[Git][security-tracker-team/security-tracker][master] Several nethack issues fixed via unstable upload

Salvatore Bonaccorso carnil at debian.org
Sun May 31 19:34:53 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6f936b2 by Salvatore Bonaccorso at 2020-05-31T20:34:23+02:00
Several nethack issues fixed via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21395,7 +21395,7 @@ CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` doe
 	NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header
 	NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6
 CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...)
-	- nethack <unfixed> (bug #953978)
+	- nethack 3.6.6-1 (bug #953978)
 	[buster] - nethack <no-dsa> (Minor issue)
 	[stretch] - nethack <not-affected> (Vulnerable code introduced in 3.6.1)
 	[jessie] - nethack <not-affected> (Vulnerable code introduced in 3.6.1)
@@ -21526,28 +21526,28 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection
 CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...)
-	- nethack <unfixed> (unimportant)
+	- nethack 3.6.6-1 (unimportant)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6
 	NOTE: Negligible security impact
 CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...)
-	- nethack <unfixed> (unimportant)
+	- nethack 3.6.6-1 (unimportant)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v
 	NOTE: Negligible security impact
 CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...)
-	- nethack <unfixed> (unimportant)
+	- nethack 3.6.6-1 (unimportant)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56
 	NOTE: Negligible security impact
 CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the  ...)
-	- nethack <unfixed> (unimportant)
+	- nethack 3.6.6-1 (unimportant)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7
 	NOTE: Negligible security impact
 CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...)
-	- nethack <unfixed> (unimportant)
+	- nethack 3.6.6-1 (unimportant)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp
 	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 	NOTE: Negligible security impact
 CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can  ...)
-	- nethack <unfixed> (unimportant)
+	- nethack 3.6.6-1 (unimportant)
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
 	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 	NOTE: Negligible security impact
@@ -25315,7 +25315,7 @@ CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write le
 CVE-2019-16787
 	REJECTED
 CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...)
-	- nethack <unfixed> (unimportant; bug #947005)
+	- nethack 3.6.6-1 (unimportant; bug #947005)
 	NOTE: https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226
 	NOTE: https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47
 	NOTE: Negligible security impact



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f936b272814da4aa36610bef002d2e607e52ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f936b272814da4aa36610bef002d2e607e52ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200531/057a2874/attachment.html>


More information about the debian-security-tracker-commits mailing list