[Git][security-tracker-team/security-tracker][master] 28 commits: Track linux issues fixed in 10.6
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 26 09:48:41 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b93b6dc by Salvatore Bonaccorso at 2020-09-25T14:27:12+02:00
Track linux issues fixed in 10.6
- - - - -
ce4222af by Salvatore Bonaccorso at 2020-09-25T14:29:15+02:00
Track i40e fixes now included in 10.6 (4.19.139 upstream)
- - - - -
3b9c94e7 by Salvatore Bonaccorso at 2020-09-25T14:31:37+02:00
Track haproxy issues fixed in 10.6
- - - - -
981c2892 by Salvatore Bonaccorso at 2020-09-25T14:32:44+02:00
Track dojo issues fixed in 10.6
- - - - -
95fa1069 by Salvatore Bonaccorso at 2020-09-25T14:34:51+02:00
Track gupnp issues fixed in 10.6
- - - - -
df6b275d by Salvatore Bonaccorso at 2020-09-25T14:36:25+02:00
Track postgresql-11 issues fixed in 10.6
- - - - -
cd711983 by Salvatore Bonaccorso at 2020-09-25T14:37:21+02:00
Track ros-actionlib issues fixed in 10.6
- - - - -
ba7c3930 by Salvatore Bonaccorso at 2020-09-25T14:38:18+02:00
Track lucene-solr issues fixed in 10.6
- - - - -
2e220286 by Salvatore Bonaccorso at 2020-09-25T14:39:19+02:00
Track npm issues fixed in 10.6
- - - - -
9576edc2 by Salvatore Bonaccorso at 2020-09-25T14:40:48+02:00
Track asterisk issues fixed in 10.6
- - - - -
a320e74b by Salvatore Bonaccorso at 2020-09-25T14:43:13+02:00
Track libvncserver issues fixed in 10.6
- - - - -
14e6185a by Salvatore Bonaccorso at 2020-09-25T14:44:13+02:00
Track bacula issues fixed in 10.6
- - - - -
6f2faf4b by Salvatore Bonaccorso at 2020-09-25T14:45:12+02:00
Track node-bl issues fixed in 10.6
- - - - -
eed54bd1 by Salvatore Bonaccorso at 2020-09-25T14:46:13+02:00
Track chrony issues fixed in 10.6
- - - - -
3e08e776 by Salvatore Bonaccorso at 2020-09-25T14:47:16+02:00
Track node-url-parse issues fixed in 10.6
- - - - -
bdaab846 by Salvatore Bonaccorso at 2020-09-25T14:49:12+02:00
Track node-elliptic issues fixed in 10.6
- - - - -
e9e14e21 by Salvatore Bonaccorso at 2020-09-25T14:50:07+02:00
Track grunt issues fixed in 10.6
- - - - -
7b671813 by Salvatore Bonaccorso at 2020-09-25T14:51:21+02:00
Track libdbi-perl issues fixed in 10.6
- - - - -
e2c09f3c by Salvatore Bonaccorso at 2020-09-25T14:52:29+02:00
Track gnome-shell issues fixed in 10.6
- - - - -
91c0d377 by Salvatore Bonaccorso at 2020-09-25T14:53:38+02:00
Track QT issues fixed in 10.6
- - - - -
04a3f9e4 by Salvatore Bonaccorso at 2020-09-25T14:54:36+02:00
Track node-mysql issues fixed in 10.6
- - - - -
6950f42d by Salvatore Bonaccorso at 2020-09-25T14:55:27+02:00
Track icinga2 issues fixed in 10.6
- - - - -
86629865 by Salvatore Bonaccorso at 2020-09-25T14:56:36+02:00
Track libx11 issues fixed in 10.6
- - - - -
816e4ed9 by Salvatore Bonaccorso at 2020-09-25T14:58:03+02:00
Track milkytracker issues fixed in 10.6
- - - - -
1c40a938 by Salvatore Bonaccorso at 2020-09-25T14:58:57+02:00
Track libcommons-compress-java issues fixed in 10.6
- - - - -
42b20260 by Salvatore Bonaccorso at 2020-09-25T14:59:47+02:00
Track chocolate-doom issues fixed in 10.6
- - - - -
0313a5bd by Salvatore Bonaccorso at 2020-09-25T15:00:43+02:00
Track inetutils issues fixed in 10.6
- - - - -
598d1d7e by Salvatore Bonaccorso at 2020-09-26T10:48:06+02:00
Merge branch 'buster-10.6' into master
Track buster 10.6 point release
See merge request security-tracker-team/security-tracker!71
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -109,6 +109,7 @@ CVE-2020-26062
RESERVED
CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...)
