[Git][security-tracker-team/security-tracker][master] automatic update

Sun Sep 13 21:10:30 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bc4d1fa by security tracker role at 2020-09-13T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,13 @@
-CVE-2020-25285 [mm/hugetlb: fix a race between hugetlb sysctl handlers]
+CVE-2020-25288
+	RESERVED
+CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
+	TODO: check
+CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...)
+	TODO: check
+CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
-CVE-2020-25284 [rbd: require global CAP_SYS_ADMIN for mapping and unmapping]
+CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
 CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
@@ -18756,7 +18762,7 @@ CVE-2020-16093
 	[buster] - lemonldap-ng <no-dsa> (Minor issue)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250
 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
-	{DSA-4760-1}
+	{DSA-4760-1 DLA-2373-1}
 	- qemu 1:5.1+dfsg-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
@@ -23192,7 +23198,7 @@ CVE-2020-14365 [dnf module install packages with no GPG signature]
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
 CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator  ...)
-	{DSA-4760-1}
+	{DSA-4760-1 DLA-2373-1}
 	- qemu 1:5.1+dfsg-4 (bug #968947)
 	NOTE: https://xenbits.xen.org/xsa/advisory-335.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
@@ -26211,6 +26217,7 @@ CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 befo
 	NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch)
 	NOTE: Regression https://code.djangoproject.com/ticket/31654
 CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
+	{DLA-2373-1}
 	- qemu 1:5.0-8 (bug #961297)
 	[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
@@ -58125,7 +58132,7 @@ CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before v
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
-	{DLA-2144-1}
+	{DLA-2373-1 DLA-2144-1}
 	- qemu 1:4.2-2 (bug #949731)
 	[buster] - qemu 1:3.1+dfsg-8+deb10u4
 	- qemu-kvm <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc4d1fa245261890620e432607ca38c9ecfa947

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc4d1fa245261890620e432607ca38c9ecfa947
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200913/05711919/attachment.html>
