[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Sep 27 09:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b79b926d by security tracker role at 2020-09-27T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-26118
+ RESERVED
+CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...)
+ TODO: check
+CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...)
+ TODO: check
CVE-2020-26115 (cPanel before 90.0.10 allows self XSS via the Cron Editor interface (S ...)
NOT-FOR-US: cPanel
CVE-2020-26114 (cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC ...)
@@ -108,6 +114,7 @@ CVE-2020-26063
CVE-2020-26062
RESERVED
CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...)
+ {DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
@@ -1028,6 +1035,7 @@ CVE-2020-25642
RESERVED
CVE-2020-25641
RESERVED
+ {DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
@@ -1779,10 +1787,12 @@ CVE-2020-25288
CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
NOT-FOR-US: Pligg CMS
CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
+ {DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...)
+ {DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
@@ -1973,6 +1983,7 @@ CVE-2020-25214
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
+ {DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
@@ -20413,6 +20424,7 @@ CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Andr
CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...)
NOT-FOR-US: Temi Launcher OS
CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...)
+ {DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
@@ -21348,6 +21360,7 @@ CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SI
CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
NOT-FOR-US: Node socket.io-file
CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
+ {DLA-2385-1}
- linux 5.7.10-1
[buster] - linux 4.19.146-1
[stretch] - linux <ignored> (securelevel included but not supported)
@@ -24983,6 +24996,7 @@ CVE-2020-14391
- gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...)
+ {DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
@@ -25001,10 +25015,12 @@ CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549
CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...)
+ {DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...)
+ {DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -25109,6 +25125,7 @@ CVE-2020-14358
CVE-2020-14357
REJECTED
CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
+ {DLA-2385-1}
- linux 5.7.10-1 (bug #966846)
[buster] - linux 4.19.146-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
@@ -25226,6 +25243,7 @@ CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. T
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of the inv ...)
+ {DLA-2385-1}
- linux 5.7.17-1 (unimportant)
[buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2
@@ -25280,6 +25298,7 @@ CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipp
NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...)
+ {DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
@@ -28874,6 +28893,7 @@ CVE-2020-12890
CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
+ {DLA-2385-1}
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
@@ -35864,6 +35884,7 @@ CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privile
CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...)
NOT-FOR-US: Ansible Tower
CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...)
+ {DLA-2385-1}
- linux 5.7.10-1
[buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -54445,6 +54466,7 @@ CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
+ {DLA-2385-1}
- linux 5.2.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
@@ -54453,6 +54475,7 @@ CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
+ {DLA-2385-1}
- linux 5.2.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
@@ -59454,6 +59477,7 @@ CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
- linux <unfixed>
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
+ {DLA-2385-1}
- linux 5.7.17-1
[buster] - linux 4.19.146-1
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
@@ -60798,6 +60822,7 @@ CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/g
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...)
+ {DLA-2385-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -60843,14 +60868,17 @@ CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee
[buster] - linux 4.19.87-1
NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...)
+ {DLA-2385-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux ...)
+ {DLA-2385-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/trace_ ...)
+ {DLA-2385-1}
- linux 5.4.6-1
[buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -60876,6 +60904,7 @@ CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drive
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...)
+ {DLA-2385-1}
- linux 5.3.9-1 (unimportant)
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
@@ -60902,6 +60931,7 @@ CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_u
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
+ {DLA-2385-1}
- linux 5.3.9-1 (unimportant)
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
@@ -60938,6 +60968,7 @@ CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_st
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...)
+ {DLA-2385-1}
- linux 5.5.13-1 (unimportant)
[buster] - linux 4.19.146-1
NOTE: Memory leak on probe only.
@@ -61612,6 +61643,7 @@ CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Bug introduced later)
CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
+ {DLA-2385-1}
- linux 5.5.13-1 (unimportant)
[buster] - linux 4.19.146-1
NOTE: Not a valid issue
@@ -108252,6 +108284,7 @@ CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of t
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 authenti ...)
NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...)
+ {DLA-2385-1}
- linux 5.2.6-1
[buster] - linux 4.19.146-1
[stretch] - linux <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b79b926d848ded6e6d3a8ef8f7aceb9911f78367
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b79b926d848ded6e6d3a8ef8f7aceb9911f78367
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200927/b3094d86/attachment.html>
More information about the debian-security-tracker-commits
mailing list