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
CVE-2020-26061
RESERVED
@@ -1027,6 +1028,7 @@ CVE-2020-25642
CVE-2020-25641
RESERVED
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
CVE-2020-25640
RESERVED
@@ -1777,9 +1779,11 @@ CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitra
NOT-FOR-US: Pligg CMS
CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...)
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
NOT-FOR-US: LG mobile devices
@@ -1919,7 +1923,7 @@ CVE-2020-25226
RESERVED
CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...)
- libdbi-perl 1.643-1
- [buster] - libdbi-perl <no-dsa> (Minor issue)
+ [buster] - libdbi-perl 1.642-1+deb10u1
NOTE: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence module ...)
- inspircd <not-affected> (Only affected 3.0.0 and 3.0.1)
@@ -1969,6 +1973,7 @@ CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPre
NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...)
- linux <unfixed>
@@ -17578,9 +17583,9 @@ CVE-2020-17508
CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
{DLA-2377-1 DLA-2376-1}
- qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4
- qt4-x11 <removed> (bug #970308)
- [buster] - qt4-x11 <no-dsa> (Minor issue)
+ [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch)
@@ -17631,7 +17636,7 @@ CVE-2020-17490
CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
{DLA-2374-1}
- gnome-shell 3.36.5-1 (bug #968311)
- [buster] - gnome-shell <no-dsa> (Minor issue)
+ [buster] - gnome-shell 3.30.2-11~deb10u2
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04
@@ -20402,6 +20407,7 @@ CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS pr
NOT-FOR-US: Temi Launcher OS
CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...)
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...)
NOT-FOR-US: SpringBlade
@@ -21336,6 +21342,7 @@ CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file pack
NOT-FOR-US: Node socket.io-file
CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
- linux 5.7.10-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <ignored> (securelevel included but not supported)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
@@ -21971,7 +21978,7 @@ CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.
CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...)
{DLA-2292-1}
- milkytracker 1.02.00+dfsg-2.1 (bug #964797)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
CVE-2020-15568
RESERVED
@@ -23083,7 +23090,7 @@ CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta2
- electron <itp> (bug #842420)
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
- npm 6.14.6+ds-1 (low; bug #964746)
- [buster] - npm <no-dsa> (Minor issue)
+ [buster] - npm 5.8.0+ds6-4+deb10u2
NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...)
@@ -23342,7 +23349,7 @@ CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't
- crispy-doom 5.9.0-1 (bug #964564)
[buster] - crispy-doom <no-dsa> (Minor issue)
- chocolate-doom 3.0.1-1
- [buster] - chocolate-doom <no-dsa> (Minor issue)
+ [buster] - chocolate-doom 3.0.0-4+deb10u1
[stretch] - chocolate-doom <no-dsa> (Minor issue)
[jessie] - chocolate-doom <end-of-life> (games are not supported)
NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
@@ -24903,37 +24910,37 @@ CVE-2020-14406
CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
- libvncserver 0.9.13+dfsg-1
@@ -24944,7 +24951,7 @@ CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improp
CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
- libvncserver 0.9.13+dfsg-1
@@ -24958,11 +24965,11 @@ CVE-2020-14394
RESERVED
CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local ...)
- libdbi-perl 1.643-1
- [buster] - libdbi-perl <no-dsa> (Minor issue)
+ [buster] - libdbi-perl 1.642-1+deb10u1
NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643 ...)
- libdbi-perl 1.643-1
- [buster] - libdbi-perl <no-dsa> (Minor issue)
+ [buster] - libdbi-perl 1.642-1+deb10u1
NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
CVE-2020-14391
RESERVED
@@ -24970,6 +24977,7 @@ CVE-2020-14391
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...)
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
CVE-2020-14389
@@ -24990,6 +24998,7 @@ CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corr
NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...)
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...)
@@ -25049,6 +25058,7 @@ CVE-2020-14368
NOT-FOR-US: Eclipse Che
CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...)
- chrony 3.5.1-1 (unimportant)
+ [buster] - chrony 3.4-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1
NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1)
NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1)
@@ -25069,7 +25079,7 @@ CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emu
CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...)
{DLA-2361-1}
- libx11 <unfixed> (bug #969008)
- [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
+ [buster] - libx11 2:1.6.7-1+deb10u1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...)
@@ -25092,6 +25102,7 @@ CVE-2020-14357
REJECTED
CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
- linux 5.7.10-1 (bug #966846)
+ [buster] - linux 4.19.146-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
CVE-2020-14355
RESERVED
@@ -25115,14 +25126,14 @@ CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_
{DLA-2331-1}
- postgresql-12 12.4-1
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - postgresql-11 11.9-0+deb10u1
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/2060/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59
CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...)
