[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 16 21:10:34 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da7ccf05 by security tracker role at 2020-09-16T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-25625
+ RESERVED
+CVE-2020-25624
+ RESERVED
+CVE-2020-25623
+ RESERVED
+CVE-2020-25622
+ RESERVED
+CVE-2020-25621
+ RESERVED
+CVE-2020-25620
+ RESERVED
+CVE-2020-25619
+ RESERVED
+CVE-2020-25618
+ RESERVED
+CVE-2020-25617
+ RESERVED
+CVE-2020-25616
+ RESERVED
+CVE-2020-25615
+ RESERVED
+CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is ...)
+ TODO: check
+CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...)
+ TODO: check
CVE-2020-25613
RESERVED
CVE-2020-25612
@@ -98,8 +124,8 @@ CVE-2020-25561
RESERVED
CVE-2020-25560
RESERVED
-CVE-2020-25559
- RESERVED
+CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...)
+ TODO: check
CVE-2020-25558
RESERVED
CVE-2020-25557
@@ -392,8 +418,8 @@ CVE-2020-25414
RESERVED
CVE-2020-25413
RESERVED
-CVE-2020-25412
- RESERVED
+CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line () at comm ...)
+ TODO: check
CVE-2020-25411
RESERVED
CVE-2020-25410
@@ -1205,12 +1231,10 @@ CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order
NOT-FOR-US: Mara CMS
CVE-2020-25041
RESERVED
-CVE-2020-25040 [Insecure permissions on build temporary rootfs]
- RESERVED
+CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary ...)
- singularity-container <unfixed> (bug #970465)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762
-CVE-2020-25039 [Insecure permissions on user namespace / fakeroot temporary rootfs]
- RESERVED
+CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on tem ...)
- singularity-container <unfixed> (bug #970465)
NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
CVE-2020-25038
@@ -1261,8 +1285,8 @@ CVE-2020-25018
RESERVED
CVE-2020-25017
RESERVED
-CVE-2020-25015
- RESERVED
+CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
+ TODO: check
CVE-2020-25014
RESERVED
CVE-2020-25013
@@ -1529,11 +1553,11 @@ CVE-2020-24893
CVE-2020-24892
RESERVED
CVE-2020-24891
- RESERVED
-CVE-2020-24890
- RESERVED
-CVE-2020-24889
- RESERVED
+ REJECTED
+CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...)
+ TODO: check
+CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...)
+ TODO: check
CVE-2020-24888
RESERVED
CVE-2020-24887
@@ -23737,13 +23761,11 @@ CVE-2020-14395
RESERVED
CVE-2020-14394
RESERVED
-CVE-2020-14393
- RESERVED
+CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local ...)
- libdbi-perl 1.643-1
[buster] - libdbi-perl <no-dsa> (Minor issue)
NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
-CVE-2020-14392
- RESERVED
+CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643 ...)
- libdbi-perl 1.643-1
[buster] - libdbi-perl <no-dsa> (Minor issue)
NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
@@ -23769,8 +23791,7 @@ CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate
NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1)
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549
-CVE-2020-14386 [af_packet memory corruption]
- RESERVED
+CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...)
- linux 5.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...)
@@ -23781,8 +23802,7 @@ CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-red
NOT-FOR-US: JBossWeb
CVE-2020-14383
RESERVED
-CVE-2020-14382
- RESERVED
+CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...)
- cryptsetup 2:2.3.4-1 (bug #969471)
[buster] - cryptsetup <not-affected> (Vulnerable code not present)
[stretch] - cryptsetup <not-affected> (Vulnerable code not present)
@@ -23912,8 +23932,7 @@ CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 a
NOTE: https://www.postgresql.org/about/news/2060/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
-CVE-2020-14348
- RESERVED
+CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...)
NOT-FOR-US: AMQ Online
CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...)
{DSA-4758-1 DLA-2359-1}
@@ -24039,8 +24058,7 @@ CVE-2020-14317
- wildfly <itp> (bug #752018)
CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...)
NOT-FOR-US: KubeVirt
-CVE-2020-14315
- RESERVED
+CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...)
- bsdiff <unfixed> (bug #964796)
[buster] - bsdiff <no-dsa> (Minor issue)
[stretch] - bsdiff <no-dsa> (Minor issue)
@@ -24082,8 +24100,7 @@ CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't
NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...)
- wildfly <itp> (bug #752018)
-CVE-2020-14306
- RESERVED
+CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...)
