[Git][security-tracker-team/security-tracker][master] new libxstream-java issue

Moritz Muehlenhoff jmm at debian.org
Tue Nov 17 15:49:49 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
202a1a67 by Moritz Muehlenhoff at 2020-11-17T16:49:39+01:00
new libxstream-java issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8982,7 +8982,10 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is vulnerable to Open Redirect.
 CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. ...)
 	NOT-FOR-US: touchbase.ai
 CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...)
-	TODO: check
+	- libxstream-java <unfixed>
+	NOTE: https://x-stream.github.io/CVE-2020-26217.html
+	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
+	NOTE: https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
 CVE-2020-26216
 	RESERVED
 CVE-2020-26215
@@ -10184,9 +10187,8 @@ CVE-2020-25698
 	RESERVED
 CVE-2020-25697
 	RESERVED
-	- libx11 <undetermined>
+	NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
-	TODO: check correct packages to track
 CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
 	RESERVED
 	- postgresql-13 13.1-1
@@ -74245,7 +74247,7 @@ CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle
 CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...)
 	NOT-FOR-US: Intel
 CVE-2020-0599 (Improper access control in the PMC for some Intel(R) Processors may al ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...)
 	NOT-FOR-US: Intel
 CVE-2020-0597 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202a1a67ee797123a7f2d96df556a523b5b5d23c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202a1a67ee797123a7f2d96df556a523b5b5d23c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201117/93158c8b/attachment.html>

More information about the debian-security-tracker-commits mailing list