automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-06-09 20:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-06-09 20:10:20 +0000
commit: 04df7692f62ef48231613b4730aed4e8cac58307 (patch)
tree: b547b316788ed2e87b634601d95e6c008843993a
parent: 986f14478a38ec3e6fa5c6dc8795f65f6d890e14 (diff)
4 files changed, 192 insertions, 147 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 7628c29e11..fbe24e78a7 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1850,6 +1850,7 @@ CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as us
 	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
 	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b
 CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the  ...)
+	{DLA-2241-1}
 	- linux 4.5.1-1
 	[wheezy] - linux <ignored> (Too much work to backport)
 	NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 8a7ac6e942..01d908b9f0 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -17615,26 +17615,26 @@ CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. The
 	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
 CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
-	{DLA-1715-1}
+	{DLA-2241-1 DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
 	NOTE: https://patchwork.kernel.org/patch/10503147/
 CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
-	{DLA-1715-1}
+	{DLA-2241-1 DLA-1715-1}
 	- linux 4.18.8-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847
 	NOTE: https://patchwork.kernel.org/patch/10503403/
 	NOTE: https://patchwork.kernel.org/patch/10503413/
 CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
-	{DLA-1715-1}
+	{DLA-2241-1 DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
 	NOTE: https://patchwork.kernel.org/patch/10503099/
 CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
-	{DLA-1715-1}
+	{DLA-2241-1 DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 0591ab44e3..09c55b91b8 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -54,6 +54,7 @@ CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The pr
 	[stretch] - linux 4.9.210-1
 	NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe
 CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...)
+	{DSA-4698-1 DLA-2242-1}
 	- linux 4.19.37-1
 	[jessie] - linux 3.16.72-1
 	NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
@@ -76,6 +77,7 @@ CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted
 	[jessie] - vim <no-dsa> (Minor issue)
 	NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075
 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
+	{DSA-4698-1 DLA-2242-1}
 	- linux 5.2.6-1
 	[buster] - linux 4.19.118-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -453,6 +455,7 @@ CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x
 	NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0)
 	NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0)
 CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...)
+	{DLA-2241-1}
 	- linux 5.4.13-1
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
@@ -2752,6 +2755,7 @@ CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705
 	NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
 CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
@@ -3598,6 +3602,7 @@ CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.2
 CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...)
 	NOT-FOR-US:  Anhui Huami Mi Fit application for Android
 CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows  ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...)
@@ -3635,7 +3640,7 @@ CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs
 	- linux <unfixed>
 	NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
 CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image,  ...)
-	{DLA-2114-1}
+	{DLA-2241-1 DLA-2114-1}
 	- linux 5.4.6-1
 	[buster] - linux 4.19.98-1
 	[stretch] - linux 4.9.210-1
@@ -3924,6 +3929,7 @@ CVE-2019-19321
 CVE-2019-19320
 	RESERVED
 CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.2.6-1
 	[buster] - linux 4.19.87-1
 CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
@@ -41638,6 +41644,7 @@ CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authentica
 CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated  ...)
 	NOT-FOR-US: Forma LMS
 CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.3.7-1
 	[buster] - linux 4.19.98-1
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
@@ -46294,6 +46301,7 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
 	- virtualbox 6.0.14-dfsg-1
 	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
 CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...)
+	{DSA-4699-1}
 	- linux 5.4.19-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -48259,6 +48267,7 @@ CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a
 CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...)
 	NOT-FOR-US: Android
 CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...)
+	{DSA-4698-1 DLA-2242-1}
 	- linux 4.16.5-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 1d0890f631..98c8453619 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,15 @@
+CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...)
+	TODO: check
+CVE-2020-13979
+	RESERVED
+CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...)
+	TODO: check
+CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...)
+	TODO: check
+CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...)
+	TODO: check
+CVE-2020-13975
+	RESERVED
 CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
@@ -1550,8 +1562,8 @@ CVE-2020-13268
 	RESERVED
 CVE-2020-13267
 	RESERVED
-CVE-2020-13266
-	RESERVED
+CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
+	TODO: check
 CVE-2020-13265
 	RESERVED
 CVE-2020-13264
@@ -1785,8 +1797,8 @@ CVE-2020-13162
 	RESERVED
 CVE-2020-13161
 	RESERVED
-CVE-2020-13160
-	RESERVED
+CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
+	TODO: check
 CVE-2020-13159
 	RESERVED
 CVE-2020-13158
@@ -1845,6 +1857,7 @@ CVE-2020-13132
 CVE-2020-13131
 	RESERVED
 CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
 CVE-2020-13130
@@ -2525,6 +2538,7 @@ CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218.
