[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Nov 23 08:10:24 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8a18ca2 by security tracker role at 2020-11-23T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10457,6 +10457,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5
 	NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
 CVE-2020-25693
 	RESERVED
+	{DLA-2462-1}
 	- cimg <unfixed> (bug #973770)
 	NOTE: https://github.com/dtschump/CImg/pull/295
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983
@@ -34938,6 +34939,7 @@ CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-red
 	NOT-FOR-US: JBossWeb
 CVE-2020-14383 [An authenticated user can crash the DCE/RPC DNS with easily crafted records]
 	RESERVED
+	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #973398)
 	[buster] - samba <no-dsa> (Minor issue)
@@ -35212,6 +35214,7 @@ CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Im
 CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red  ...)
 	NOT-FOR-US: Red Hat CloudForm
 CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind service i ...)
+	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #973399)
 	[buster] - samba <no-dsa> (Minor issue)
@@ -35227,6 +35230,7 @@ CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cros
 	NOT-FOR-US: AMQ Online
 CVE-2020-14318 [Missing handle permissions check in SMB1/2/3 ChangeNotify]
 	RESERVED
+	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #973400)
 	[buster] - samba <no-dsa> (Minor issue)
@@ -35291,6 +35295,7 @@ CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
 CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...)
 	- linux <unfixed> (bug #960702)
 CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before  ...)
+	{DLA-2463-1}
 	- samba 2:4.12.5+dfsg-1
 	[buster] - samba <postponed> (Minor issue, fix along in next DSA)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
@@ -46018,6 +46023,7 @@ CVE-2020-10761 (An assertion failure issue was found in the Network Block Device
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd
 	NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
 CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...)
+	{DLA-2463-1}
 	- samba 2:4.12.5+dfsg-1
 	[buster] - samba <postponed> (Minor issue, fix along in next DSA)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
@@ -46088,6 +46094,7 @@ CVE-2020-10747
 CVE-2020-10746 (A flaw was found in Infinispan version 10, where it permits local acce ...)
 	NOT-FOR-US: Infinispan
 CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11  ...)
+	{DLA-2463-1}
 	- samba 2:4.12.5+dfsg-1
 	[buster] - samba <postponed> (Minor issue, fix along in next DSA)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html
@@ -46141,6 +46148,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspa
 CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...)
 	NOT-FOR-US: Red Hat OpenStack platform
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
+	{DLA-2463-1}
 	- ldb 2:2.1.4-1
 	[buster] - ldb <no-dsa> (Minor issue)
 	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
@@ -46242,6 +46250,7 @@ CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241
 	NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4
 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...)
+	{DLA-2463-1}
 	- samba 2:4.12.3+dfsg-2 (bug #960188)
 	[buster] - samba <postponed> (Can be fixed along in future DSA)
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
@@ -72324,6 +72333,7 @@ CVE-2020-1474 (An information disclosure vulnerability exists when the Windows I
 CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...)
+	{DLA-2463-1}
 	[experimental] - samba 2:4.13.2+dfsg-1
 	- samba 2:4.13.2+dfsg-2 (bug #971048)
 	[buster] - samba <no-dsa> (Has already safe defaults; can be fixed along in point release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8a18ca220df4e424a82455f5b2d2277830dfc91

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8a18ca220df4e424a82455f5b2d2277830dfc91
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201123/e1e78483/attachment.html>

More information about the debian-security-tracker-commits mailing list