[Git][security-tracker-team/security-tracker][master] buster triage
Moritz Muehlenhoff
jmm at debian.org
Fri Nov 6 19:08:15 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2377d23e by Moritz Muehlenhoff at 2020-11-06T20:07:55+01:00
buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7282,10 +7282,10 @@ CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer
NOT-FOR-US: Framer Preview application
CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...)
- rust-rand-core 0.5.0-1 (bug #969911; low)
- [buster] - rust-rand-core <no-dsa> (Minor issue)
+ [buster] - rust-rand-core <ignored> (Minor issue)
- rust-rand-core-0.3 <unfixed> (bug #970186; low)
- rust-rand-core-0.2 <removed> (bug #970185; low)
- [buster] - rust-rand-core-0.2 <no-dsa> (Minor issue)
+ [buster] - rust-rand-core-0.2 <ignored> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
CVE-2020-25574 (An issue was discovered in the http crate before 0.1.20 for Rust. An i ...)
@@ -7786,14 +7786,14 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t
NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
CVE-2020-24977 (GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...)
{DLA-2369-1}
- - libxml2 2.9.10+dfsg-6.2 (bug #969529)
- [buster] - libxml2 <no-dsa> (Minor issue)
+ - libxml2 2.9.10+dfsg-6.2 (unimportant; bug #969529)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
NOTE: The issue is specific and restricted to xmllint:
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545
NOTE: and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and
NOTE: provide pivot buffer.") commit itself.
+ NOTE: Crash in CLI tool, no security impact
CVE-2020-24976
RESERVED
CVE-2020-24975
@@ -40547,7 +40547,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
- node-jquery 3.5.0+dfsg-2
[buster] - node-jquery <no-dsa> (Minor issue)
- otrs2 6.0.30-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
NOTE: https://www.drupal.org/sa-core-2020-002
@@ -40563,7 +40563,7 @@ CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0
- drupal7 <removed>
[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
- otrs2 6.0.30-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
@@ -42020,7 +42020,7 @@ CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windo
NOT-FOR-US: ASUS Device Activation
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...)
- u-boot 2020.04+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <ignored> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5
@@ -47324,7 +47324,7 @@ CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP hea
NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1)
CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
- u-boot 2020.01+dfsg-2 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <ignored> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html
@@ -48281,7 +48281,7 @@ CVE-2020-8039
CVE-2020-8038
RESERVED
CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
- - tcpdump <unfixed> (bug #973877)
+ - tcpdump <unfixed> (unimportant; bug #973877)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
- tcpdump <not-affected> (Vulnerable code and support for SOME/IP protocol added later)
@@ -59214,9 +59214,9 @@ CVE-2020-3912 (An out-of-bounds read was addressed with improved input validatio
CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...)
- - libxml2 <undetermined>
+ NOT-FOR-US: Apple, unknown if it affects libxml2 upstream, but Apple is a black hole
CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...)
- - libxml2 <undetermined>
+ NOT-FOR-US: Apple, unknown if it affects libxml2 upstream, but Apple is a black hole
CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -65260,7 +65260,7 @@ CVE-2020-1777 (Agent names that participates in a chat conversation are revealed
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...)
- otrs2 6.0.29-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/
CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
@@ -65269,14 +65269,14 @@ CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article det
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
{DLA-2198-1}
- otrs2 6.0.28-1 (bug #959448)
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
NOTE: Fixed in 7.0.17, 6.0.28
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
@@ -65286,7 +65286,7 @@ CVE-2020-1773 (An attacker with the ability to generate session IDs or password
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
{DLA-2198-1}
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -65294,7 +65294,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...)
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
@@ -65303,7 +65303,7 @@ CVE-2020-1771 (Attacker is able craft an article with a link to the customer add
CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
{DLA-2198-1}
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -65311,7 +65311,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
@@ -65324,14 +65324,14 @@ CVE-2020-1768 (The external frontend system uses numerous background calls to th
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...)
{DLA-2079-1}
- otrs2 6.0.25-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
{DLA-2079-1}
- otrs2 6.0.25-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
@@ -65339,7 +65339,7 @@ CVE-2020-1766 (Due to improper handling of uploaded images it is possible in ver
CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...)
