diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-11 13:00:53 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-05-11 13:00:53 +0200 |
commit | ce08d76dcfc5adf5b0b2f6dd6462cc2852aec695 (patch) | |
tree | 95328071ac0ebd46e44a1c84ebf27ef2b3541576 /data | |
parent | 8edf543e9e24e77321054dd4a6249d45c3b98883 (diff) |
one systemd issue unimportant
add tracking for fex issue
mark edk2 issues as ignored for stretch
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 29 | ||||
-rw-r--r-- | data/next-oldstable-point-update.txt | 2 |
2 files changed, 18 insertions, 13 deletions
diff --git a/data/CVE/list b/data/CVE/list index 19545a6628..5869cd4ad3 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -13,6 +13,10 @@ CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_n [jessie] - iproute2 <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0) NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0) +CVE-2020-XXXX [unspecified fexsrv security issue] + - fex 20160919-2 + [buster] - fex 20160919-2~deb10u1 + [stretch] - fex <no-dsa> (Non-free not supported) CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...) - linux <unfixed> NOTE: https://lkml.org/lkml/2020/4/26/87 @@ -14330,11 +14334,10 @@ CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow atta CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress CVE-2019-20386 (An issue was discovered in button_open in login/logind-button.c in sys ...) - - systemd 243-5 - [buster] - systemd <no-dsa> (Minor issue) - [stretch] - systemd <no-dsa> (Minor issue) - [jessie] - systemd <no-dsa> (Minor issue) + - systemd 243-5 (unimportant) NOTE: https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad + NOTE: Negligible security impact, requires root or physical access to plug in a device, + NOTE: at which point you can just as well DoS the computer with a hammer instead CVE-2019-20385 (The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo A ...) NOT-FOR-US: Logaritmo Aware CallManager 2012 devices CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Trojan hor ...) @@ -46416,13 +46419,13 @@ CVE-2019-14587 RESERVED - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) CVE-2019-14586 RESERVED - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) CVE-2019-14585 RESERVED @@ -46448,7 +46451,7 @@ CVE-2019-14575 [DxeImageVerificationHandler() fails open in case of dbx signatur RESERVED - edk2 0~20200229.4c0f6e34-1 (low; bug #952935) [buster] - edk2 0~20181115.85588389-3+deb10u1 - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...) @@ -46477,7 +46480,7 @@ CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib] RESERVED - edk2 0~20200229.4c0f6e34-1 (low; bug #952934) [buster] - edk2 0~20181115.85588389-3+deb10u1 - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001 @@ -46491,7 +46494,7 @@ CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc] RESERVED - edk2 0~20200229.4c0f6e34-1 (bug #952926; low) [buster] - edk2 0~20181115.85588389-3+deb10u1 - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031 @@ -46499,7 +46502,7 @@ CVE-2019-14558 RESERVED - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) CVE-2019-14557 RESERVED @@ -89779,13 +89782,13 @@ CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors NOT-FOR-US: F5 CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...) - edk2 0~20180803.dd4cae4d-1 (low) - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359 NOTE: https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...) - edk2 0~20181115.85588389-1 (low) - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370 NOTE: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219 @@ -108684,7 +108687,7 @@ CVE-2018-12184 CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...) - edk2 0~20181115.85588389-1 [buster] - edk2 <no-dsa> (Minor issue) - [stretch] - edk2 <no-dsa> (Minor issue) + [stretch] - edk2 <ignored> (Minor issue) [jessie] - edk2 <end-of-life> (non-free) NOTE: https://github.com/tianocore/edk2/commit/0a0d5296e448fc350de1594c49b9c0deff7fad60 CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may allow an ...) diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt index 22e163545e..ae29dcc097 100644 --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -82,3 +82,5 @@ CVE-2020-3898 [stretch] - cups 2.2.1-8+deb9u6 CVE-2019-8842 [stretch] - cups 2.2.1-8+deb9u6 +CVE-2020-XXXX + [stretch] - fex 20160919-2~deb9u1 |