diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-27 13:15:47 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-27 13:15:47 +0200 |
commit | fc29243967706f55c33512049b7b5de98c478d5e (patch) | |
tree | 111c61203be1d302a8cf0a4b7872a586650dcb37 | |
parent | ecfab01a3abb63a00460dc13481fe945546ae44c (diff) |
new vlc issue (already fixed in stable/oldstable)
firefox n/a
NFUs
-rw-r--r-- | data/CVE/list | 14 | ||||
-rw-r--r-- | data/DSA/list | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/data/CVE/list b/data/CVE/list index 41687de143..7ebf38bebf 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15,7 +15,7 @@ CVE-2020-13617 CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...) NOT-FOR-US: pichi CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...) - TODO: check + NOT-FOR-US: Qore CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...) - axel 2.17.8-1 NOTE: https://github.com/axel-download-accelerator/axel/issues/262 @@ -780,6 +780,7 @@ CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS] [buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA) [stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html + NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2 CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) - centreon-web <itp> (bug #913903) CVE-2020-13251 @@ -12143,7 +12144,7 @@ CVE-2020-9048 CVE-2020-9047 RESERVED CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) - TODO: check + NOT-FOR-US: Kantech CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) NOT-FOR-US: Software House CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) @@ -15458,9 +15459,9 @@ CVE-2020-7649 CVE-2020-7648 RESERVED CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...) - TODO: check + NOT-FOR-US: jooby CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...) - TODO: check + NOT-FOR-US: Noed curlrequest CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...) NOT-FOR-US: Node chrome-launcher CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...) @@ -17354,7 +17355,7 @@ CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP ch NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...) - TODO: check + - firefox <not-affected> (Firefox on iOS) CVE-2020-6829 RESERVED CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...) @@ -27231,7 +27232,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432 CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...) - TODO: check + - vlc 3.0.10-1 + NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b CVE-2020-3109 RESERVED CVE-2020-3108 diff --git a/data/DSA/list b/data/DSA/list index e366c09082..72fdbf89d3 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -83,7 +83,7 @@ {CVE-2019-17559 CVE-2019-17565 CVE-2020-1944 CVE-2020-9481} [buster] - trafficserver 8.0.2+ds-1+deb10u2 [30 Apr 2020] DSA-4671-1 vlc - security update - {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080} + {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080 CVE-2019-19721} [stretch] - vlc 3.0.10-0+deb9u1 [buster] - vlc 3.0.10-0+deb10u1 [29 Apr 2020] DSA-4670-1 tiff - security update |