[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Feb 7 08:10:21 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
563224f9 by security tracker role at 2021-02-07T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15910,18 +15910,21 @@ CVE-2021-20218
NOT-FOR-US: fabric8io / kubernetes-client
CVE-2021-20217
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.31-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31)
CVE-2021-20216
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.31-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
CVE-2021-20215
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
@@ -15936,30 +15939,35 @@ CVE-2021-20214
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a
CVE-2021-20213
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=7530132349
CVE-2021-20212
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8fe
CVE-2021-20211
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf32
CVE-2021-20210
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a
CVE-2021-20209
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
@@ -16460,6 +16468,7 @@ CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus ad
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
CVE-2020-35502
RESERVED
+ {DLA-2548-1}
- privoxy 3.0.29-1
[buster] - privoxy <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
@@ -25702,6 +25711,7 @@ CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp
CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...)
NOT-FOR-US: eramba
CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...)
+ {DLA-2547-1}
- wireshark 3.2.8-0.1 (bug #974689)
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b
@@ -29739,6 +29749,7 @@ CVE-2020-26577
CVE-2020-26576
RESERVED
CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...)
+ {DLA-2547-1}
- wireshark 3.2.8-0.1 (bug #974688)
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
@@ -30117,6 +30128,7 @@ CVE-2020-26422 (Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 al
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17073
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-20.html
CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissectors in W ...)
+ {DLA-2547-1}
- wireshark 3.4.1-1
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1
@@ -30137,6 +30149,7 @@ CVE-2020-26419 (Memory leak in the dissection engine in Wireshark 3.4.0 allows d
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17032
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-19.html
CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 t ...)
+ {DLA-2547-1}
- wireshark 3.4.1-1
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://gitlab.com/wireshark/wireshark/-/commit/f4374967bbf9c12746b8ec3cd54dddada9dd353e
@@ -31394,11 +31407,13 @@ CVE-2020-25865
CVE-2020-25864
RESERVED
CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
+ {DLA-2547-1}
- wireshark 3.2.7-1
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741
CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
+ {DLA-2547-1}
- wireshark 3.2.7-1
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html
@@ -53697,6 +53712,7 @@ CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the car
CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...)
NOT-FOR-US: Cohesive Networks vns3:vpn appliances
CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...)
+ {DLA-2547-1}
- wireshark 3.2.5-1 (low)
[buster] - wireshark 2.6.20-0+deb10u1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
@@ -59982,6 +59998,7 @@ CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers
CVE-2020-13165
RESERVED
CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...)
+ {DLA-2547-1}
- wireshark 3.2.4-1 (low)
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <postponed> (Can be fixed along with other CVEs)
@@ -64866,6 +64883,7 @@ CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2.
CVE-2020-11648
RESERVED
CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...)
+ {DLA-2547-1}
- wireshark 3.2.3-1 (low; bug #958213)
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
@@ -71110,6 +71128,7 @@ CVE-2020-9420
CVE-2020-9419
RESERVED
CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
+ {DLA-2547-1}
- wireshark 3.2.2-1
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (composite TVB handling added later)
@@ -71117,6 +71136,7 @@ CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850
CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
+ {DLA-2547-1}
- wireshark 3.2.2-1
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
@@ -71126,6 +71146,7 @@ CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790
CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
+ {DLA-2547-1}
- wireshark 3.2.2-1 (low)
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
@@ -77055,6 +77076,7 @@ CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1
CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...)
+ {DLA-2547-1}
- wireshark 3.2.0-1
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Doesn't support request-respone tracking in affected code passage, yet)
@@ -90760,6 +90782,7 @@ CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-bas
CVE-2019-19554
RESERVED
CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...)
+ {DLA-2547-1}
- wireshark 3.0.7-1 (low)
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA)
@@ -103818,6 +103841,7 @@ CVE-2016-10956 (The mail-masta plugin 1.0 for WordPress has local file inclusion
CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
NOT-FOR-US: Integard
CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...)
+ {DLA-2547-1}
- wireshark 3.0.4-1 (low)
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
@@ -112639,6 +112663,7 @@ CVE-2019-13621
CVE-2019-13620
RESERVED
CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ...)
+ {DLA-2547-1}
- wireshark 2.6.10-1 (low)
[buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported)
@@ -117324,7 +117349,7 @@ CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 an
CVE-2019-12296
RESERVED
CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...)
- {DLA-2423-1}
+ {DLA-2547-1 DLA-2423-1}
- wireshark 2.6.8-1.1 (low; bug #929446)
[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563224f9d60bf5f266c1e741668859869f1ceda7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/563224f9d60bf5f266c1e741668859869f1ceda7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210207/d7ef2e47/attachment.html>
More information about the debian-security-tracker-commits
mailing list