[Git][security-tracker-team/security-tracker][master] new linux issues

Moritz Muehlenhoff jmm at debian.org
Wed Jun 10 14:11:54 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c21699e by Moritz Muehlenhoff at 2020-06-10T15:11:26+02:00
new linux issues
libpgjava no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -736,7 +736,9 @@ CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition thro
 CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
 	NOT-FOR-US: bbPress plugin for WordPress
 CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...)
-	- libpgjava <unfixed>
+	- libpgjava <unfixed> (low)
+	[buster] - libpgjava <no-dsa> (Minor issue)
+	[stretch] - libpgjava <no-dsa> (Minor issue)
 	NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
 CVE-2020-13691
 	RESERVED
@@ -9257,12 +9259,18 @@ CVE-2020-10770
 	RESERVED
 CVE-2020-10769
 	RESERVED
-CVE-2020-10768
+CVE-2020-10768 [Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command]
 	RESERVED
-CVE-2020-10767
+	- linux <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
+CVE-2020-10767 [Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available]
 	RESERVED
-CVE-2020-10766
+	- linux <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
+CVE-2020-10766 [Rogue cross-process SSBD shutdown]
 	RESERVED
+	- linux <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
 CVE-2020-10765
 	RESERVED
 CVE-2020-10764



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c21699ebd2495db54caf26e72a5b75c6affa46b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c21699ebd2495db54caf26e72a5b75c6affa46b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200610/c0d9cfe8/attachment.html>

More information about the debian-security-tracker-commits mailing list