diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-23 19:48:32 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-23 19:48:32 +0200 |
commit | 0ad3c92ad003fc49bacbeef3fec836ef94cf7fe1 (patch) | |
tree | 23da1a358e3183b5753d243d34a337a64444217a /data | |
parent | d2d4e77d4a471c6342d9ea341ae3c173096487f4 (diff) |
buster triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 10 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 0acbadfd80..ff08283e2b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -14224,7 +14224,9 @@ CVE-2020-17508 RESERVED CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...) - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444) + [buster] - qtbase-opensource-src <no-dsa> (Minor issue) - qt4-x11 <removed> + [buster] - qt4-x11 <no-dsa> (Minor issue) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch) @@ -14246,6 +14248,7 @@ CVE-2020-17499 RESERVED CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) - wireshark 3.2.6-1 + [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b @@ -14497,6 +14500,7 @@ CVE-2020-17381 CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c] RESERVED - qemu <unfixed> + [buster] - qemu <postponed> (Minor issue, fix along in future DSA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167 CVE-2020-17379 RESERVED @@ -17201,6 +17205,7 @@ CVE-2020-16093 RESERVED CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...) - qemu <unfixed> + [buster] - qemu <postponed> (Minor issue, fix along in future DSA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 CVE-2020-16091 @@ -18146,10 +18151,13 @@ CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing tok NOT-FOR-US: Joomla! CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...) - nim 1.2.6-1 + [buster] - nim <no-dsa> (Minor issue) CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) - nim 1.2.6-1 + [buster] - nim <no-dsa> (Minor issue) CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) - nim 1.2.6-1 + [buster] - nim <no-dsa> (Minor issue) CVE-2020-15691 RESERVED CVE-2020-15690 @@ -18988,6 +18996,7 @@ CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authent NOT-FOR-US: Venki CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...) - node-ajv 6.12.4-1 + [buster] - node-ajv <no-dsa> (Minor issue) NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...) - libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1) @@ -41203,6 +41212,7 @@ CVE-2020-7068 RESERVED - php7.4 7.4.9-1 - php7.3 <removed> + [buster] - php7.3 <postponed> (Minor issue, fix along in future DSA) - php7.0 <removed> NOTE: Fixed in PHP 7.4.9, 7.3.21, 7.2.33 NOTE: PHP Bug: https://bugs.php.net/79797 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 2f9a3e5bc4..ee21ad4564 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -16,7 +16,7 @@ chromium -- curl (ghedo) -- -icingaweb2 +icingaweb2 (jmm) Maintainer prepared an update -- knot-resolver |