[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 21 20:10:30 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c90b4af6 by security tracker role at 2020-11-21T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2424,6 +2424,7 @@ CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sens
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-351.html
CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. ...)
+ {DLA-2460-1}
- golang-1.15 1.15.5-1
- golang-1.11 <removed>
- golang-1.8 <removed>
@@ -4309,7 +4310,7 @@ CVE-2020-28198
CVE-2020-28197
RESERVED
CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...)
- {DLA-2437-1}
+ {DSA-4795-1 DLA-2437-1}
[experimental] - krb5 1.18.2-1
- krb5 1.18.3-1 (bug #973880)
NOTE: https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
@@ -7527,7 +7528,7 @@ CVE-2020-26969
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
CVE-2020-26968
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7548,7 +7549,7 @@ CVE-2020-26966
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966
CVE-2020-26965
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7569,7 +7570,7 @@ CVE-2020-26962
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
CVE-2020-26961
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7578,7 +7579,7 @@ CVE-2020-26961
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961
CVE-2020-26960
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7587,7 +7588,7 @@ CVE-2020-26960
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960
CVE-2020-26959
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7596,7 +7597,7 @@ CVE-2020-26959
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959
CVE-2020-26958
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7609,7 +7610,7 @@ CVE-2020-26957
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957
CVE-2020-26956
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7626,7 +7627,7 @@ CVE-2020-26954
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954
CVE-2020-26953
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7639,7 +7640,7 @@ CVE-2020-26952
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
CVE-2020-26951
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -8588,6 +8589,7 @@ CVE-2020-26521 (The JWT library in NATS nats-server before 2.1.9 allows a denial
CVE-2020-26520
RESERVED
CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write when pa ...)
+ {DSA-4794-1}
- mupdf 1.17.0+ds1-1.1 (bug #971595)
[stretch] - mupdf <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8
@@ -11692,8 +11694,8 @@ CVE-2020-25191
RESERVED
CVE-2020-25190
RESERVED
-CVE-2020-25189
- RESERVED
+CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
+ TODO: check
CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
NOT-FOR-US: LAquis SCADA
CVE-2020-25187
@@ -28643,6 +28645,7 @@ CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending
- salt 3002.1+dfsg1-1
NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...)
+ {DLA-2460-1 DLA-2459-1}
- golang-1.15 1.15~rc2-1
- golang-1.14 1.14.7-1
- golang-1.11 <removed>
@@ -30506,7 +30509,7 @@ CVE-2020-16013
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16012
RESERVED
- {DSA-4793-1 DLA-2457-1}
+ {DSA-4796-1 DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -31738,6 +31741,7 @@ CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine
CVE-2020-15587
RESERVED
CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...)
+ {DLA-2460-1 DLA-2459-1}
- golang-1.15 1.15~rc1-1
- golang-1.14 1.14.6-1
- golang-1.11 <removed>
@@ -35373,8 +35377,8 @@ CVE-2020-14260
RESERVED
CVE-2020-14259
RESERVED
-CVE-2020-14258
- RESERVED
+CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...)
+ TODO: check
CVE-2020-14257
RESERVED
CVE-2020-14256
@@ -35421,16 +35425,16 @@ CVE-2020-14236
RESERVED
CVE-2020-14235
RESERVED
-CVE-2020-14234
- RESERVED
+CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability due to ...)
+ TODO: check
CVE-2020-14233
RESERVED
CVE-2020-14232
RESERVED
CVE-2020-14231
RESERVED
-CVE-2020-14230
- RESERVED
+CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...)
+ TODO: check
CVE-2020-14229
RESERVED
CVE-2020-14228
@@ -42413,6 +42417,7 @@ CVE-2020-11801
CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...)
NOT-FOR-US: ServiceNow IT Service Management Kingston
CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...)
+ {DLA-2461-1}
- zabbix 1:4.0.0+dfsg-1
NOTE: https://support.zabbix.com/browse/DEV-1538
NOTE: https://support.zabbix.com/browse/ZBX-17600
@@ -107413,7 +107418,7 @@ CVE-2019-8402
CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages ...)
NOT-FOR-US: WooCommerce plugin
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...)
- {DLA-1708-1}
+ {DLA-2461-1 DLA-1708-1}
- zabbix 1:3.0.17+dfsg-1 (low)
NOTE: https://support.zabbix.com/browse/ZBX-10272
NOTE: https://support.zabbix.com/browse/ZBX-13133
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c90b4af611460411f9d14c5740f755663096eb93
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c90b4af611460411f9d14c5740f755663096eb93
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201121/f315849e/attachment.html>
More information about the debian-security-tracker-commits
mailing list