- postgresql-12 12.4-1
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - postgresql-11 11.9-0+deb10u1
- postgresql-9.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.postgresql.org/about/news/2060/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
@@ -25147,7 +25158,7 @@ CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9.
CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...)
{DLA-2312-1}
- libx11 2:1.6.10-1
- [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
+ [buster] - libx11 2:1.6.7-1+deb10u1
NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
@@ -25208,6 +25219,7 @@ CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. T
NOTE: https://github.com/ansible/ansible/pull/71033
CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of the inv ...)
- linux 5.7.17-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2
NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set
CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...)
@@ -25261,6 +25273,7 @@ CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipp
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...)
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1
CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...)
@@ -25501,7 +25514,7 @@ CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
{DSA-4383-1 DLA-1617-1}
@@ -26088,7 +26101,7 @@ CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platf
NOT-FOR-US: Solarwinds
CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...)
- icinga2 2.11.5-1 (bug #970252)
- [buster] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 2.10.3-2+deb10u1
[stretch] - icinga2 <not-affected> (prepare-dirs script not shipped)
[jessie] - icinga2 <not-affected> (prepare-dirs script not shipped)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1
@@ -26557,7 +26570,7 @@ CVE-2020-13823
RESERVED
CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...)
- node-elliptic 6.5.3~dfsg-1 (bug #963149)
- [buster] - node-elliptic <no-dsa> (Minor issue)
+ [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1
NOTE: https://github.com/indutny/elliptic/issues/226
CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...)
NOT-FOR-US: HiveMQ Broker Control Center
@@ -28854,6 +28867,7 @@ CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection acr
NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...)
NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
@@ -29412,7 +29426,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
- wpa <unfixed>
[buster] - wpa <no-dsa> (Minor issue)
- gupnp 1.2.3-1
- [buster] - gupnp <no-dsa> (Minor issue)
+ [buster] - gupnp 1.0.5-0+deb10u1
NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -34737,7 +34751,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...)
{DLA-2353-1}
- bacula 9.6.5-1
- [buster] - bacula <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - bacula 9.4.2-2+deb10u1
- bareos <unfixed> (bug #968957)
[buster] - bareos <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - bareos <no-dsa> (minor issue, low priority)
@@ -35843,6 +35857,7 @@ CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible v
NOT-FOR-US: Ansible Tower
CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...)
- linux 5.7.10-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1
@@ -37176,7 +37191,7 @@ CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing
CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
{DLA-2357-1}
- ros-actionlib 1.13.1-4 (bug #968830)
- [buster] - ros-actionlib <no-dsa> (Minor issue)
+ [buster] - ros-actionlib 1.11.15-1+deb10u1
NOTE: https://github.com/ros/actionlib/pull/171
CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
NOT-FOR-US: ABB IRC5
@@ -37408,7 +37423,7 @@ CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
{DLA-2341-1 DLA-2176-1}
- inetutils 2:1.9.4-12 (bug #956084)
- [buster] - inetutils <no-dsa> (Minor issue)
+ [buster] - inetutils 2:1.9.4-7+deb10u1
- netkit-telnet 0.17-18woody2 (bug #953477)
- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
@@ -42081,7 +42096,7 @@ CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 b
NOT-FOR-US: Citrix
CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...)
- node-bl 4.0.3-1 (bug #969309)
- [buster] - node-bl <no-dsa> (Minor issue)
+ [buster] - node-bl 1.1.2-1+deb10u1
[stretch] - node-bl <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/966347
NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
@@ -42424,7 +42439,7 @@ CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and e
NOT-FOR-US: klona node module
CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...)
- node-url-parse 1.4.7-1
- [buster] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse 1.2.0-2+deb10u1
[stretch] - node-url-parse <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
NOTE: https://hackerone.com/reports/496293
@@ -43462,7 +43477,7 @@ CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Inject
CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...)
{DLA-2368-1}
- grunt 1.3.0-1 (bug #969668)
- [buster] - grunt <no-dsa> (Minor issue)
+ [buster] - grunt 1.0.1-8+deb10u1
NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546
CVE-2020-7728
@@ -49514,13 +49529,13 @@ CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
{DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953587)
- [buster] - dojo <no-dsa> (Minor issue)
+ [buster] - dojo 1.15.0+dfsg1-1+deb10u2
NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw
NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
{DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953585)
- [buster] - dojo <no-dsa> (Minor issue)
+ [buster] - dojo 1.15.0+dfsg1-1+deb10u2
NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...)
