diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-11 19:34:53 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-11 19:34:53 +0200 |
commit | 0560d2ac29b2140270508dca5aa2bab9ad0abb30 (patch) | |
tree | b4887a71158d4ec40c94903dcdd02342b3096c76 /data | |
parent | 683b6fb4f5a125822b0554d245ae979298595bb7 (diff) |
buster triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 10 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 10 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index b3e5ef3973..82a8db63ef 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -130,6 +130,7 @@ CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, a NOTE: https://www.spinics.net/lists/stable/msg405099.html CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...) - libproxy <unfixed> + [buster] - libproxy <no-dsa> (Minor issue) NOTE: https://github.com/libproxy/libproxy/issues/134 CVE-2020-25218 RESERVED @@ -167,6 +168,7 @@ CVE-2020-25203 RESERVED CVE-2019-XXXX [RUSTSEC-2019-0035: Unaligned memory access in versions below 0.4.2] - rust-rand-core 0.5.0-1 (bug #969911; low) + [buster] - rust-rand-core <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06 CVE-2019-XXXX [RUSTSEC-2019-0033: Integer Overflow in versions below 0.1.20 can cause DoS] @@ -671,6 +673,7 @@ CVE-2020-24973 RESERVED CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...) - kleopatra <unfixed> + [buster] - kleopatra <no-dsa> (Minor issue) NOTE: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b NOTE: https://security.gentoo.org/glsa/202008-21 CVE-2020-24971 @@ -23151,6 +23154,7 @@ CVE-2020-14363 [Double free in libX11 locale handling code] RESERVED {DLA-2361-1} - libx11 <unfixed> (bug #969008) + [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu) NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d CVE-2020-14362 @@ -23231,7 +23235,7 @@ CVE-2020-14345 CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...) {DLA-2312-1} - libx11 2:1.6.10-1 - [buster] - libx11 <no-dsa> (Minor issue) + [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 @@ -56789,7 +56793,7 @@ CVE-2020-1970 CVE-2020-1969 RESERVED CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can ...) - - openssl 1.1.1g-1 + - openssl 1.1.1~~pre9-1 - openssl1.0 <removed> NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed version in sid NOTE: https://www.openssl.org/news/secadv/20200909.txt @@ -80139,6 +80143,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...) - rainloop 1.14.0-1 + [buster] - rainloop <no-dsa> (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693 CVE-2019-13388 RESERVED @@ -106912,6 +106917,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1 NOT-FOR-US: SuSE CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...) - osc <unfixed> (bug #969999) + [buster] - osc <no-dsa> (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675 NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0) CVE-2019-3680 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 1b0141674a..ef79dffd87 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -16,6 +16,8 @@ chromium -- curl (ghedo) -- +inspircd +-- knot-resolver Santiago Ruano Rincón proposed a debdiff for review -- |