+CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
+ TODO: check
CVE-2020-13159
RESERVED
CVE-2020-13158
@@ -1962,6 +1976,7 @@ CVE-2020-13132
CVE-2020-13131
RESERVED
CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
CVE-2020-13130
@@ -2662,6 +2677,7 @@ CVE-2020-12827
CVE-2019-20796
RESERVED
CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
+ {DLA-2241-1}
- linux 5.6.7-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da
@@ -2816,13 +2832,16 @@ CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btre
- linux <unfixed>
NOTE: https://lkml.org/lkml/2020/4/26/87
CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3)
CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...)
+ {DLA-2241-1}
- linux 5.4.19-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6)
CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...)
+ {DSA-4699-1}
- linux 5.6.7-1 (unimportant)
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -3143,14 +3162,17 @@ CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_a
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1)
CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1)
CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.4.19-1
[buster] - linux 4.19.98-1
NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
@@ -3556,6 +3578,7 @@ CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6)
CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3)
CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...)
@@ -3684,7 +3707,7 @@ CVE-2020-12411
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410
RESERVED
- {DSA-4695-1}
+ {DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3705,7 +3728,7 @@ CVE-2020-12407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406
RESERVED
- {DSA-4695-1}
+ {DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3714,7 +3737,7 @@ CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405
RESERVED
- {DSA-4695-1}
+ {DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3733,7 +3756,7 @@ CVE-2020-12400
RESERVED
CVE-2020-12399 [Force a fixed length for DSA exponentiation]
RESERVED
- {DSA-4695-1}
+ {DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -4437,6 +4460,7 @@ CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Relea
CVE-2020-12115
RESERVED
CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2
CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...)
@@ -6424,6 +6448,7 @@ CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the po
NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0
NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1
CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
@@ -6533,6 +6558,7 @@ CVE-2020-11638
CVE-2020-11637
RESERVED
CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...)
+ {DLA-2241-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -6608,10 +6634,12 @@ CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The bui
CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...)
NOT-FOR-US: xdLocalStorage
CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205
CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30
@@ -6986,7 +7014,7 @@ CVE-2020-11567
CVE-2020-11566
RESERVED
CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
CVE-2020-11564
@@ -7165,6 +7193,7 @@ CVE-2020-11496
CVE-2020-11495
REJECTED
CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
@@ -8588,7 +8617,7 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr
- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
NOTE: https://savannah.gnu.org/bugs/index.php?56683
CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
@@ -9240,8 +9269,7 @@ CVE-2020-10763
RESERVED
CVE-2020-10762
RESERVED
-CVE-2020-10761 [nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client]
- RESERVED
+CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...)
- qemu <unfixed>
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -9262,8 +9290,8 @@ CVE-2020-10759 [Possible bypass in signature verification]
NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
CVE-2020-10758
RESERVED
-CVE-2020-10757
- RESERVED
+CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
CVE-2020-10756 [lirp: networking out-of-bounds read information disclosure vulnerability]
@@ -9295,6 +9323,7 @@ CVE-2020-10753
CVE-2020-10752
RESERVED
CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
CVE-2020-10750
@@ -9356,6 +9385,7 @@ CVE-2020-10733
NOTE: https://www.postgresql.org/about/news/2038/
CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps]
RESERVED
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux <unfixed>
[jessie] - linux <ignored> (Does not affect supported architectures)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1
@@ -9432,6 +9462,7 @@ CVE-2020-10713
CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)
NOT-FOR-US: image registry operator in OpenShift Container Platform
CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux 5.6.14-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
@@ -9524,6 +9555,7 @@ CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versio
NOTE: https://github.com/ansible/ansible/pull/68596
NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9)
CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...)
+ {DLA-2241-1}
- linux 5.4.8-1
[buster] - linux 4.19.98-1
NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e
@@ -11402,151 +11434,150 @@ CVE-2020-9860
RESERVED
CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...)
TODO: check
-CVE-2020-9858
- RESERVED
+CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...)
