[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2020-27187 as not-affected

Thorsten Alteholz alteholz at debian.org
Fri Oct 23 13:08:54 BST 2020 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ae1083f by Thorsten Alteholz at 2020-10-23T13:53:02+02:00
mark CVE-2020-27187 as not-affected

- - - - -
80dfaea9 by Thorsten Alteholz at 2020-10-23T13:54:13+02:00
mark xen CVEs as EOL for Stretch

- - - - -
9ba3822b by Thorsten Alteholz at 2020-10-23T13:57:27+02:00
mark another CVE for edk2 as ignored

- - - - -
7a27d31e by Thorsten Alteholz at 2020-10-23T14:00:55+02:00
mark CVE-2020-27638 as no-dsa for Stretch

- - - - -
8c8c89c8 by Thorsten Alteholz at 2020-10-23T14:02:50+02:00
mark CVE-2020-25648 as no-dsa for Stretch

- - - - -
02971a13 by Thorsten Alteholz at 2020-10-23T14:04:49+02:00
mark CVE-2020-27560 as no-dsa for Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -557,6 +557,7 @@ CVE-2020-27614
 CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
 	- fastd 21-1 (bug #972521)
 	[buster] - fastd <no-dsa> (Will be fixed via point release)
+	[stretch] - fastd <no-dsa> (Minor issue for versions below v20)
 	NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
 CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses ClueCon ...)
 	NOT-FOR-US: BigBlueButton
@@ -592,15 +593,19 @@ CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as us
 	NOTE: https://xenbits.xen.org/xsa/advisory-331.html
 CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...)
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-286.html
 CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-345.html
 CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH ...)
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-346.html
 CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
 	- xen <unfixed>
+	[stretch] - xen <end-of-life> (DSA 4602-1)
 	NOTE: https://xenbits.xen.org/xsa/advisory-347.html
 CVE-2020-27600
 	RESERVED
@@ -685,6 +690,7 @@ CVE-2020-27561
 CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames i ...)
 	- imagemagick <unfixed>
 	[buster] - imagemagick <ignored> (Minor issue)
+	[stretch] - imagemagick <no-dsa> (Minor issue)
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ef59bd764f88d893f1219fee8ba696a5d3f8c1c4
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
 CVE-2020-27559
@@ -1440,6 +1446,7 @@ CVE-2020-27187 [kpmcore_externalcommand helper can be exploited in local privile
 	RESERVED
 	- kpmcore 4.2.0-1
 	[buster] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
+	[stretch] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
 	NOTE: https://kde.org/info/security/advisory-20201017-1.txt
 	NOTE: https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed (fix)
 	NOTE: https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 (removes KF5 5.73 dependency)
@@ -4741,6 +4748,7 @@ CVE-2020-25649
 CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...)
 	- nss 2:3.58-1
 	[buster] - nss <no-dsa> (Minor issue)
+	[stretch] - nss <no-dsa> (Minor issue)
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)
 	NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
@@ -81305,6 +81313,7 @@ CVE-2019-14584
 	RESERVED
 	- edk2 <unfixed>
 	[buster] - edk2 <no-dsa> (Minor issue)
+	[stretch] - edk2 <ignored> (Minor issue)
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
 	NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
 CVE-2019-14583



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9c885a0882a6a9102f00ae647f5539c1f69c74b4...02971a13e6e42a08a744ef9802d06c93688ac1d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9c885a0882a6a9102f00ae647f5539c1f69c74b4...02971a13e6e42a08a744ef9802d06c93688ac1d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201023/5f5cb5d5/attachment.html>

More information about the debian-security-tracker-commits mailing list