[Git][security-tracker-team/security-tracker][master] Track fixed version for various CVEs with unstable upload
Salvatore Bonaccorso
carnil at debian.org
Thu May 28 05:23:56 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ee45be38 by Salvatore Bonaccorso at 2020-05-28T06:23:37+02:00
Track fixed version for various CVEs with unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -500,15 +500,15 @@ CVE-2020-13400
CVE-2020-13399
RESERVED
CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
CVE-2020-13395
@@ -6078,7 +6078,7 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w
CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
NOT-FOR-US: Zoho
CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -6086,35 +6086,35 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -7109,7 +7109,7 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by
CVE-2020-11059
RESERVED
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -7136,7 +7136,7 @@ CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown
CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...)
NOT-FOR-US: Java-WebSocket, different from src:websocket-api
CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -7144,7 +7144,7 @@ CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -7152,7 +7152,7 @@ CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -7160,7 +7160,7 @@ CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
@@ -7168,13 +7168,13 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
- freerdp <removed>
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
@@ -7183,7 +7183,7 @@ CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in u
CVE-2020-11043
RESERVED
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
- - freerdp2 <unfixed>
+ - freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee45be38f751c4196000b153dc09bb17c80cc982
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee45be38f751c4196000b153dc09bb17c80cc982
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200528/d2a5442c/attachment.html>
More information about the debian-security-tracker-commits
mailing list