+ TODO: check
CVE-2020-9857
RESERVED
-CVE-2020-9856
- RESERVED
-CVE-2020-9855
- RESERVED
+CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
+ TODO: check
CVE-2020-9854
RESERVED
CVE-2020-9853
RESERVED
-CVE-2020-9852
- RESERVED
-CVE-2020-9851
- RESERVED
-CVE-2020-9850
- RESERVED
+CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...)
+ TODO: check
+CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2020-9849
RESERVED
-CVE-2020-9848
- RESERVED
-CVE-2020-9847
- RESERVED
+CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2020-9846
RESERVED
CVE-2020-9845
RESERVED
-CVE-2020-9844
- RESERVED
-CVE-2020-9843
- RESERVED
-CVE-2020-9842
- RESERVED
-CVE-2020-9841
- RESERVED
+CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
+ TODO: check
+CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...)
+ TODO: check
CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
NOT-FOR-US: SwiftNIO Extras
-CVE-2020-9839
- RESERVED
-CVE-2020-9838
- RESERVED
-CVE-2020-9837
- RESERVED
+CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
+CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
CVE-2020-9836
RESERVED
-CVE-2020-9835
- RESERVED
-CVE-2020-9834
- RESERVED
-CVE-2020-9833
- RESERVED
-CVE-2020-9832
- RESERVED
-CVE-2020-9831
- RESERVED
-CVE-2020-9830
- RESERVED
-CVE-2020-9829
- RESERVED
+CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...)
+ TODO: check
+CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...)
+ TODO: check
+CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
CVE-2020-9828
RESERVED
-CVE-2020-9827
- RESERVED
-CVE-2020-9826
- RESERVED
-CVE-2020-9825
- RESERVED
-CVE-2020-9824
- RESERVED
-CVE-2020-9823
- RESERVED
-CVE-2020-9822
- RESERVED
-CVE-2020-9821
- RESERVED
-CVE-2020-9820
- RESERVED
-CVE-2020-9819
- RESERVED
-CVE-2020-9818
- RESERVED
-CVE-2020-9817
- RESERVED
-CVE-2020-9816
- RESERVED
-CVE-2020-9815
- RESERVED
-CVE-2020-9814
- RESERVED
-CVE-2020-9813
- RESERVED
-CVE-2020-9812
- RESERVED
-CVE-2020-9811
- RESERVED
+CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...)
+ TODO: check
+CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...)
+ TODO: check
+CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...)
+ TODO: check
+CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...)
+ TODO: check
+CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...)
+ TODO: check
+CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...)
+ TODO: check
CVE-2020-9810
RESERVED
-CVE-2020-9809
- RESERVED
-CVE-2020-9808
- RESERVED
-CVE-2020-9807
- RESERVED
-CVE-2020-9806
- RESERVED
-CVE-2020-9805
- RESERVED
-CVE-2020-9804
- RESERVED
-CVE-2020-9803
- RESERVED
-CVE-2020-9802
- RESERVED
-CVE-2020-9801
- RESERVED
-CVE-2020-9800
- RESERVED
+CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...)
+ TODO: check
+CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
+CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
+CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)
+ TODO: check
CVE-2020-9799
RESERVED
CVE-2020-9798
RESERVED
-CVE-2020-9797
- RESERVED
+CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)
+ TODO: check
CVE-2020-9796
RESERVED
-CVE-2020-9795
- RESERVED
-CVE-2020-9794 [unknown input leads to a memory corruption vulnerability]
- RESERVED
+CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- sqlite3 <undetermined>
NOTE: https://vuldb.com/?id.155768
TODO: Try to get more information, as usual Apple advisories are too unspecific
-CVE-2020-9793
- RESERVED
-CVE-2020-9792
- RESERVED
-CVE-2020-9791
- RESERVED
-CVE-2020-9790
- RESERVED
-CVE-2020-9789
- RESERVED
-CVE-2020-9788
- RESERVED
+CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
+CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...)