 CVE-2020-12827
 	RESERVED
 CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
+	{DLA-2241-1}
 	- linux 5.6.7-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da
@@ -2672,13 +2686,16 @@ CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btre
 	- linux <unfixed>
 	NOTE: https://lkml.org/lkml/2020/4/26/87
 CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3)
 CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...)
+	{DLA-2241-1}
 	- linux 5.4.19-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6)
 CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...)
+	{DSA-4699-1}
 	- linux 5.6.7-1 (unimportant)
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -2988,14 +3005,17 @@ CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_a
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
 CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1)
 CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1)
 CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the  ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.4.19-1
 	[buster] - linux 4.19.98-1
 	NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
@@ -3395,6 +3415,7 @@ CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6)
 CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3)
 CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...)
@@ -3518,7 +3539,7 @@ CVE-2020-12411
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
 CVE-2020-12410
 	RESERVED
-	{DSA-4695-1}
+	{DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- thunderbird 1:68.9.0-1
@@ -3539,7 +3560,7 @@ CVE-2020-12407
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
 CVE-2020-12406
 	RESERVED
-	{DSA-4695-1}
+	{DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- thunderbird 1:68.9.0-1
@@ -3548,7 +3569,7 @@ CVE-2020-12406
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
 CVE-2020-12405
 	RESERVED
-	{DSA-4695-1}
+	{DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- thunderbird 1:68.9.0-1
@@ -3567,7 +3588,7 @@ CVE-2020-12400
 	RESERVED
 CVE-2020-12399 [Force a fixed length for DSA exponentiation]
 	RESERVED
-	{DSA-4695-1}
+	{DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- nss 2:3.53-1 (bug #961752)
@@ -4219,6 +4240,7 @@ CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Relea
 CVE-2020-12115
 	RESERVED
 CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.3.7-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2
 CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...)
@@ -5304,6 +5326,7 @@ CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the po
 	NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1
 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.17-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
@@ -5473,10 +5496,12 @@ CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The bui
 CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...)
 	NOT-FOR-US: xdLocalStorage
 CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.17-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205
 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.17-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30
@@ -5565,7 +5590,7 @@ CVE-2020-11567
 CVE-2020-11566
 	RESERVED
 CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...)
-	{DSA-4667-1}
+	{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.17-1
 	NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
 CVE-2020-11564
@@ -5744,6 +5769,7 @@ CVE-2020-11496
 CVE-2020-11495
 	REJECTED
 CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the  ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.17-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
@@ -7156,7 +7182,7 @@ CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cr
 CVE-2020-10943
 	RESERVED
 CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
-	{DSA-4667-1}
+	{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
 CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
@@ -7574,8 +7600,7 @@ CVE-2020-10763
 	RESERVED
 CVE-2020-10762
 	RESERVED
-CVE-2020-10761 [nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client]
-	RESERVED
+CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD)  ...)
 	- qemu <unfixed>
 	[buster] - qemu <not-affected> (Vulnerable code introduced later)
 	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -7596,8 +7621,8 @@ CVE-2020-10759 [Possible bypass in signature verification]
 	NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
 CVE-2020-10758
 	RESERVED
-CVE-2020-10757
-	RESERVED
+CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the  ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
 CVE-2020-10756 [lirp: networking out-of-bounds read information disclosure vulnerability]
@@ -7629,6 +7654,7 @@ CVE-2020-10753
 CVE-2020-10752
 	RESERVED
 CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation  ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.6.14-1
 	NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
 CVE-2020-10750
@@ -7690,6 +7716,7 @@ CVE-2020-10733
 	NOTE: https://www.postgresql.org/about/news/2038/
 CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps]
 	RESERVED
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
 	- linux <unfixed>
 	[jessie] - linux <ignored> (Does not affect supported architectures)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1
@@ -7766,6 +7793,7 @@ CVE-2020-10713
 CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)
 	NOT-FOR-US: image registry operator in OpenShift Container Platform
 CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...)
