[Git][security-tracker-team/security-tracker][master] Several nethack issues fixed via unstable upload
Salvatore Bonaccorso
carnil at debian.org
Sun May 31 19:34:53 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6f936b2 by Salvatore Bonaccorso at 2020-05-31T20:34:23+02:00
Several nethack issues fixed via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21395,7 +21395,7 @@ CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` doe
NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...)
- - nethack <unfixed> (bug #953978)
+ - nethack 3.6.6-1 (bug #953978)
[buster] - nethack <no-dsa> (Minor issue)
[stretch] - nethack <not-affected> (Vulnerable code introduced in 3.6.1)
[jessie] - nethack <not-affected> (Vulnerable code introduced in 3.6.1)
@@ -21526,28 +21526,28 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection
CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
- tensorflow <itp> (bug #804612)
CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
- - nethack <unfixed> (unimportant)
+ - nethack 3.6.6-1 (unimportant)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
NOTE: Negligible security impact
CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
- - nethack <unfixed> (unimportant)
+ - nethack 3.6.6-1 (unimportant)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
NOTE: Negligible security impact
CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
- - nethack <unfixed> (unimportant)
+ - nethack 3.6.6-1 (unimportant)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
NOTE: Negligible security impact
CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the ...)
- - nethack <unfixed> (unimportant)
+ - nethack 3.6.6-1 (unimportant)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7
NOTE: Negligible security impact
CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
- - nethack <unfixed> (unimportant)
+ - nethack 3.6.6-1 (unimportant)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
NOTE: Negligible security impact
CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can ...)
- - nethack <unfixed> (unimportant)
+ - nethack 3.6.6-1 (unimportant)
NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
NOTE: Negligible security impact
@@ -25315,7 +25315,7 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write le
CVE-2019-16787
REJECTED
CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...)
- - nethack <unfixed> (unimportant; bug #947005)
+ - nethack 3.6.6-1 (unimportant; bug #947005)
NOTE: https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
NOTE: https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
NOTE: Negligible security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f936b272814da4aa36610bef002d2e607e52ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f936b272814da4aa36610bef002d2e607e52ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200531/057a2874/attachment.html>
More information about the debian-security-tracker-commits
mailing list