[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat May 30 21:11:17 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f5ad176 by security tracker role at 2020-05-30T20:11:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-13702
+	RESERVED
+CVE-2020-13701
+	RESERVED
 CVE-2020-13700
 	RESERVED
 CVE-2020-13699
@@ -181443,14 +181447,14 @@ CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
 	NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
 CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gs ...)
-	{DSA-3821-1 DLA-829-1}
+	{DSA-3821-1 DLA-2226-1 DLA-829-1}
 	- gst-plugins-ugly1.0 1.10.4-1 (low)
 	- gst-plugins-ugly0.10 <removed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
 	NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
 CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gs ...)
-	{DSA-3821-1 DLA-829-1}
+	{DSA-3821-1 DLA-2226-1 DLA-829-1}
 	- gst-plugins-ugly1.0 1.10.3-1 (low)
 	- gst-plugins-ugly0.10 <removed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -181486,7 +181490,7 @@ CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
 CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plug ...)
-	{DSA-3820-1 DLA-828-1}
+	{DSA-3820-1 DLA-2225-1 DLA-828-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <removed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -181516,7 +181520,7 @@ CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
 CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...)
-	{DSA-3820-1 DLA-828-1}
+	{DSA-3820-1 DLA-2225-1 DLA-828-1}
 	- gst-plugins-good1.0 1.10.3-1 (low)
 	- gst-plugins-good0.10 <removed> (low)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
@@ -212956,7 +212960,7 @@ CVE-2016-4805 (Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in
 	NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
 	NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
 CVE-2016-4804 (The read_boot function in boot.c in dosfstools before 4.0 allows attac ...)
-	{DLA-474-1}
+	{DLA-2224-1 DLA-474-1}
 	- dosfstools 4.0-1
 	NOTE: https://github.com/dosfstools/dosfstools/issues/25
 	NOTE: https://github.com/dosfstools/dosfstools/issues/26
@@ -214045,7 +214049,7 @@ CVE-2016-4423 (The attemptAuthentication function in Component/Security/Http/Fir
 	NOTE: https://github.com/symfony/symfony/pull/18733
 	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
 CVE-2015-8872 (The set_fat function in fat.c in dosfstools before 4.0 might allow att ...)
-	{DLA-474-1}
+	{DLA-2224-1 DLA-474-1}
 	- dosfstools 4.0-1
 	NOTE: https://github.com/dosfstools/dosfstools/issues/12
 	NOTE: https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5ad1763cdfa327e6beb3e1cba8c0c7c5fe666b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f5ad1763cdfa327e6beb3e1cba8c0c7c5fe666b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200530/0981c867/attachment.html>

More information about the debian-security-tracker-commits mailing list