NOT-FOR-US: OpenShift
CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
RESERVED
@@ -25068,8 +25085,7 @@ CVE-2020-13930
RESERVED
CVE-2020-13929
RESERVED
-CVE-2020-13928
- RESERVED
+CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...)
NOT-FOR-US: Apache Atlas
CVE-2020-13927
RESERVED
@@ -26817,8 +26833,8 @@ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later
NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
CVE-2020-13260
RESERVED
-CVE-2020-13259
- RESERVED
+CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
+ TODO: check
CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
NOT-FOR-US: Contentful
CVE-2020-13257
@@ -34623,8 +34639,7 @@ CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privile
NOT-FOR-US: Red Hat CloudForm
CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...)
NOT-FOR-US: Ansible Tower
-CVE-2020-10781 [zram sysfs resource consumption]
- RESERVED
+CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...)
- linux 5.7.10-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -34717,8 +34732,7 @@ CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), w
NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10)
NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2)
NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
-CVE-2020-10758
- RESERVED
+CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...)
NOT-FOR-US: Keycloak
CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1}
@@ -34767,8 +34781,7 @@ CVE-2020-10749 (A vulnerability was found in all versions of containernetworking
- golang-github-containernetworking-plugins 0.8.6-1
NOTE: https://github.com/containernetworking/plugins/pull/484
NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
-CVE-2020-10748
- RESERVED
+CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...)
NOT-FOR-US: Keycloak
CVE-2020-10747
REJECTED
@@ -34814,8 +34827,7 @@ CVE-2020-10735
RESERVED
CVE-2020-10734
RESERVED
-CVE-2020-10733
- RESERVED
+CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...)
- postgresql-12 <not-affected> (Windows-specific)
- postgresql-11 <not-affected> (Windows-specific)
- postgresql-9.6 <not-affected> (Windows-specific)
@@ -34882,8 +34894,7 @@ CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, reg
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public)
NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf
-CVE-2020-10718
- RESERVED
+CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...)
- wildfly <itp> (bug #752018)
CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...)
- qemu 1:5.0-5 (bug #959746)
@@ -34895,8 +34906,7 @@ CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file syst
CVE-2020-10716
RESERVED
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
-CVE-2020-10715
- RESERVED
+CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...)
NOT-FOR-US: Openshift Web Console
CVE-2020-10714
RESERVED
@@ -42230,8 +42240,8 @@ CVE-2020-7735
RESERVED
CVE-2020-7734
RESERVED
-CVE-2020-7733
- RESERVED
+CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...)
+ TODO: check
CVE-2020-7732
RESERVED
CVE-2020-7731
@@ -42683,16 +42693,16 @@ CVE-2020-7534
RESERVED
CVE-2020-7533
RESERVED
-CVE-2020-7532
- RESERVED
-CVE-2020-7531
- RESERVED
-CVE-2020-7530
- RESERVED
-CVE-2020-7529
- RESERVED
-CVE-2020-7528
- RESERVED
+CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
+ TODO: check
+CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x ...)
+ TODO: check
+CVE-2020-7530 (A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x ...)
+ TODO: check
+CVE-2020-7529 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...)
+ TODO: check
+CVE-2020-7528 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
+ TODO: check
CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...)
NOT-FOR-US: Schneider
CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business ...)
@@ -44556,8 +44566,8 @@ CVE-2020-6783
RESERVED
CVE-2020-6782
RESERVED
-CVE-2020-6781
- RESERVED
+CVE-2020-6781 (Improper certificate validation for certain connections in the Bosch S ...)
+ TODO: check
CVE-2020-6780
RESERVED
CVE-2020-6779
@@ -46330,8 +46340,8 @@ CVE-2020-6148
RESERVED
CVE-2020-6147
RESERVED
-CVE-2020-6146
- RESERVED
+CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...)
+ TODO: check
CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
NOT-FOR-US: ERPNext
CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...)
@@ -49985,8 +49995,8 @@ CVE-2020-4710
RESERVED
CVE-2020-4709
RESERVED
-CVE-2020-4708
- RESERVED
+CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some infor ...)
+ TODO: check
CVE-2020-4707
RESERVED
CVE-2020-4706
@@ -50583,8 +50593,8 @@ CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5
NOT-FOR-US: IBM
CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...)
NOT-FOR-US: IBM
-CVE-2020-4409
- RESERVED
+CVE-2020-4409 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...)