@@ -54422,6 +54437,7 @@ CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux 5.3.7-1
@@ -54429,6 +54445,7 @@ CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
- linux <unfixed>
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19812
RESERVED
@@ -59429,6 +59446,7 @@ CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...)
{DLA-2241-1 DLA-2114-1}
@@ -60772,6 +60790,7 @@ CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/g
NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d
@@ -60816,12 +60835,15 @@ CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee
NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/trace_ ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
@@ -60846,6 +60868,7 @@ CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drive
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...)
- linux 5.3.9-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
{DLA-2114-1 DLA-2068-1}
@@ -60871,6 +60894,7 @@ CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_u
[stretch] - linux 4.9.210-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
- linux 5.3.9-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
CVE-2019-19060 (A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...)
- linux 5.3.9-1 (unimportant)
@@ -60906,6 +60930,7 @@ CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_st
NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...)
- linux 5.5.13-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: Memory leak on probe only.
CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpm ...)
- linux 5.4.13-1
@@ -61579,6 +61604,7 @@ CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers
[jessie] - linux <not-affected> (Bug introduced later)
CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
- linux 5.5.13-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: Not a valid issue
CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...)
- linux 5.3.7-1
@@ -61653,7 +61679,7 @@ CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devi
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
{DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947381)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
@@ -64273,7 +64299,7 @@ CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34
CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
{DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947377)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
@@ -65319,7 +65345,7 @@ CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Win
NOT-FOR-US: VLC on Windows
CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...)
- haproxy 2.0.6-1
- [buster] - haproxy <no-dsa> (Minor issue)
+ [buster] - haproxy 1.8.19-1+deb10u3
[stretch] - haproxy <no-dsa> (Minor issue)
[jessie] - haproxy <no-dsa> (Minor issue)
NOTE: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
@@ -74607,7 +74633,7 @@ CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenti
- centreon-web <itp> (bug #913903)
CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
- asterisk 1:16.10.0~dfsg-1 (low; bug #940060)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
[jessie] - asterisk <not-affected> (The vulnerable code is not present)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html
@@ -75859,7 +75885,7 @@ CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a us
NOT-FOR-US: Storage Performance Development Kit
CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
- node-mysql 2.18.0-1 (bug #934712)
- [buster] - node-mysql <no-dsa> (Minor issue)
+ [buster] - node-mysql 2.16.0-1+deb10u1
[stretch] - node-mysql <end-of-life> (Nodejs in stretch not covered by security support)
[jessie] - node-mysql <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://github.com/mysqljs/mysql/issues/2257
@@ -77425,13 +77451,13 @@ CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/c
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
{DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
{DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/183
NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
@@ -77547,7 +77573,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a
CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...)
{DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/184
NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
@@ -84831,7 +84857,7 @@ CVE-2019-12403
REJECTED
CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...)
- libcommons-compress-java 1.18-3 (low; bug #939610)
- [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java 1.18-2+deb10u1
[stretch] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
@@ -108218,7 +108244,7 @@ CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 aut
NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...)
- linux 5.2.6-1
- [buster] - linux <ignored> (Minor issue)
+ [buster] - linux 4.19.146-1
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
@@ -120564,7 +120590,7 @@ CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...)
{DLA-2327-1 DLA-1954-1}
- lucene-solr 3.6.2+dfsg-22 (low)
- [buster] - lucene-solr <no-dsa> (Minor issue)
+ [buster] - lucene-solr 3.6.2+dfsg-20+deb10u2
NOTE: https://issues.apache.org/jira/browse/SOLR-13669
NOTE: upstream recommends everybody upgrade or rework their configuration
NOTE: consider backporting enable.dih.dataConfigParam instead:
@@ -120699,18 +120725,23 @@ CVE-2019-0150 (Insufficient access control in firmware Intel(R) Ethernet 700 Ser
NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0149 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0148 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0147 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0146 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0145 (Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0144 (Unhandled exception in firmware for Intel(R) Ethernet 700 Series Contr ...)
