[Git][security-tracker-team/security-tracker][master] new clamav issues

Moritz Muehlenhoff jmm at debian.org
Thu May 14 16:36:56 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b430f84 by Moritz Muehlenhoff at 2020-05-14T17:34:46+02:00
new clamav issues
freeradius no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24774,7 +24774,10 @@ CVE-2020-3343
 CVE-2020-3342
 	RESERVED
 CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
-	TODO: check
+	- clamav <unfixed>
+	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
+	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
+	NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
 CVE-2020-3340
 	RESERVED
 CVE-2020-3339
@@ -24802,7 +24805,10 @@ CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated
 CVE-2020-3328
 	RESERVED
 CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...)
-	TODO: check
+	- clamav <unfixed>
+	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
+	[stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
+	NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
 CVE-2020-3326
 	RESERVED
 CVE-2020-3325
@@ -38616,6 +38622,8 @@ CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_
 	NOT-FOR-US: FiberHome HG2201T devices
 CVE-2019-17185 (In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...)
 	- freeradius 3.0.20+dfsg-1
+	[buster] - freeradius <no-dsa> (Minor issue)
+	[stretch] - freeradius <no-dsa> (Minor issue)
 	[jessie] - freeradius <not-affected> (Vulnerable code not present; EAP-pwd module introduced in later version)
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf
 CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...)
@@ -51371,6 +51379,8 @@ CVE-2019-13457 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-11/
 CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...)
 	- freeradius 3.0.20+dfsg-1
+	[buster] - freeradius <no-dsa> (Minor issue)
+	[stretch] - freeradius <no-dsa> (Minor issue)
 	[jessie] - freeradius <not-affected> (Vulnerable code introduced later in version 3.0.0)
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa (release_3_0_20)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1737663



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b430f840556ae30a8ca72ac70dcdb0401bce6be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b430f840556ae30a8ca72ac70dcdb0401bce6be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200514/2a651ab5/attachment.html>

More information about the debian-security-tracker-commits mailing list