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1}
 	- linux 5.6.14-1
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
@@ -7858,6 +7886,7 @@ CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versio
 	NOTE: https://github.com/ansible/ansible/pull/68596
 	NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9)
 CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race  ...)
+	{DLA-2241-1}
 	- linux 5.4.8-1
 	[buster] - linux 4.19.98-1
 	NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e
@@ -9636,151 +9665,150 @@ CVE-2020-9860
 	RESERVED
 CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...)
 	TODO: check
-CVE-2020-9858
-	RESERVED
+CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...)
+	TODO: check
 CVE-2020-9857
 	RESERVED
-CVE-2020-9856
-	RESERVED
-CVE-2020-9855
-	RESERVED
+CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
+	TODO: check
 CVE-2020-9854
 	RESERVED
 CVE-2020-9853
 	RESERVED
-CVE-2020-9852
-	RESERVED
-CVE-2020-9851
-	RESERVED
-CVE-2020-9850
-	RESERVED
+CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...)
+	TODO: check
+CVE-2020-9851 (An access issue was addressed with improved access restrictions. This  ...)
+	TODO: check
+CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
 CVE-2020-9849
 	RESERVED
-CVE-2020-9848
-	RESERVED
-CVE-2020-9847
-	RESERVED
+CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...)
+	TODO: check
+CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
 CVE-2020-9846
 	RESERVED
 CVE-2020-9845
 	RESERVED
-CVE-2020-9844
-	RESERVED
-CVE-2020-9843
-	RESERVED
-CVE-2020-9842
-	RESERVED
-CVE-2020-9841
-	RESERVED
+CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
+	TODO: check
+CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...)
+	TODO: check
 CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
 	NOT-FOR-US: SwiftNIO Extras
-CVE-2020-9839
-	RESERVED
-CVE-2020-9838
-	RESERVED
-CVE-2020-9837
-	RESERVED
+CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
 CVE-2020-9836
 	RESERVED
-CVE-2020-9835
-	RESERVED
-CVE-2020-9834
-	RESERVED
-CVE-2020-9833
-	RESERVED
-CVE-2020-9832
-	RESERVED
-CVE-2020-9831
-	RESERVED
-CVE-2020-9830
-	RESERVED
-CVE-2020-9829
-	RESERVED
+CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...)
+	TODO: check
+CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...)
+	TODO: check
+CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...)
+	TODO: check
 CVE-2020-9828
 	RESERVED
-CVE-2020-9827
-	RESERVED
-CVE-2020-9826
-	RESERVED
-CVE-2020-9825
-	RESERVED
-CVE-2020-9824
-	RESERVED
-CVE-2020-9823
-	RESERVED
-CVE-2020-9822
-	RESERVED
-CVE-2020-9821
-	RESERVED
-CVE-2020-9820
-	RESERVED
-CVE-2020-9819
-	RESERVED
-CVE-2020-9818
-	RESERVED
-CVE-2020-9817
-	RESERVED
-CVE-2020-9816
-	RESERVED
-CVE-2020-9815
-	RESERVED
-CVE-2020-9814
-	RESERVED
-CVE-2020-9813
-	RESERVED
-CVE-2020-9812
-	RESERVED
-CVE-2020-9811
-	RESERVED
+CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...)
+	TODO: check
+CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...)
+	TODO: check
+CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...)
+	TODO: check
+CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...)
+	TODO: check
+CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...)
+	TODO: check
+CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...)
+	TODO: check
+CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...)
+	TODO: check
 CVE-2020-9810
 	RESERVED
-CVE-2020-9809
-	RESERVED
-CVE-2020-9808
-	RESERVED
-CVE-2020-9807
-	RESERVED
-CVE-2020-9806
-	RESERVED
-CVE-2020-9805
-	RESERVED
-CVE-2020-9804
-	RESERVED
-CVE-2020-9803
-	RESERVED
-CVE-2020-9802
-	RESERVED
-CVE-2020-9801
-	RESERVED
-CVE-2020-9800
-	RESERVED
+CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...)
