[Git][security-tracker-team/security-tracker][master] Merge updates acked and included in the Debian buster 10.8 point release
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 6 09:22:18 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bec48b4f by Salvatore Bonaccorso at 2021-02-06T10:21:51+01:00
Merge updates acked and included in the Debian buster 10.8 point release
For the first time with the help of 'merge-cve-files' as implemented by
Emilio Pozuelo Monfort.
next-point-update.txt: Cleanup list from merged entries
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12981,7 +12981,7 @@ CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...)
- cacti 1.2.16+ds1-2 (bug #979998)
- [buster] - cacti <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - cacti 1.2.2+ds1-2+deb10u4
[stretch] - cacti <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Cacti/cacti/issues/4022
NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/
@@ -14264,7 +14264,7 @@ CVE-2021-21006 (Adobe Photoshop version 22.1 (and earlier) is affected by a heap
CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause a deni ...)
{DLA-2502-1}
- postsrsd 1.10-1
- [buster] - postsrsd <no-dsa> (Minor issue)
+ [buster] - postsrsd 1.5-2+deb10u1
NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10)
CVE-2020-35570
RESERVED
@@ -16497,7 +16497,7 @@ CVE-2020-35492 [cairo: buffer overflow in image compositor]
RESERVED
{DLA-2518-1}
- cairo 1.16.0-5 (bug #978658)
- [buster] - cairo <no-dsa> (Minor issue)
+ [buster] - cairo 1.16.0-4+deb10u1
NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437
NOTE: Introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12)
NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be
@@ -22915,14 +22915,14 @@ CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnera
NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager
CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
- nvidia-graphics-drivers 460.32.03-1 (bug #979670)
- [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers 418.181.07-1
[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671)
[bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672)
- [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1
- nvidia-graphics-drivers-tesla-418 418.181.07-1 (bug #979673)
- nvidia-graphics-drivers-tesla-440 <unfixed> (bug #979674)
- nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
@@ -23153,7 +23153,7 @@ CVE-2020-28474
CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...)
{DLA-2531-1}
- python-bottle 0.12.19-1
- [buster] - python-bottle <no-dsa> (Minor issue)
+ [buster] - python-bottle 0.12.15-2+deb10u1
NOTE: https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108
NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b (0.12.19)
CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...)
@@ -25211,7 +25211,7 @@ CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.3
CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...)
{DLA-2445-1}
- libmaxminddb 1.4.3-1 (bug #973878)
- [buster] - libmaxminddb <no-dsa> (Minor issue)
+ [buster] - libmaxminddb 1.3.2-1+deb10u1
NOTE: https://github.com/maxmind/libmaxminddb/issues/236
NOTE: https://github.com/maxmind/libmaxminddb/pull/237
CVE-2020-28240
@@ -25692,7 +25692,7 @@ CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (fo
NOT-FOR-US: eramba
CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...)
- wireshark 3.2.8-0.1 (bug #974689)
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Minor issue, Can be fixed in next DLA by backporting patch together with earlier fix for invalid parameter)
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887
@@ -26393,7 +26393,7 @@ CVE-2020-27819 [NULL pointer dereference via crafted xls file]
NOTE: https://github.com/libxls/libxls/issues/84
CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...)
- pngcheck 2.3.0-13 (bug #976350)
- [buster] - pngcheck <no-dsa> (Minor issue)
+ [buster] - pngcheck 2.3.0-7+deb10u1
[stretch] - pngcheck <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
@@ -29730,7 +29730,7 @@ CVE-2020-26576
RESERVED
CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...)
- wireshark 3.2.8-0.1 (bug #974688)
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Minor issue, can be fixed in next DLA by backporting patch)
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887
@@ -30543,7 +30543,7 @@ CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons a
CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript. Highlight. ...)
{DLA-2511-1}
- highlight.js 9.18.1+dfsg1-3 (bug #976446)
- [buster] - highlight.js <no-dsa> (Minor issue)
+ [buster] - highlight.js 9.12.0+dfsg1-4+deb10u1
NOTE: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
NOTE: https://github.com/highlightjs/highlight.js/pull/2636
NOTE: https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
@@ -31388,13 +31388,13 @@ CVE-2020-25864
RESERVED
CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
- wireshark 3.2.7-1
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741
CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
- wireshark 3.2.7-1
- [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16816
@@ -31820,7 +31820,7 @@ CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL
- postgresql-13 13.1-1
- postgresql-12 <removed>
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue)
+ [buster] - postgresql-11 11.10-0+deb10u1
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
@@ -31828,7 +31828,7 @@ CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5
- postgresql-13 13.1-1
- postgresql-12 <removed>
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue)
+ [buster] - postgresql-11 11.10-0+deb10u1
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
@@ -31836,7 +31836,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5
- postgresql-13 13.1-1
- postgresql-12 <removed>
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue)
+ [buster] - postgresql-11 11.10-0+deb10u1
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...)