+ TODO: check
CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...)
NOT-FOR-US: IBM
CVE-2020-4407
@@ -51450,16 +51460,16 @@ CVE-2020-3992
RESERVED
CVE-2020-3991
RESERVED
-CVE-2020-3990
- RESERVED
-CVE-2020-3989
- RESERVED
-CVE-2020-3988
- RESERVED
-CVE-2020-3987
- RESERVED
-CVE-2020-3986
- RESERVED
+CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ TODO: check
+CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ TODO: check
+CVE-2020-3988 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ TODO: check
+CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ TODO: check
+CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ TODO: check
CVE-2020-3985
RESERVED
CVE-2020-3984
@@ -51470,8 +51480,8 @@ CVE-2020-3982
RESERVED
CVE-2020-3981
RESERVED
-CVE-2020-3980
- RESERVED
+CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
+ TODO: check
CVE-2020-3979
RESERVED
CVE-2020-3978
@@ -56721,86 +56731,59 @@ CVE-2020-2280
RESERVED
CVE-2020-2279
RESERVED
-CVE-2020-2278
- RESERVED
+CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2277
- RESERVED
+CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/ ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2276
- RESERVED
+CVE-2020-2276 (Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specifi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2275
- RESERVED
+CVE-2020-2275 (Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit w ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2274
- RESERVED
+CVE-2020-2274 (Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password u ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2273
- RESERVED
+CVE-2020-2273 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2272
- RESERVED
+CVE-2020-2272 (A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2271
- RESERVED
+CVE-2020-2271 (Jenkins Locked Files Report Plugin 1.6 and earlier does not escape loc ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2270
- RESERVED
+CVE-2020-2270 (Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the c ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2269
- RESERVED
+CVE-2020-2269 (Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape vie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2268
- RESERVED
+CVE-2020-2268 (A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2267
- RESERVED
+CVE-2020-2267 (A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2266
- RESERVED
+CVE-2020-2266 (Jenkins Description Column Plugin 1.3 and earlier does not escape the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2265
- RESERVED
+CVE-2020-2265 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2264
- RESERVED
+CVE-2020-2264 (Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2263
- RESERVED
+CVE-2020-2263 (Jenkins Radiator View Plugin 1.29 and earlier does not escape the full ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2262
- RESERVED
+CVE-2020-2262 (Jenkins Android Lint Plugin 2.6 and earlier does not escape the annota ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2261
- RESERVED
+CVE-2020-2261 (Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jen ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2260
- RESERVED
+CVE-2020-2260 (A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2259
- RESERVED
+CVE-2020-2259 (Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape t ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2258
- RESERVED
+CVE-2020-2258 (Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2257
- RESERVED
+CVE-2020-2257 (Jenkins Validating String Parameter Plugin 2.4 and earlier does not es ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2256
- RESERVED
+CVE-2020-2256 (Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2255
- RESERVED
+CVE-2020-2255 (A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2254
- RESERVED
+CVE-2020-2254 (Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2253
- RESERVED
+CVE-2020-2253 (Jenkins Email Extension Plugin 2.75 and earlier does not perform hostn ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2252
- RESERVED
+CVE-2020-2252 (Jenkins Mailer Plugin 1.32 and earlier does not perform hostname valid ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...)
NOT-FOR-US: Jenkins plugin
@@ -58623,8 +58606,7 @@ CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some net
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
-CVE-2020-1748
- RESERVED
+CVE-2020-1748 (A flaw was found in all supported versions before wildfly-elytron-1.6. ...)
- wildfly <itp> (bug #752018)
CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...)
- pyyaml 5.3-2 (bug #953013)
@@ -58800,8 +58782,7 @@ CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the
- qemu-kvm <removed>
NOTE: Upstream patch: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc (5.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3
-CVE-2020-1710
- RESERVED
+CVE-2020-1710 (The issue appears to be that JBoss EAP 6.4.21 does not parse the field ...)
NOT-FOR-US: JBoss EAP
CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...)
NOT-FOR-US: openshift
@@ -58849,8 +58830,7 @@ CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.F
- resteasy <undetermined>
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
-CVE-2020-1694
- RESERVED
+CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0, where the ...)
NOT-FOR-US: Keycloak
CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7ccf054b6018e187e1fa2a1bd61a1d5368d50a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da7ccf054b6018e187e1fa2a1bd61a1d5368d50a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200916/5702402b/attachment.html>
More information about the debian-security-tracker-commits
mailing list