diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-14 20:01:35 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-14 20:02:11 +0200 |
commit | bd4d8ac1a24333399042c48f94efd4fa038f05fc (patch) | |
tree | cfc49dfdaf7b5ece35043628f1d194329a98a2bd | |
parent | 28a00551fdb2ca4d2ce2410a6d519fe9eacd1a8b (diff) |
buster triage
also track python-os-brick
-rw-r--r-- | data/CVE/list | 9 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 10 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index bfa23ce8c5..bf324573a9 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2112,6 +2112,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex - golang-1.15 <unfixed> (bug #969661) - golang-1.14 <unfixed> (bug #969662) - golang-1.11 <removed> + [buster] - golang-1.11 <no-dsa> (Minor issue) - golang-1.8 <removed> - golang-1.7 <removed> NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs @@ -16344,6 +16345,7 @@ CVE-2020-17481 RESERVED CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...) - tinymce <unfixed> + [buster] - tinymce <no-dsa> (Minor issue) NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...) NOT-FOR-US: jpv @@ -28260,6 +28262,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c direct NOT-FOR-US: Gurbalib CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) - tinymce <unfixed> + [buster] - tinymce <no-dsa> (Minor issue) NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) NOT-FOR-US: Unisys ALGOL Compiler @@ -28821,6 +28824,7 @@ CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode a CVE-2020-12413 [racoon attack for NSS] RESERVED - nss <unfixed> + [buster] - nss <no-dsa> (Minor issue) NOTE: https://raccoon-attack.com/ CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...) - firefox 70.0-1 @@ -34622,9 +34626,10 @@ CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder v [buster] - cinder <no-dsa> (Minor issue) [stretch] - cinder <no-dsa> (Minor issue) [jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS) + - python-os-brick 3.1.0-1 (low) + [buster] - python-os-brick <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/cinder/+bug/1823200 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086 - TODO: check, affects as well python-os-brick or needs a respective update? CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...) - network-manager <unfixed> (unimportant) NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 @@ -46302,6 +46307,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...) - atftp <unfixed> (bug #970066) + [buster] - atftp <no-dsa> (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - glibc 2.31-2 (low; bug #961452) @@ -91202,6 +91208,7 @@ CVE-2019-1010092 RESERVED CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...) - tinymce <unfixed> (bug #970256) + [buster] - tinymce <no-dsa> (Minor issue) [jessie] - tinymce <ignored> (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie) NOTE: https://github.com/tinymce/tinymce/issues/4394 CVE-2019-1010090 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 59d68db80b..b7eb64ae97 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -25,6 +25,8 @@ knot-resolver linux (carnil) Wait until more issues have piled up -- +python-flask-cors +-- rails (jmm) Sylvain Beucler proposed to help for the update, remaining CVEs to be done -- |