NOT-FOR-US: Intel firmware for Ethernet 700 Series
=====================================
data/next-point-update.txt
=====================================
@@ -1,144 +1,5 @@
-CVE-2019-18277
- [buster] - haproxy 1.8.19-1+deb10u3
-CVE-2020-5258
- [buster] - dojo 1.15.0+dfsg1-1+deb10u2
-CVE-2020-5259
- [buster] - dojo 1.15.0+dfsg1-1+deb10u2
CVE-2019-20446
[buster] - librsvg 2.44.10-2.1+deb10u1
-CVE-2020-12695
- [buster] - gupnp 1.0.5-0+deb10u1
-CVE-2020-14349
- [buster] - postgresql-11 11.9-0+deb10u1
-CVE-2020-14350
- [buster] - postgresql-11 11.9-0+deb10u1
-CVE-2020-10289
- [buster] - ros-actionlib 1.11.15-1+deb10u1
-CVE-2019-0193
- [buster] - lucene-solr 3.6.2+dfsg-20+deb10u2
-CVE-2020-15095
- [buster] - npm 5.8.0+ds6-4+deb10u2
-CVE-2019-15297
- [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
-CVE-2019-18610
- [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
-CVE-2019-18790
- [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
-CVE-2019-20839
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14397
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14399
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14400
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14401
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14402
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14403
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14404
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-14405
- [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
-CVE-2020-11061
- [buster] - bacula 9.4.2-2+deb10u1
-CVE-2020-8244
- [buster] - node-bl 1.1.2-1+deb10u1
-CVE-2020-14367
- [buster] - chrony 3.4-4+deb10u1
-CVE-2020-8124
- [buster] - node-url-parse 1.2.0-2+deb10u1
-CVE-2020-13822
- [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1
-CVE-2020-7729
- [buster] - grunt 1.0.1-8+deb10u1
-CVE-2020-14392
- [buster] - libdbi-perl 1.642-1+deb10u1
-CVE-2020-14393
- [buster] - libdbi-perl 1.642-1+deb10u1
-CVE-2019-20919
- [buster] - libdbi-perl 1.642-1+deb10u1
-CVE-2020-17489
- [buster] - gnome-shell 3.30.2-11~deb10u2
-CVE-2020-17507
- [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4
- [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1
-CVE-2019-14939
- [buster] - node-mysql 2.16.0-1+deb10u1
-CVE-2020-14004
- [buster] - icinga2 2.10.3-2+deb10u1
-CVE-2019-19072
- [buster] - linux 4.19.146-1
-CVE-2019-19073
- [buster] - linux 4.19.146-1
-CVE-2019-19074
- [buster] - linux 4.19.146-1
-CVE-2019-19082
- [buster] - linux 4.19.146-1
-CVE-2019-19448
- [buster] - linux 4.19.146-1
-CVE-2019-19813
- [buster] - linux 4.19.146-1
-CVE-2019-19816
- [buster] - linux 4.19.146-1
-CVE-2020-10781
- [buster] - linux 4.19.146-1
-CVE-2020-12888
- [buster] - linux 4.19.146-1
-CVE-2020-14314
- [buster] - linux 4.19.146-1
-CVE-2020-14331
- [buster] - linux 4.19.146-1
-CVE-2020-14356
- [buster] - linux 4.19.146-1
-CVE-2020-14385
- [buster] - linux 4.19.146-1
-CVE-2020-14390
- [buster] - linux 4.19.146-1
-CVE-2020-15780
- [buster] - linux 4.19.146-1
-CVE-2020-16166
- [buster] - linux 4.19.146-1
-CVE-2020-25212
- [buster] - linux 4.19.146-1
-CVE-2020-25284
- [buster] - linux 4.19.146-1
-CVE-2020-25285
- [buster] - linux 4.19.146-1
-CVE-2020-25641
- [buster] - linux 4.19.146-1
-CVE-2020-26088
- [buster] - linux 4.19.146-1
-CVE-2019-18808
- [buster] - linux 4.19.146-1
-CVE-2019-19054
- [buster] - linux 4.19.146-1
-CVE-2019-19061
- [buster] - linux 4.19.146-1
-CVE-2019-19067
- [buster] - linux 4.19.146-1
-CVE-2019-3874
- [buster] - linux 4.19.146-1
-CVE-2020-14344
- [buster] - libx11 2:1.6.7-1+deb10u1
-CVE-2020-14363
- [buster] - libx11 2:1.6.7-1+deb10u1
-CVE-2020-15569
- [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
-CVE-2019-14464
- [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
-CVE-2019-14496
- [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
-CVE-2019-14497
- [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
-CVE-2019-12402
- [buster] - libcommons-compress-java 1.18-2+deb10u1
-CVE-2020-14983
- [buster] - chocolate-doom 3.0.0-4+deb10u1
-CVE-2020-10188
- [buster] - inetutils 2:1.9.4-7+deb10u1
CVE-2020-10232
[buster] - sleuthkit 4.6.5-1+deb10u1
CVE-2019-10203
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/263f0749465e014a19944ed20f045349e81446dd...598d1d7edc2dd8706c17064fc47b98c9fd1463b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/263f0749465e014a19944ed20f045349e81446dd...598d1d7edc2dd8706c17064fc47b98c9fd1463b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200926/32975e29/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list