[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jun 30 09:10:24 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90b2e2a2 by security tracker role at 2020-06-30T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
+	TODO: check
+CVE-2020-15392
+	RESERVED
+CVE-2020-15391
+	RESERVED
+CVE-2020-15390
+	RESERVED
+CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
+	TODO: check
+CVE-2020-15388
+	RESERVED
+CVE-2020-15387
+	RESERVED
+CVE-2020-15386
+	RESERVED
+CVE-2020-15385
+	RESERVED
+CVE-2020-15384
+	RESERVED
+CVE-2020-15383
+	RESERVED
+CVE-2020-15382
+	RESERVED
+CVE-2020-15381
+	RESERVED
+CVE-2020-15380
+	RESERVED
+CVE-2020-15379
+	RESERVED
+CVE-2020-15378
+	RESERVED
+CVE-2020-15377
+	RESERVED
+CVE-2020-15376
+	RESERVED
+CVE-2020-15375
+	RESERVED
+CVE-2020-15374
+	RESERVED
+CVE-2020-15373
+	RESERVED
+CVE-2020-15372
+	RESERVED
+CVE-2020-15371
+	RESERVED
+CVE-2020-15370
+	RESERVED
+CVE-2020-15369
+	RESERVED
+CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...)
+	TODO: check
 CVE-2020-15367
 	RESERVED
 CVE-2020-15366
@@ -3937,6 +3989,7 @@ CVE-2020-13767
 CVE-2020-13766
 	RESERVED
 CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
+	{DLA-2262-1}
 	- qemu 1:4.2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
@@ -4180,7 +4233,7 @@ CVE-2020-13664
 	NOTE: https://www.drupal.org/sa-core-2020-005
 CVE-2020-13663 [Drupal SA 2020-004]
 	RESERVED
-	{DSA-4706-1}
+	{DSA-4706-1 DLA-2263-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2020-004
 	NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006
@@ -4864,9 +4917,11 @@ CVE-2020-13364
 CVE-2020-13363
 	RESERVED
 CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
+	{DLA-2262-1}
 	- qemu <unfixed> (bug #961887)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
 CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c  ...)
+	{DLA-2262-1}
 	- qemu <unfixed> (bug #961888)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
@@ -19611,10 +19666,10 @@ CVE-2019-20418
 	RESERVED
 CVE-2019-20417
 	RESERVED
-CVE-2019-20416
-	RESERVED
-CVE-2019-20415
-	RESERVED
+CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+	TODO: check
+CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...)
+	TODO: check
 CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	TODO: check
 CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -28850,8 +28905,7 @@ CVE-2020-4069
 	RESERVED
 CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
 	TODO: check
-CVE-2020-4067 [STUN response buffer not initialized properly]
-	RESERVED
+CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN  ...)
 	{DSA-4711-1}
 	- coturn 4.5.1.3-1
 	NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
@@ -28908,8 +28962,8 @@ CVE-2020-4039
 	RESERVED
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
 	TODO: check
-CVE-2020-4037
-	RESERVED
+CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users  ...)
+	TODO: check
 CVE-2020-4036
 	RESERVED
 CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...)
@@ -34866,7 +34920,7 @@ CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder
 CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which  ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...)
-	{DSA-4665-1}
+	{DSA-4665-1 DLA-2262-1}
 	- qemu 1:4.1-2
 	- qemu-kvm <removed>
 	- libslirp 4.2.0-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2e2a2a70735f42dae873b1b1960cca43bca1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90b2e2a2a70735f42dae873b1b1960cca43bca1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/c3fc9a48/attachment.html>
