[Git][security-tracker-team/security-tracker][master] automatic update

Tue May 5 09:10:23 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
21f1689e by security tracker role at 2020-05-05T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2020-12661
+	RESERVED
+CVE-2020-12660
+	RESERVED
+CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...)
+	TODO: check
+CVE-2020-12658
+	RESERVED
+CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...)
+	TODO: check
+CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...)
+	TODO: check
+CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...)
+	TODO: check
+CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...)
+	TODO: check
+CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...)
+	TODO: check
+CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the  ...)
+	TODO: check
+CVE-2020-12651
+	RESERVED
+CVE-2020-12650
+	RESERVED
+CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
+	TODO: check
+CVE-2020-12648
+	RESERVED
+CVE-2020-12647
+	RESERVED
+CVE-2020-12646
+	RESERVED
+CVE-2020-12645
+	RESERVED
+CVE-2020-12644
+	RESERVED
+CVE-2020-12643
+	RESERVED
 CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...)
 	NOT-FOR-US: Report Portal
 CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to  ...)
@@ -5820,8 +5858,7 @@ CVE-2020-10719
 	RESERVED
 CVE-2020-10718
 	RESERVED
-CVE-2020-10717 [virtiofsd: stay below fs.file-max sysctl value]
-	RESERVED
+CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...)
 	- qemu <unfixed> (bug #959746)
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -5892,8 +5929,7 @@ CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to D
 	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1)
 	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1)
-CVE-2020-10700
-	RESERVED
+CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...)
 	- samba <unfixed>
 	[buster] - samba <not-affected> (Vulnerable code introduced later)
 	[stretch] - samba <not-affected> (Vulnerable code introduced later)
@@ -5950,8 +5986,7 @@ CVE-2020-10687
 	RESERVED
 	- undertow <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
-CVE-2020-10686
-	RESERVED
+CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-10685 [modules which use files encrypted with vault are not properly cleaned up]
 	RESERVED
@@ -10077,7 +10112,7 @@ CVE-2020-8897
 	RESERVED
 CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...)
 	TODO: check
-CVE-2020-8895 (A vulnerability in the windows installer of Google Earth Pro versions  ...)
+CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...)
 	NOT-FOR-US: windows installer of Google Earth Pro
 CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...)
 	NOT-FOR-US: MISP



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21f1689e16ee09705c24fd6baef662aba1390494

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21f1689e16ee09705c24fd6baef662aba1390494
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200505/73309e6b/attachment.html>
