[Git][security-tracker-team/security-tracker][master] new libcroco issue

Moritz Muehlenhoff jmm at debian.org
Wed May 13 09:11:48 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6409dfa by Moritz Muehlenhoff at 2020-05-13T10:11:26+02:00
new libcroco issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,7 +4,10 @@ CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel
 	NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da
 	TODO: clarifying with MITRE why there is CVE-2020-12826 and CVE-2020-10741
 CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...)
-	TODO: check
+	- libcroco <unfixed> (low)
+	[buster] - libcroco <ignored> (Minor issue)
+	[stretch] - libcroco <ignored> (Minor issue)
+	NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
 CVE-2020-12824
 	RESERVED
 CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
@@ -2093,6 +2096,7 @@ CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server
 	TODO: check
 CVE-2020-11931
 	RESERVED
+	NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
 CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
 	NOT-FOR-US: Netgear
 CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
@@ -5158,7 +5162,7 @@ CVE-2020-11110
 CVE-2020-11109
 	RESERVED
 CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 ,  ...)
 	NOT-FOR-US: XAMPP
 CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...)
@@ -8014,7 +8018,7 @@ CVE-2020-10069
 CVE-2020-10068
 	RESERVED
 CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10066
 	RESERVED
 CVE-2020-10065
@@ -8028,11 +8032,11 @@ CVE-2020-10062
 CVE-2020-10061
 	RESERVED
 CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1]  ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the  ...)
 	NOT-FOR-US: cPanel
 CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
@@ -8434,7 +8438,7 @@ CVE-2020-9842
 CVE-2020-9841
 	RESERVED
 CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
-	TODO: check
+	NOT-FOR-US: SwiftNIO Extras
 CVE-2020-9839
 	RESERVED
 CVE-2020-9838



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6409dfa826fadac09e710b25f33cae981e53ed7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6409dfa826fadac09e710b25f33cae981e53ed7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200513/ee190b9a/attachment.html>


More information about the debian-security-tracker-commits mailing list