[Git][security-tracker-team/security-tracker][master] one systemd issue unimportant
Moritz Muehlenhoff
jmm at debian.org
Mon May 11 12:01:23 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce08d76d by Moritz Muehlenhoff at 2020-05-11T13:00:53+02:00
one systemd issue unimportant
add tracking for fex issue
mark edk2 issues as ignored for stretch
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,6 +13,10 @@ CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_n
[jessie] - iproute2 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0)
NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)
+CVE-2020-XXXX [unspecified fexsrv security issue]
+ - fex 20160919-2
+ [buster] - fex 20160919-2~deb10u1
+ [stretch] - fex <no-dsa> (Non-free not supported)
CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2020/4/26/87
@@ -14330,11 +14334,10 @@ CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow atta
CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
NOT-FOR-US: conversation-watson plugin for WordPress
CVE-2019-20386 (An issue was discovered in button_open in login/logind-button.c in sys ...)
- - systemd 243-5
- [buster] - systemd <no-dsa> (Minor issue)
- [stretch] - systemd <no-dsa> (Minor issue)
- [jessie] - systemd <no-dsa> (Minor issue)
+ - systemd 243-5 (unimportant)
NOTE: https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
+ NOTE: Negligible security impact, requires root or physical access to plug in a device,
+ NOTE: at which point you can just as well DoS the computer with a hammer instead
CVE-2019-20385 (The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo A ...)
NOT-FOR-US: Logaritmo Aware CallManager 2012 devices
CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Trojan hor ...)
@@ -46416,13 +46419,13 @@ CVE-2019-14587
RESERVED
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14586
RESERVED
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14585
RESERVED
@@ -46448,7 +46451,7 @@ CVE-2019-14575 [DxeImageVerificationHandler() fails open in case of dbx signatur
RESERVED
- edk2 0~20200229.4c0f6e34-1 (low; bug #952935)
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...)
@@ -46477,7 +46480,7 @@ CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib]
RESERVED
- edk2 0~20200229.4c0f6e34-1 (low; bug #952934)
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
@@ -46491,7 +46494,7 @@ CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
RESERVED
- edk2 0~20200229.4c0f6e34-1 (bug #952926; low)
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
@@ -46499,7 +46502,7 @@ CVE-2019-14558
RESERVED
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14557
RESERVED
@@ -89779,13 +89782,13 @@ CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors
NOT-FOR-US: F5
CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...)
- edk2 0~20180803.dd4cae4d-1 (low)
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359
NOTE: https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f
CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...)
- edk2 0~20181115.85588389-1 (low)
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
NOTE: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
@@ -108684,7 +108687,7 @@ CVE-2018-12184
CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...)
- edk2 0~20181115.85588389-1
[buster] - edk2 <no-dsa> (Minor issue)
- [stretch] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/0a0d5296e448fc350de1594c49b9c0deff7fad60
CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may allow an ...)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -82,3 +82,5 @@ CVE-2020-3898
[stretch] - cups 2.2.1-8+deb9u6
CVE-2019-8842
[stretch] - cups 2.2.1-8+deb9u6
+CVE-2020-XXXX
+ [stretch] - fex 20160919-2~deb9u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce08d76dcfc5adf5b0b2f6dd6462cc2852aec695
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce08d76dcfc5adf5b0b2f6dd6462cc2852aec695
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200511/02624b56/attachment.html>
More information about the debian-security-tracker-commits
mailing list