diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-04-23 22:34:19 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-04-23 22:34:19 +0200 |
| commit | f3345165a6f3433ded5a55416bcac3f2fb471d91 (patch) | |
| tree | cd7b5638e964f13142a8c0c3e55489bb9474100e /data | |
| parent | f7a698e47712b4ee9d77b0102bf62e3c60ae769d (diff) | |
Track CVE-2019-20788/libvncserver as different issue from CVE-2019-15690
There is a procedural issue here, as the CVE-2019-20788 is strongly
possible to be a duplicate of CVE-2019-15690. As CVE-2019-15690 was
tough assigned by the CVE-2019-15690 assigning CNA (Kaspersky) which did
not populate the entry, it cannot be said for sure that CVE-2019-15690
and CVE-2019-20788 do not exactly cover the same issue or a different
aspect of the issue.
Thee will be an update of the CVE entry adding ""NOTE: this may overlap
CVE-2019-15690" to CVE-2019-20788."
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 6 | ||||
| -rw-r--r-- | data/DLA/list | 2 | ||||
| -rw-r--r-- | data/next-oldstable-point-update.txt | 2 | ||||
| -rw-r--r-- | data/next-point-update.txt | 2 |
4 files changed, 9 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list index 184efd10db..4867b5180e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -67,8 +67,10 @@ CVE-2020-12081 CVE-2020-12080 RESERVED CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) - NOTE: Duplicate of CVE-2019-15690, contacted MITRE - TODO: wait for confirmation from MITRE + - libvncserver 0.9.12+dfsg-9 (bug #954163) + [buster] - libvncserver <no-dsa> (Minor issue) + [stretch] - libvncserver <no-dsa> (Minor issue) + NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed CVE-2020-XXXX [GNU Mailman 2.x stored XSS in attachments] - mailman <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 diff --git a/data/DLA/list b/data/DLA/list index 799bf269dc..af1a3e95ee 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -106,7 +106,7 @@ {CVE-2019-17546} [jessie] - gdal 1.10.1+dfsg-8+deb8u2 [18 Mar 2020] DLA-2146-1 libvncserver - security update - {CVE-2019-15690} + {CVE-2019-15690 CVE-2019-20788} [jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u7 [17 Mar 2020] DLA-2145-1 twisted - security update {CVE-2020-10108 CVE-2020-10109} diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt index f55e2aab07..e6d568b2b0 100644 --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -70,6 +70,8 @@ CVE-2017-11747 [stretch] - tinyproxy 1.8.4-3~deb9u2 CVE-2019-15690 [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 +CVE-2019-20788 + [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 CVE-2020-8518 [stretch] - php-horde-data 2.1.4-3+deb9u1 CVE-2020-8866 diff --git a/data/next-point-update.txt b/data/next-point-update.txt index fc584b6b61..af2603853f 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -69,6 +69,8 @@ CVE-2019-15522 [buster] - csync2 2.0-22-gce67c55-1+deb10u1 CVE-2019-15690 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 +CVE-2019-20788 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 CVE-2020-1712 [buster] - systemd 241-7~deb10u4 CVE-2020-8518 |