[Git][security-tracker-team/security-tracker][master] new libcroco issue
Moritz Muehlenhoff
jmm at debian.org
Wed May 13 09:11:48 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6409dfa by Moritz Muehlenhoff at 2020-05-13T10:11:26+02:00
new libcroco issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,7 +4,10 @@ CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel
NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da
TODO: clarifying with MITRE why there is CVE-2020-12826 and CVE-2020-10741
CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...)
- TODO: check
+ - libcroco <unfixed> (low)
+ [buster] - libcroco <ignored> (Minor issue)
+ [stretch] - libcroco <ignored> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
CVE-2020-12824
RESERVED
CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
@@ -2093,6 +2096,7 @@ CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server
TODO: check
CVE-2020-11931
RESERVED
+ NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
@@ -5158,7 +5162,7 @@ CVE-2020-11110
CVE-2020-11109
RESERVED
CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...)
NOT-FOR-US: XAMPP
CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
@@ -8014,7 +8018,7 @@ CVE-2020-10069
CVE-2020-10068
RESERVED
CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10066
RESERVED
CVE-2020-10065
@@ -8028,11 +8032,11 @@ CVE-2020-10062
CVE-2020-10061
RESERVED
CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the ...)
NOT-FOR-US: cPanel
CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
@@ -8434,7 +8438,7 @@ CVE-2020-9842
CVE-2020-9841
RESERVED
CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
- TODO: check
+ NOT-FOR-US: SwiftNIO Extras
CVE-2020-9839
RESERVED
CVE-2020-9838
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6409dfa826fadac09e710b25f33cae981e53ed7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6409dfa826fadac09e710b25f33cae981e53ed7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200513/ee190b9a/attachment.html>
More information about the debian-security-tracker-commits
mailing list