[Git][security-tracker-team/security-tracker][master] buster triage

Moritz Muehlenhoff jmm at debian.org
Fri Sep 11 18:35:16 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0560d2ac by Moritz Muehlenhoff at 2020-09-11T19:34:53+02:00
buster triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -130,6 +130,7 @@ CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, a
 	NOTE: https://www.spinics.net/lists/stable/msg405099.html
 CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...)
 	- libproxy <unfixed>
+	[buster] - libproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/libproxy/libproxy/issues/134
 CVE-2020-25218
 	RESERVED
@@ -167,6 +168,7 @@ CVE-2020-25203
 	RESERVED
 CVE-2019-XXXX [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.2]
 	- rust-rand-core 0.5.0-1 (bug #969911; low)
+	[buster] - rust-rand-core <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
 	NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
 CVE-2019-XXXX [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 can cause DoS]
@@ -671,6 +673,7 @@ CVE-2020-24973
 	RESERVED
 CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG  ...)
 	- kleopatra <unfixed>
+	[buster] - kleopatra <no-dsa> (Minor issue)
 	NOTE: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
 	NOTE: https://security.gentoo.org/glsa/202008-21
 CVE-2020-24971
@@ -23151,6 +23154,7 @@ CVE-2020-14363 [Double free in libX11 locale handling code]
 	RESERVED
 	{DLA-2361-1}
 	- libx11 <unfixed> (bug #969008)
+	[buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
 CVE-2020-14362
@@ -23231,7 +23235,7 @@ CVE-2020-14345
 CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...)
 	{DLA-2312-1}
 	- libx11 2:1.6.10-1
-	[buster] - libx11 <no-dsa> (Minor issue)
+	[buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
@@ -56789,7 +56793,7 @@ CVE-2020-1970
 CVE-2020-1969
 	RESERVED
 CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can  ...)
-	- openssl 1.1.1g-1
+	- openssl 1.1.1~~pre9-1
 	- openssl1.0 <removed>
 	NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed version in sid
 	NOTE: https://www.openssl.org/news/secadv/20200909.txt
@@ -80139,6 +80143,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
 	- rainloop 1.14.0-1
+	[buster] - rainloop <no-dsa> (Minor issue)
 	NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
 CVE-2019-13388
 	RESERVED
@@ -106912,6 +106917,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1
 	NOT-FOR-US: SuSE
 CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
 	- osc <unfixed> (bug #969999)
+	[buster] - osc <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
 	NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0)
 CVE-2019-3680


=====================================
data/dsa-needed.txt
=====================================
@@ -16,6 +16,8 @@ chromium
 --
 curl (ghedo)
 --
+inspircd
+--
 knot-resolver
   Santiago Ruano Rincón proposed a debdiff for review
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0560d2ac29b2140270508dca5aa2bab9ad0abb30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0560d2ac29b2140270508dca5aa2bab9ad0abb30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200911/a93eefec/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list