From fc29243967706f55c33512049b7b5de98c478d5e Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 27 May 2020 13:15:47 +0200 Subject: new vlc issue (already fixed in stable/oldstable) firefox n/a NFUs --- data/CVE/list | 14 ++++++++------ data/DSA/list | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 41687de143..7ebf38bebf 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15,7 +15,7 @@ CVE-2020-13617 CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...) NOT-FOR-US: pichi CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...) - TODO: check + NOT-FOR-US: Qore CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...) - axel 2.17.8-1 NOTE: https://github.com/axel-download-accelerator/axel/issues/262 @@ -780,6 +780,7 @@ CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS] [buster] - qemu (Minor issue, can be fixed along in next DSA) [stretch] - qemu (Minor issue, can be fixed along in next DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html + NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2 CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-13251 @@ -12143,7 +12144,7 @@ CVE-2020-9048 CVE-2020-9047 RESERVED CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) - TODO: check + NOT-FOR-US: Kantech CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) NOT-FOR-US: Software House CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) @@ -15458,9 +15459,9 @@ CVE-2020-7649 CVE-2020-7648 RESERVED CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...) - TODO: check + NOT-FOR-US: jooby CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...) - TODO: check + NOT-FOR-US: Noed curlrequest CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...) NOT-FOR-US: Node chrome-launcher CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...) @@ -17354,7 +17355,7 @@ CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP ch NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...) - TODO: check + - firefox (Firefox on iOS) CVE-2020-6829 RESERVED CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...) @@ -27231,7 +27232,8 @@ CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notifica NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432 CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...) - TODO: check + - vlc 3.0.10-1 + NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b CVE-2020-3109 RESERVED CVE-2020-3108 diff --git a/data/DSA/list b/data/DSA/list index e366c09082..72fdbf89d3 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -83,7 +83,7 @@ {CVE-2019-17559 CVE-2019-17565 CVE-2020-1944 CVE-2020-9481} [buster] - trafficserver 8.0.2+ds-1+deb10u2 [30 Apr 2020] DSA-4671-1 vlc - security update - {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080} + {CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080 CVE-2019-19721} [stretch] - vlc 3.0.10-0+deb9u1 [buster] - vlc 3.0.10-0+deb10u1 [29 Apr 2020] DSA-4670-1 tiff - security update -- cgit v1.2.3