[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jan 31 08:10:21 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ffc9a9b by security tracker role at 2021-01-31T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11278,6 +11278,7 @@ CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF for password changes via
 CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo ...)
 	NOT-FOR-US: MK-AUTH
 CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds  ...)
+	{DLA-2537-1}
 	- ffmpeg 7:4.3.1-6 (bug #979999)
 	[buster] - ffmpeg <postponed> (Wait for 4.1.7)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
@@ -55369,12 +55370,14 @@ CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snap
 CVE-2020-14411
 	RESERVED
 CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer  ...)
+	{DLA-2536-1}
 	- libsdl1.2 <undetermined>
 	- libsdl2 2.0.14+dfsg2-2
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
 	NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
 	TODO: check libsdl1.2
 CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow  ...)
+	{DLA-2536-1}
 	- libsdl1.2 <undetermined>
 	- libsdl2 2.0.14+dfsg2-2
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
@@ -99225,7 +99228,7 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
-	{DSA-4722-1}
+	{DSA-4722-1 DLA-2537-1}
 	- ffmpeg 7:4.2.1-1 (low)
 	- libav <removed> (low)
 	[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
@@ -111508,6 +111511,7 @@ CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a he
 CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
 	NOT-FOR-US: njs
 CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
+	{DLA-2536-1}
 	- libsdl2 2.0.10+dfsg1-1
 	[buster] - libsdl2 <no-dsa> (Minor issue)
 	[jessie] - libsdl2 <postponed> (can be fixed along with more important patches)
@@ -130007,7 +130011,7 @@ CVE-2019-7640
 CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...)
 	NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch)
 CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
-	{DLA-1714-1 DLA-1713-1}
+	{DLA-2536-1 DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130031,7 +130035,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2)
 	NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637.
 CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
-	{DLA-1714-1 DLA-1713-1}
+	{DLA-2536-1 DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130041,7 +130045,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
 CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
-	{DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
+	{DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130184,7 +130188,7 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary
 CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
 	NOT-FOR-US: Linksys
 CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
-	{DLA-1714-1 DLA-1713-1}
+	{DLA-2536-1 DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130194,7 +130198,7 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
 	NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
 CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
-	{DLA-1714-1 DLA-1713-1}
+	{DLA-2536-1 DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130217,7 +130221,7 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
 	NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
 CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
-	{DLA-1714-1 DLA-1713-1}
+	{DLA-2536-1 DLA-1714-1 DLA-1713-1}
 	- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
 	[buster] - libsdl1.2 <no-dsa> (Minor issue)
 	[stretch] - libsdl1.2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffc9a9ba30663de970ea3177a9431e460d511a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffc9a9ba30663de970ea3177a9431e460d511a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210131/d556629b/attachment.html>
