[Git][security-tracker-team/security-tracker][master] new rust-bumpalo issue

Moritz Muehlenhoff jmm at debian.org
Thu Mar 26 22:13:54 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
560699bf by Moritz Muehlenhoff at 2020-03-26T23:13:34+01:00
new rust-bumpalo issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,13 @@
+CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory]
+	- rust-bumpalo <unfixed>
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html
+	NOTE: https://github.com/fitzgen/bumpalo/issues/69
 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...)
 	NOT-FOR-US: VESTA Control Panel
 CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...)
 	NOT-FOR-US: Teradici PCoIP Management Console
 CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...)
-	TODO: check
+	- serendipity <removed>
 CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
 	NOT-FOR-US: FrozenNode Laravel-Administrator
 CVE-2020-10962
@@ -12463,13 +12467,13 @@ CVE-2020-5562
 CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
 	NOT-FOR-US: Keijiban Tsumiki
 CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
-	TODO: check
+	NOT-FOR-US: WL-Enq
 CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...)
-	TODO: check
+	NOT-FOR-US: WL-Enq
 CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: CuteNews
 CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...)
-	TODO: check
+	NOT-FOR-US: CuteNews
 CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers  ...)
 	NOT-FOR-US: Shihonkanri Plus GOOUT
 CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers  ...)
@@ -13122,7 +13126,7 @@ CVE-2020-5284
 CVE-2020-5283
 	RESERVED
 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Nick Chan Bot
 CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...)
 	TODO: check
 CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...)
@@ -17452,63 +17456,63 @@ CVE-2020-3796
 CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3768
 	RESERVED
 CVE-2020-3767
 	RESERVED
 CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds  ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...)
@@ -17518,7 +17522,7 @@ CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 201
 CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors  ...)
@@ -27422,7 +27426,7 @@ CVE-2019-18628
 CVE-2019-18627
 	RESERVED
 CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...)
-	TODO: check
+	NOT-FOR-US: Harris Ormed Self Service
 CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed  ...)
 	- systemd 244-1 (low)
 	[buster] - systemd <not-affected> (Only affected v243)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/560699bf76af972e51c02a58a020061df911a9ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/560699bf76af972e51c02a58a020061df911a9ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/c52b9945/attachment.html>

More information about the debian-security-tracker-commits mailing list