[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 20 20:10:35 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
659a7ad5 by security tracker role at 2020-03-20T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -219,8 +219,8 @@ CVE-2020-10599
RESERVED
CVE-2020-10598
RESERVED
-CVE-2020-10597
- RESERVED
+CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...)
+ TODO: check
CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
NOT-FOR-US: OpenCart
CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
@@ -373,6 +373,7 @@ CVE-2020-10533
CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...)
NOT-FOR-US: AD Helper component in WatchGuard Fireware
CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...)
+ {DLA-2151-1}
[experimental] - icu 66.1-2
- icu 63.2-3 (bug #953747)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public)
@@ -1098,7 +1099,7 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote
NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
TODO: check further details
CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- libusrsctp 0.9.3.0+20200312-1 (bug #953270)
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -3012,6 +3013,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Set
NOT-FOR-US: fauzantrif eLection
CVE-2020-6816 [mutation XSS vulnerability again]
RESERVED
+ {DSA-4643-1}
- python-bleach 3.1.3-1 (bug #954236)
[stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public)
@@ -8779,7 +8781,7 @@ CVE-2020-6815
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
CVE-2020-6814
RESERVED
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8792,7 +8794,7 @@ CVE-2020-6813
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
CVE-2020-6812
RESERVED
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8801,7 +8803,7 @@ CVE-2020-6812
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
CVE-2020-6811
RESERVED
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8822,7 +8824,7 @@ CVE-2020-6808
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
CVE-2020-6807
RESERVED
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8831,7 +8833,7 @@ CVE-2020-6807
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
CVE-2020-6806
RESERVED
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -8840,7 +8842,7 @@ CVE-2020-6806
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
CVE-2020-6805
RESERVED
- {DSA-4642-1 DSA-4639-1 DLA-2140-1}
+ {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
- thunderbird 1:68.6.0-1
@@ -9659,8 +9661,7 @@ CVE-2020-6451
RESERVED
CVE-2020-6450
RESERVED
-CVE-2020-6449
- RESERVED
+CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6448
@@ -9701,40 +9702,33 @@ CVE-2020-6431
RESERVED
CVE-2020-6430
RESERVED
-CVE-2020-6429
- RESERVED
+CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6428
- RESERVED
+CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6427
- RESERVED
+CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6426
- RESERVED
+CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6425
RESERVED
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6424
- RESERVED
+CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6423
RESERVED
-CVE-2020-6422
- RESERVED
+CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...)
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6421
RESERVED
-CVE-2020-6420
- RESERVED
+CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...)
{DSA-4638-1}
- chromium 80.0.3987.132-1
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -21640,10 +21634,10 @@ CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R
NOT-FOR-US: Huawei
CVE-2020-1880
RESERVED
-CVE-2020-1879
- RESERVED
-CVE-2020-1878
- RESERVED
+CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...)
+ TODO: check
+CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...)
+ TODO: check
CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...)
NOT-FOR-US: Huawei
CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...)
@@ -21670,12 +21664,12 @@ CVE-2020-1866
RESERVED
CVE-2020-1865
RESERVED
-CVE-2020-1864
- RESERVED
+CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...)
+ TODO: check
CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...)
NOT-FOR-US: Huawei
-CVE-2020-1862
- RESERVED
+CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local ...)
+ TODO: check
CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...)
NOT-FOR-US: Huawei
CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
@@ -21806,14 +21800,14 @@ CVE-2020-1798
RESERVED
CVE-2020-1797
RESERVED
-CVE-2020-1796
- RESERVED
-CVE-2020-1795
- RESERVED
-CVE-2020-1794
- RESERVED
-CVE-2020-1793
- RESERVED
+CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...)
+ TODO: check
+CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...)
+ TODO: check
+CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...)
+ TODO: check
+CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...)
+ TODO: check
CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...)
NOT-FOR-US: Huawei
CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
@@ -22305,13 +22299,11 @@ CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the
NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3
CVE-2020-1710
RESERVED
-CVE-2020-1709
- RESERVED
+CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...)
NOT-FOR-US: openshift
CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...)
NOT-FOR-US: openshift
-CVE-2020-1707
- RESERVED
+CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...)
NOT-FOR-US: openshift
CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...)
NOT-FOR-US: openshift
@@ -22347,8 +22339,7 @@ CVE-2020-1698
RESERVED
CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...)
NOT-FOR-US: Keycloak
-CVE-2020-1696
- RESERVED
+CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707
CVE-2020-1695
@@ -22410,8 +22401,7 @@ CVE-2019-19347
CVE-2019-19346
RESERVED
NOT-FOR-US: openshift
-CVE-2019-19345
- RESERVED
+CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x version ...)
NOT-FOR-US: openshift
CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...)
- samba 2:4.11.5+dfsg-1 (bug #950499)
@@ -38460,8 +38450,7 @@ CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e
NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451
NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
-CVE-2019-14855 [WoT forgeries using SHA-1]
- RESERVED
+CVE-2019-14855 (A flaw was found in the way certificate signatures could be forged usi ...)
- gnupg2 2.2.19-1 (low; bug #945859)
[buster] - gnupg2 <no-dsa> (Minor issue)
[stretch] - gnupg2 <no-dsa> (Minor issue)
@@ -52917,8 +52906,7 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the
NOTE: https://github.com/ceph/ceph/commit/6171399fdedd928b4249d135b4036e3de25079aa
NOTE: 12.2.x installations only affected by the vulnerability if experimental
NOTE: features are enabled.
-CVE-2019-10221
- RESERVED
+CVE-2019-10221 (A Reflected Cross Site Scripting vulnerability was found in all pki-co ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1732565
CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...)
@@ -53115,8 +53103,7 @@ CVE-2019-10180
RESERVED
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137
-CVE-2019-10179
- RESERVED
+CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...)
- dogtag-pki <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901
CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not properly ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659a7ad5a7cc612dc84bf247f1da8f4bd15b2354
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/659a7ad5a7cc612dc84bf247f1da8f4bd15b2354
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200320/e9c11342/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list