+	TODO: check
+CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
+	TODO: check
+CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
+	TODO: check
+CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)
+	TODO: check
 CVE-2020-9799
 	RESERVED
 CVE-2020-9798
 	RESERVED
-CVE-2020-9797
-	RESERVED
+CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)
+	TODO: check
 CVE-2020-9796
 	RESERVED
-CVE-2020-9795
-	RESERVED
-CVE-2020-9794 [unknown input leads to a memory corruption vulnerability]
-	RESERVED
+CVE-2020-9795 (A use after free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	- sqlite3 <undetermined>
 	NOTE: https://vuldb.com/?id.155768
 	TODO: Try to get more information, as usual Apple advisories are too unspecific
-CVE-2020-9793
-	RESERVED
-CVE-2020-9792
-	RESERVED
-CVE-2020-9791
-	RESERVED
-CVE-2020-9790
-	RESERVED
-CVE-2020-9789
-	RESERVED
-CVE-2020-9788
-	RESERVED
+CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
+	TODO: check
+CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)
+	TODO: check
+CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+	TODO: check
+CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...)
+	TODO: check
 CVE-2020-9787
 	RESERVED
 CVE-2020-9786
@@ -10671,10 +10699,10 @@ CVE-2020-9414
 	RESERVED
 CVE-2020-9413
 	RESERVED
-CVE-2020-9412
-	RESERVED
-CVE-2020-9411
-	RESERVED
+CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
+	TODO: check
+CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
+	TODO: check
 CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
@@ -10741,6 +10769,7 @@ CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 becaus
 CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
 	NOT-FOR-US: Subex
 CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in  ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
@@ -12368,14 +12397,17 @@ CVE-2020-8642
 CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...)
 	NOT-FOR-US: Lotus Core CMS
 CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+	{DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
@@ -13113,7 +13145,7 @@ CVE-2020-8317
 CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
-	{DSA-4667-1}
+	{DSA-4698-1 DSA-4667-1 DLA-2242-1}
 	- linux 5.4.19-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
@@ -14577,7 +14609,7 @@ CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbit
 	NOT-FOR-US: snyk-broker
 CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
 	NOT-FOR-US: jooby
-CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
+CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...)
 	NOT-FOR-US: Noed curlrequest
 CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
 	NOT-FOR-US: Node chrome-launcher
@@ -19309,8 +19341,8 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7
 	NOT-FOR-US: XACK DNS
 CVE-2020-5590
 	RESERVED
-CVE-2020-5589
-	RESERVED
+CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that someone with ...)
+	TODO: check
 CVE-2020-5588
 	RESERVED
 CVE-2020-5587
@@ -22934,8 +22966,8 @@ CVE-2020-3884 (An injection issue was addressed with improved validation. This i
 	NOT-FOR-US: Apple
 CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
-CVE-2020-3882
-	RESERVED
+CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
 CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2020-3880
@@ -25399,7 +25431,7 @@ CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database
 CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...)
-	{DSA-4667-1}
+	{DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
 	- linux 5.5.13-1
 	NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
 	NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
@@ -27622,6 +27654,7 @@ CVE-2020-1750
 	NOT-FOR-US: OpenShift machine-config-operator
 CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup]
 	RESERVED
+	{DLA-2241-1}
 	- linux 5.4.6-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
@@ -30135,7 +30168,7 @@ CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) P
 CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...)
 	NOT-FOR-US: Intel
 CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
-	{DSA-4647-1}
+	{DSA-4647-1 DLA-2240-1}
 	- bluez 5.50-1.1 (bug #953770)
 	NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
@@ -30193,6 +30226,7 @@ CVE-2020-0544
 	RESERVED
 CVE-2020-0543 [Special Register Buffer Data Sampling]
 	RESERVED
+	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- intel-microcode <unfixed>
 	- linux <unfixed>
 	NOTE: https://www.vusec.net/projects/crosstalk/
@@ -31405,6 +31439,7 @@ CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out o
 CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...)
 	NOT-FOR-US: FPC components for Android
 CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write  ...)
+	{DLA-2241-1}
 	- linux 5.5.13-1
 	[buster] - linux 4.19.118-1
 	[stretch] - linux <ignored> (Driver is not enabled or supported)
author	security tracker role <sectracker@soriano.debian.org>	2020-06-09 20:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-06-09 20:10:20 +0000
commit	04df7692f62ef48231613b4730aed4e8cac58307 (patch)
tree	b547b316788ed2e87b634601d95e6c008843993a
parent	986f14478a38ec3e6fa5c6dc8795f65f6d890e14 (diff)