[Git][security-tracker-team/security-tracker][master] Add CVE-2020-25690 and update information on CVE-2020-5395

Salvatore Bonaccorso carnil at debian.org
Sat Oct 31 08:35:43 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9474a4f by Salvatore Bonaccorso at 2020-10-31T09:35:12+01:00
Add CVE-2020-25690 and update information on CVE-2020-5395

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5607,6 +5607,8 @@ CVE-2020-25691
 	RESERVED
 CVE-2020-25690
 	RESERVED
+	- fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not applied)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...)
 	- wildfly <itp> (bug #752018)
 CVE-2020-25688
@@ -54301,6 +54303,10 @@ CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in
 	[stretch] - fontforge <no-dsa> (Minor issue)
 	[jessie] - fontforge <no-dsa> (Minor issue)
 	NOTE: https://github.com/fontforge/fontforge/issues/4084
+	NOTE: https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410
+
+	NOTE: Additional patch required (to not open up CVE-2020-25690):
+	NOTE: https://github.com/fontforge/fontforge/commit/b96273acc691ac8a36c6a8dd4de8e6edd7eaae59
 CVE-2019-20334 (In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...)
 	- nasm <unfixed> (unimportant)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9474a4f3cdf8979f6561b42c1763f9fb966f689

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9474a4f3cdf8979f6561b42c1763f9fb966f689
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201031/235ce2c6/attachment.html>

More information about the debian-security-tracker-commits mailing list