[Git][security-tracker-team/security-tracker][master] qemu, icinga bugs

Moritz Muehlenhoff jmm at debian.org
Sun Sep 13 21:50:54 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca77cf88 by Moritz Muehlenhoff at 2020-09-13T22:50:39+02:00
qemu, icinga bugs
phpmyadmin non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20355,7 +20355,7 @@ CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a
 CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
 	NOT-FOR-US: ffjpeg
 CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
-	- qemu <unfixed> (low)
+	- qemu <unfixed> (low; bug #970253)
 	[buster] - qemu <postponed> (Minor issue, fix along in next DSA)
 	[stretch] - qemu <postponed> (Minor issue, fix along in next DSA)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1
@@ -24235,7 +24235,7 @@ CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platf
 CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
 	NOT-FOR-US: Solarwinds
 CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...)
-	- icinga2 <unfixed>
+	- icinga2 <unfixed> (bug #970252)
 	[stretch] - icinga2 <not-affected> (prepare-dirs script not shipped)
 	[jessie] - icinga2 <not-affected> (prepare-dirs script not shipped)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1
@@ -32036,9 +32036,10 @@ CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior
 CVE-2020-11442
 	RESERVED
 CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...)
-	- phpmyadmin <undetermined>
+	- phpmyadmin <unfixed> (unimportant)
 	[jessie] - phpmyadmin <not-affected> (The pma_error display code does not exist in this version)
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056
+	NOTE: Not considered a security issue
 CVE-2020-11440 (httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no  ...)
 	NOT-FOR-US: Wind River
 CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca77cf887d115b4e9855b7acdc996f69de754329

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca77cf887d115b4e9855b7acdc996f69de754329
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200913/e13117d6/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list