@@ -32183,7 +32183,7 @@ CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL respon
NOTE: https://github.com/antchfx/xmlquery/issues/39
CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...)
- libdbi-perl 1.643-3 (bug #972180)
- [buster] - libdbi-perl <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - libdbi-perl 1.642-1+deb10u2
[stretch] - libdbi-perl <postponed> (Revisit when fixed upstream)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...)
@@ -48866,7 +48866,7 @@ CVE-2020-17483
RESERVED
CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...)
- pdns 4.3.1-1 (bug #970737)
- [buster] - pdns <no-dsa> (Minor issue)
+ [buster] - pdns 4.1.6-3+deb10u1
[stretch] - pdns <no-dsa> (Minor issue)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
CVE-2020-17481
@@ -53689,7 +53689,7 @@ CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appli
NOT-FOR-US: Cohesive Networks vns3:vpn appliances
CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...)
- wireshark 3.2.5-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
@@ -59975,7 +59975,7 @@ CVE-2020-13165
RESERVED
CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...)
- wireshark 3.2.4-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
[jessie] - wireshark <postponed> (Can be fixed along with other CVEs)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476
@@ -64860,7 +64860,7 @@ CVE-2020-11648
RESERVED
CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...)
- wireshark 3.2.3-1 (low; bug #958213)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474
@@ -71105,7 +71105,7 @@ CVE-2020-9419
RESERVED
CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
- wireshark 3.2.2-1
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
[jessie] - wireshark <not-affected> (composite TVB handling added later)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html
@@ -71113,7 +71113,7 @@ CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850
CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
- wireshark 3.2.2-1
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html
@@ -71123,7 +71123,7 @@ CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790
CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
- wireshark 3.2.2-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html
@@ -72874,19 +72874,19 @@ CVE-2020-8699
CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
{DLA-2546-1}
- intel-microcode 3.20201110.1
- [buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - intel-microcode 3.20201118.1~deb10u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
RESERVED
CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...)
{DLA-2546-1}
- intel-microcode 3.20201110.1
- [buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - intel-microcode 3.20201118.1~deb10u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...)
{DLA-2546-1}
- intel-microcode 3.20201110.1
- [buster] - intel-microcode <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - intel-microcode 3.20201118.1~deb10u1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...)
{DLA-2494-1 DLA-2483-1}
@@ -73142,7 +73142,7 @@ CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snpr
- qemu 1:4.1-2
- qemu-kvm <removed>
- slirp 1:1.0.17-11
- [buster] - slirp <ignored> (Minor issue, too intrusive to backport)
+ [buster] - slirp 1:1.0.17-8+deb10u1
- slirp4netns 1.0.1-1
[buster] - slirp4netns <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
@@ -75301,7 +75301,7 @@ CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an
CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...)
{DLA-2503-1}
- node-ini 2.0.0-1 (bug #977718)
- [buster] - node-ini <no-dsa> (Minor issue)
+ [buster] - node-ini 1.3.5-1+deb10u1
NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974
NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...)
@@ -75332,7 +75332,7 @@ CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerabi
TODO: check
CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
- node-y18n 4.0.0-3 (bug #976390)
- [buster] - node-y18n <no-dsa> (Minor issue)
+ [buster] - node-y18n 3.2.1-2+deb10u1
[stretch] - node-y18n <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887
NOTE: https://github.com/yargs/y18n/issues/96
@@ -77053,7 +77053,7 @@ CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1
CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...)
