From f3345165a6f3433ded5a55416bcac3f2fb471d91 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 23 Apr 2020 22:34:19 +0200 Subject: Track CVE-2019-20788/libvncserver as different issue from CVE-2019-15690 There is a procedural issue here, as the CVE-2019-20788 is strongly possible to be a duplicate of CVE-2019-15690. As CVE-2019-15690 was tough assigned by the CVE-2019-15690 assigning CNA (Kaspersky) which did not populate the entry, it cannot be said for sure that CVE-2019-15690 and CVE-2019-20788 do not exactly cover the same issue or a different aspect of the issue. Thee will be an update of the CVE entry adding ""NOTE: this may overlap CVE-2019-15690" to CVE-2019-20788." --- data/CVE/list | 6 ++++-- data/DLA/list | 2 +- data/next-oldstable-point-update.txt | 2 ++ data/next-point-update.txt | 2 ++ 4 files changed, 9 insertions(+), 3 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 184efd10db..4867b5180e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -67,8 +67,10 @@ CVE-2020-12081 CVE-2020-12080 RESERVED CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) - NOTE: Duplicate of CVE-2019-15690, contacted MITRE - TODO: wait for confirmation from MITRE + - libvncserver 0.9.12+dfsg-9 (bug #954163) + [buster] - libvncserver (Minor issue) + [stretch] - libvncserver (Minor issue) + NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed CVE-2020-XXXX [GNU Mailman 2.x stored XSS in attachments] - mailman NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 diff --git a/data/DLA/list b/data/DLA/list index 799bf269dc..af1a3e95ee 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -106,7 +106,7 @@ {CVE-2019-17546} [jessie] - gdal 1.10.1+dfsg-8+deb8u2 [18 Mar 2020] DLA-2146-1 libvncserver - security update - {CVE-2019-15690} + {CVE-2019-15690 CVE-2019-20788} [jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u7 [17 Mar 2020] DLA-2145-1 twisted - security update {CVE-2020-10108 CVE-2020-10109} diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt index f55e2aab07..e6d568b2b0 100644 --- a/data/next-oldstable-point-update.txt +++ b/data/next-oldstable-point-update.txt @@ -70,6 +70,8 @@ CVE-2017-11747 [stretch] - tinyproxy 1.8.4-3~deb9u2 CVE-2019-15690 [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 +CVE-2019-20788 + [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 CVE-2020-8518 [stretch] - php-horde-data 2.1.4-3+deb9u1 CVE-2020-8866 diff --git a/data/next-point-update.txt b/data/next-point-update.txt index fc584b6b61..af2603853f 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -69,6 +69,8 @@ CVE-2019-15522 [buster] - csync2 2.0-22-gce67c55-1+deb10u1 CVE-2019-15690 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 +CVE-2019-20788 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 CVE-2020-1712 [buster] - systemd 241-7~deb10u4 CVE-2020-8518 -- cgit v1.2.3