[Git][security-tracker-team/security-tracker][master] buster/stretch triage
Moritz Muehlenhoff
jmm at debian.org
Fri Jun 26 20:47:44 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dfddf435 by Moritz Muehlenhoff at 2020-06-26T21:47:23+02:00
buster/stretch triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3143,6 +3143,7 @@ CVE-2020-14000
RESERVED
CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...)
- libemf <unfixed>
+ [buster] - libemf <no-dsa> (Minor issue)
NOTE: Fixed upstream in 1.0.13
CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA ...)
NOT-FOR-US: Citrix
@@ -3448,7 +3449,9 @@ CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for
CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...)
NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
- - targetcli-fb <unfixed> (bug #962331)
+ - targetcli-fb <unfixed> (low; bug #962331)
+ [buster] - targetcli-fb <no-dsa> (Minor issue)
+ [stretch] - targetcli-fb <no-dsa> (Minor issue)
NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172
CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...)
NOT-FOR-US: WinGate
@@ -11311,7 +11314,9 @@ CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection
NOT-FOR-US: odata4j
CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
- freerdp2 <unfixed>
+ [buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
- freerdp2 <unfixed>
@@ -12625,7 +12630,9 @@ CVE-2020-10756 [slirp: networking out-of-bounds read information disclosure vuln
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...)
- - cinder <unfixed>
+ - cinder 2:16.1.0-1 (low)
+ [buster] - cinder <no-dsa> (Minor issue)
+ [stretch] - cinder <no-dsa> (Minor issue)
[jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS)
NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfddf435b465c2e7f9136cfe8424bc1dc8db53ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfddf435b465c2e7f9136cfe8424bc1dc8db53ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200626/db5571e0/attachment.html>
More information about the debian-security-tracker-commits
mailing list