diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-11-21 20:10:23 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-11-21 20:10:23 +0000 |
| commit | f2fcd3b13155a5191f707b71bc55376245e8b2cd (patch) | |
| tree | cc4ad62322428e0c597c1e8f152144607065c3df | |
| parent | 1fb85802b79f2bbd6978d32f61d6526f253f74a2 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2016.list | 2 | ||||
| -rw-r--r-- | data/CVE/2020.list | 43 |
2 files changed, 25 insertions, 20 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 9faf9b1f21..f6803e8b19 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -716,7 +716,7 @@ CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based NOTE: version and only reuploaded as 2:2.6-7 to unstable. CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...) - {DLA-1708-1} + {DLA-2461-1 DLA-1708-1} - zabbix 1:3.0.17+dfsg-1 (low) NOTE: https://support.zabbix.com/browse/ZBX-10272 NOTE: https://support.zabbix.com/browse/ZBX-13133 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 11b90f8e1d..04d3bce9af 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1270,6 +1270,7 @@ CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sens [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-351.html CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. ...) + {DLA-2460-1} - golang-1.15 1.15.5-1 - golang-1.11 <removed> - golang-1.8 <removed> @@ -1649,7 +1650,7 @@ CVE-2020-28198 CVE-2020-28197 RESERVED CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...) - {DLA-2437-1} + {DSA-4795-1 DLA-2437-1} [experimental] - krb5 1.18.2-1 - krb5 1.18.3-1 (bug #973880) NOTE: https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd @@ -4258,7 +4259,7 @@ CVE-2020-26969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969 CVE-2020-26968 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4279,7 +4280,7 @@ CVE-2020-26966 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966 CVE-2020-26965 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4300,7 +4301,7 @@ CVE-2020-26962 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962 CVE-2020-26961 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4309,7 +4310,7 @@ CVE-2020-26961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961 CVE-2020-26960 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4318,7 +4319,7 @@ CVE-2020-26960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960 CVE-2020-26959 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4327,7 +4328,7 @@ CVE-2020-26959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959 CVE-2020-26958 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4340,7 +4341,7 @@ CVE-2020-26957 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957 CVE-2020-26956 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4357,7 +4358,7 @@ CVE-2020-26954 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954 CVE-2020-26953 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -4370,7 +4371,7 @@ CVE-2020-26952 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952 CVE-2020-26951 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -5295,6 +5296,7 @@ CVE-2020-26521 (The JWT library in NATS nats-server before 2.1.9 allows a denial CVE-2020-26520 RESERVED CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write when pa ...) + {DSA-4794-1} - mupdf 1.17.0+ds1-1.1 (bug #971595) [stretch] - mupdf <postponed> (Minor issue, can be fixed along in next DLA) NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 @@ -8339,8 +8341,8 @@ CVE-2020-25191 RESERVED CVE-2020-25190 RESERVED -CVE-2020-25189 - RESERVED +CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...) + TODO: check CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...) NOT-FOR-US: LAquis SCADA CVE-2020-25187 @@ -25288,6 +25290,7 @@ CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) + {DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc2-1 - golang-1.14 1.14.7-1 - golang-1.11 <removed> @@ -27147,7 +27150,7 @@ CVE-2020-16013 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-16012 RESERVED - {DSA-4793-1 DLA-2457-1} + {DSA-4796-1 DSA-4793-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 @@ -28322,6 +28325,7 @@ CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine CVE-2020-15587 RESERVED CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...) + {DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc1-1 - golang-1.14 1.14.6-1 - golang-1.11 <removed> @@ -31626,8 +31630,8 @@ CVE-2020-14260 RESERVED CVE-2020-14259 RESERVED -CVE-2020-14258 - RESERVED +CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...) + TODO: check CVE-2020-14257 RESERVED CVE-2020-14256 @@ -31674,16 +31678,16 @@ CVE-2020-14236 RESERVED CVE-2020-14235 RESERVED -CVE-2020-14234 - RESERVED +CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability due to ...) + TODO: check CVE-2020-14233 RESERVED CVE-2020-14232 RESERVED CVE-2020-14231 RESERVED -CVE-2020-14230 - RESERVED +CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...) + TODO: check CVE-2020-14229 RESERVED CVE-2020-14228 @@ -37769,6 +37773,7 @@ CVE-2020-11802 CVE-2020-11801 RESERVED CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...) + {DLA-2461-1} - zabbix 1:4.0.0+dfsg-1 NOTE: https://support.zabbix.com/browse/DEV-1538 NOTE: https://support.zabbix.com/browse/ZBX-17600 |