+ TODO: check
CVE-2020-9787
RESERVED
CVE-2020-9786
@@ -12464,10 +12495,10 @@ CVE-2020-9414
RESERVED
CVE-2020-9413
RESERVED
-CVE-2020-9412
- RESERVED
-CVE-2020-9411
- RESERVED
+CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
+ TODO: check
+CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
+ TODO: check
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
NOT-FOR-US: TIBCO
CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
@@ -12534,6 +12565,7 @@ CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 becaus
CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
NOT-FOR-US: Subex
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
@@ -14290,14 +14322,17 @@ CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of
CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
NOT-FOR-US: Jobberbase CMS
CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
@@ -15054,7 +15089,7 @@ CVE-2020-8317
CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...)
NOT-FOR-US: Lenovo
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1}
- linux 5.4.19-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
@@ -16675,7 +16710,7 @@ CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbit
NOT-FOR-US: snyk-broker
CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
NOT-FOR-US: jooby
-CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
+CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...)
NOT-FOR-US: Noed curlrequest
CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
NOT-FOR-US: Node chrome-launcher
@@ -21511,8 +21546,8 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7
NOT-FOR-US: XACK DNS
CVE-2020-5590
RESERVED
-CVE-2020-5589
- RESERVED
+CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that someone with ...)
+ TODO: check
CVE-2020-5588
RESERVED
CVE-2020-5587
@@ -26373,8 +26408,8 @@ CVE-2020-3884 (An injection issue was addressed with improved validation. This i
NOT-FOR-US: Apple
CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2020-3882
- RESERVED
+CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-3880
@@ -28326,6 +28361,7 @@ CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705
NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
@@ -29335,7 +29371,7 @@ CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database
CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
@@ -32114,6 +32150,7 @@ CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.2
CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...)
NOT-FOR-US: Anhui Huami Mi Fit application for Android
CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...)
@@ -32151,7 +32188,7 @@ CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs
- linux <unfixed>
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...)
- {DLA-2114-1}
+ {DLA-2241-1 DLA-2114-1}
- linux 5.4.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -32497,6 +32534,7 @@ CVE-2020-1750
NOT-FOR-US: OpenShift machine-config-operator
CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup]
RESERVED
+ {DLA-2241-1}
- linux 5.4.6-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
@@ -32847,6 +32885,7 @@ CVE-2019-19321
CVE-2019-19320
RESERVED
CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.2.6-1
[buster] - linux 4.19.87-1
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
@@ -37152,7 +37191,7 @@ CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) P
CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...)
NOT-FOR-US: Intel
CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
- {DSA-4647-1}
+ {DSA-4647-1 DLA-2240-1}
- bluez 5.50-1.1 (bug #953770)
NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
@@ -37210,6 +37249,7 @@ CVE-2020-0544
RESERVED
CVE-2020-0543 [Special Register Buffer Data Sampling]
RESERVED
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- intel-microcode <unfixed>
- linux <unfixed>
NOTE: https://www.vusec.net/projects/crosstalk/
@@ -39339,6 +39379,7 @@ CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out o
CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...)
NOT-FOR-US: FPC components for Android
CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...)
+ {DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
[stretch] - linux <ignored> (Driver is not enabled or supported)
@@ -78116,6 +78157,7 @@ CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authentica
CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
NOT-FOR-US: Forma LMS
CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.3.7-1
[buster] - linux 4.19.98-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
@@ -84488,6 +84530,7 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...)
+ {DSA-4699-1}
- linux 5.4.19-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -86799,6 +86842,7 @@ CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a
CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...)
+ {DSA-4698-1 DLA-2242-1}
- linux 4.16.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
@@ -105640,26 +105684,26 @@ CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. The
[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
NOTE: https://patchwork.kernel.org/patch/10503147/
CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.18.8-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847
NOTE: https://patchwork.kernel.org/patch/10503403/
NOTE: https://patchwork.kernel.org/patch/10503413/
CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
NOTE: https://patchwork.kernel.org/patch/10503099/
CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
@@ -217260,6 +217304,7 @@ CVE-2016-3663
CVE-2016-3662
RESERVED
CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the ...)
+ {DLA-2241-1}
- linux 4.5.1-1
[wheezy] - linux <ignored> (Too much work to backport)
NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c0b85f70e086cb8a77154b197b750908123c467
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c0b85f70e086cb8a77154b197b750908123c467
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200609/dc6b67d5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list