{DLA-2079-1}
- otrs2 6.0.25-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
@@ -71325,6 +71325,7 @@ CVE-2020-0453
CVE-2020-0452 [libexif overflow check could be optimized away]
RESERVED
- libexif <unfixed>
+ [buster] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
CVE-2020-0451
RESERVED
@@ -72342,14 +72343,14 @@ CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code
NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
- otrs2 6.0.24-1 (bug #945251)
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
@@ -77061,7 +77062,7 @@ CVE-2019-16376
RESERVED
CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- otrs2 6.0.23-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Minor issue)
NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/
@@ -82463,7 +82464,7 @@ CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files
{DSA-4494-1 DLA-1890-1}
- kconfig 5.54.0-2 (bug #934267)
- kde4libs 4:4.14.38-4 (bug #934268)
- [buster] - kde4libs <no-dsa> (Minor issue)
+ [buster] - kde4libs <ignored> (Minor issue)
[stretch] - kde4libs <no-dsa> (Minor issue)
NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
NOTE: https://kde.org/info/security/advisory-20190807-1.txt
@@ -84659,91 +84660,91 @@ CVE-2019-14205 (A Local File Inclusion vulnerability in the Nevma Adaptive Image
NOT-FOR-US: Nevma Adaptive Images plugin for WordPress
CVE-2019-14204 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14203 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14202 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14201 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14200 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14199 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14198 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078
CVE-2019-14197 (An issue was discovered in Das U-Boot through 2019.07. There is a read ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14196 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/cf3a4f1e86ecdd24f87b615051b49d8e1968c230
CVE-2019-14194 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078
CVE-2019-14193 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
@@ -87604,7 +87605,7 @@ CVE-2019-13459
CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1877-1}
- otrs2 6.0.20-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
@@ -88634,28 +88635,28 @@ CVE-2019-13107 (Multiple integer overflows exist in MATIO before 1.5.16, related
NOTE: Several commits between 1.5.15..1.5.16: https://github.com/tbeu/matio/compare/f8cd397...fabac6c
CVE-2019-13106 (Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375516.html
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba
CVE-2019-13105 (Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375513.html
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/6e5a79de658cb1c8012c86e0837379aa6eabd024
CVE-2019-13104 (In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow c ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375514.html
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/878269dbe74229005dd7f27aca66c554e31dad8e
CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Das U-Bo ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375512.html
@@ -89661,7 +89662,7 @@ CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserializ
CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...)
{DLA-1877-1}
- otrs2 6.0.20-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c
@@ -90240,7 +90241,7 @@ CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress acce
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2
@@ -90974,7 +90975,7 @@ CVE-2019-12249
CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
@@ -93823,7 +93824,7 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
- node-jquery 2.2.4+dfsg-4 (bug #927466)
- mediawiki 1:1.31.2-1
- otrs2 6.0.26-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://www.drupal.org/sa-core-2019-006
NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
@@ -97671,7 +97672,7 @@ CVE-2019-9905
RESERVED
CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...)
- graphviz <unfixed> (low; bug #925284)
- [buster] - graphviz <no-dsa> (Minor issue)
+ [buster] - graphviz <ignored> (Minor issue)
[stretch] - graphviz <no-dsa> (Minor issue)
[jessie] - graphviz <no-dsa> (Minor issue)
NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
@@ -126947,7 +126948,7 @@ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 a
- kio-extras 4:18.08.3-1 (bug #913595)
[stretch] - kio-extras <no-dsa> (Minor issue)
- kde-runtime <removed> (bug #913596)
- [buster] - kde-runtime <no-dsa> (Minor issue)
+ [buster] - kde-runtime <ignored> (Minor issue)
[stretch] - kde-runtime <no-dsa> (Minor issue)
[jessie] - kde-runtime <ignored> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2377d23ed520d0b779fd78c66e8e847e784b75a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2377d23ed520d0b779fd78c66e8e847e784b75a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201106/3bf48f43/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list