[Git][security-tracker-team/security-tracker][master] new pam issue

Moritz Muehlenhoff jmm at debian.org
Tue Nov 24 18:58:06 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
650ba8ac by Moritz Mühlenhoff at 2020-11-24T19:57:38+01:00
new pam issue
upstream fix for atftp
NFU
poppler postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5471,11 +5471,14 @@ CVE-2020-27781
 	RESERVED
 CVE-2020-27780
 	RESERVED
+	- pam <not-affected> (Only affects 1.5.0)
+	NOTE: https://github.com/linux-pam/linux-pam/issues/284
 CVE-2020-27779
 	RESERVED
 CVE-2020-27778
 	RESERVED
 	- poppler 0.85.0-2
+	[buster] - poppler <postponed> (Minor issue)
 	[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0)
@@ -36325,6 +36328,7 @@ CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.
 	NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58)
 CVE-2020-13942
 	RESERVED
+	NOT-FOR-US: Apache Unomi
 CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
 	- lucene-solr <unfixed>
 	[buster] - lucene-solr <ignored> (Minor issue)
@@ -57918,6 +57922,7 @@ CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atft
 	[buster] - atftp <no-dsa> (Minor issue)
 	[stretch] - atftp <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
+	NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
 	- glibc 2.31-2 (low; bug #961452)
 	[buster] - glibc <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/650ba8ac280f2429568e710632f7c8430a5f7b5c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/650ba8ac280f2429568e710632f7c8430a5f7b5c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201124/a4841613/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list