- wireshark 3.2.0-1
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
[jessie] - wireshark <not-affected> (Doesn't support request-respone tracking in affected code passage, yet)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258
@@ -77096,7 +77096,7 @@ CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, m
- qemu 1:4.1-2
- qemu-kvm <removed>
- slirp 1:1.0.17-10 (bug #949085)
- [buster] - slirp <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - slirp 1:1.0.17-8+deb10u1
[stretch] - slirp <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
@@ -79697,7 +79697,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free
NOTE: Possible fix: http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370
CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
- atftp 0.7.git20120829-3.2 (bug #970066)
- [buster] - atftp <no-dsa> (Minor issue)
+ [buster] - atftp 0.7.git20120829-3.2~deb10u1
[stretch] - atftp <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/
@@ -90759,7 +90759,7 @@ CVE-2019-19554
RESERVED
CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...)
- wireshark 3.0.7-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
[jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961
@@ -103818,7 +103818,7 @@ CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2
NOT-FOR-US: Integard
CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...)
- wireshark 3.0.4-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html
@@ -109356,7 +109356,7 @@ CVE-2019-14585
CVE-2019-14584
RESERVED
- edk2 2020.11-1 (bug #977300)
- [buster] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 0~20181115.85588389-3+deb10u3
[stretch] - edk2 <ignored> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
@@ -112640,7 +112640,7 @@ CVE-2019-13620
RESERVED
CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ...)
- wireshark 2.6.10-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
+ [buster] - wireshark 2.6.20-0+deb10u1
[stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
[jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported)
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html
@@ -123152,7 +123152,7 @@ CVE-2019-10204
RESERVED
CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
- pdns 4.2.0-1 (low; bug #970729)
- [buster] - pdns <no-dsa> (Minor issue)
+ [buster] - pdns 4.1.6-3+deb10u1
[stretch] - pdns <no-dsa> (Minor issue)
[jessie] - pdns <no-dsa> (Minor issue)
NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update
=====================================
data/next-point-update.txt
=====================================
@@ -1,78 +1,3 @@
-CVE-2019-10203
- [buster] - pdns 4.1.6-3+deb10u1
-CVE-2020-17482
- [buster] - pdns 4.1.6-3+deb10u1
-CVE-2014-10402
- [buster] - libdbi-perl 1.642-1+deb10u2
-CVE-2019-13619
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2019-16319
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2019-19553
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-7045
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-9428
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-9430
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-9431
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-11647
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-13164
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-15466
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-25862
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-25863
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-26575
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-28030
- [buster] - wireshark 2.6.20-0+deb10u1
-CVE-2020-25694
- [buster] - postgresql-11 11.10-0+deb10u1
-CVE-2020-25695
- [buster] - postgresql-11 11.10-0+deb10u1
-CVE-2020-25696
- [buster] - postgresql-11 11.10-0+deb10u1
-CVE-2020-7774
- [buster] - node-y18n 3.2.1-2+deb10u1
-CVE-2020-27818
- [buster] - pngcheck 2.3.0-7+deb10u1
-CVE-2019-14584
- [buster] - edk2 0~20181115.85588389-3+deb10u3
-CVE-2020-7788
- [buster] - node-ini 1.3.5-1+deb10u1
-CVE-2020-35573
- [buster] - postsrsd 1.5-2+deb10u1
-CVE-2020-7039
- [buster] - slirp 1:1.0.17-8+deb10u1
-CVE-2020-8608
- [buster] - slirp 1:1.0.17-8+deb10u1
-CVE-2020-28241
- [buster] - libmaxminddb 1.3.2-1+deb10u1
-CVE-2021-1056
- [buster] - nvidia-graphics-drivers 418.181.07-1
- [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1
-CVE-2020-35701
- [buster] - cacti 1.2.2+ds1-2+deb10u4
-CVE-2020-26237
- [buster] - highlight.js 9.12.0+dfsg1-4+deb10u1
-CVE-2020-6097
- [buster] - atftp 0.7.git20120829-3.2~deb10u1
-CVE-2020-8695
- [buster] - intel-microcode 3.20201118.1~deb10u1
-CVE-2020-8696
- [buster] - intel-microcode 3.20201118.1~deb10u1
-CVE-2020-8698
- [buster] - intel-microcode 3.20201118.1~deb10u1
-CVE-2020-28473
- [buster] - python-bottle 0.12.15-2+deb10u1
-CVE-2020-35492
- [buster] - cairo 1.16.0-4+deb10u1
CVE-2019-20446
[buster] - librsvg 2.44.10-2.1+deb10u1
CVE-2019-14267
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bec48b4f77b38c5b3cf7950683f1b0c8d75276b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bec48b4f77b38c5b3cf7950683f1b0c8d75276b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210206/c8eacfe3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list