diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-26 18:48:24 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-03-26 18:49:30 +0100 |
commit | 9906ddce7f8caec7ef33d10f95fb624857c8a267 (patch) | |
tree | 432f4fb87d57bc86f03f4d8a049353efda825650 /data/CVE/2020.list | |
parent | aa3b395f276eff1becace495787c7d2555052744 (diff) |
buster triage
Diffstat (limited to 'data/CVE/2020.list')
-rw-r--r-- | data/CVE/2020.list | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index eb975c0836..511527d4b3 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -93,6 +93,7 @@ CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbi NOT-FOR-US: GramAddict CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.6 has ...) - dlt-daemon 2.18.6-1 + [buster] - dlt-daemon <no-dsa> (Minor issue) NOTE: https://github.com/GENIVI/dlt-daemon/issues/265 NOTE: https://github.com/GENIVI/dlt-daemon/pull/269 NOTE: https://github.com/GENIVI/dlt-daemon/commit/af734fe097ed379b0aa5fcf551886b1ce5098052 (v2.18.6) @@ -1442,6 +1443,7 @@ CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfre NOTE: https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html CVE-2020-35678 (Autobahn|Python before 20.12.3 allows redirect header injection. ...) - python-autobahn <unfixed> (bug #978416) + [buster] - python-autobahn <no-dsa> (Minor issue) [stretch] - python-autobahn <ignored> (Need a package which is not in this suite) NOTE: https://github.com/crossbario/autobahn-python/pull/1439 NOTE: https://github.com/crossbario/autobahn-python/commit/f7b7ad5c1066bdcc551775b73da15dca5c111623 (v20.12.3) @@ -5558,6 +5560,7 @@ CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollut NOTE: Only bogus references listed, unclear what this is about CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...) - node-elliptic 6.5.4~dfsg-1 + [buster] - node-elliptic <no-dsa> (Minor issue) NOTE: https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f NOTE: https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md CVE-2020-28497 @@ -5573,6 +5576,7 @@ CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs NOT-FOR-US: Node total.js CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDo ...) - jinja2 2.11.3-1 (bug #982736) + [buster] - jinja2 <no-dsa> (Minor issue) [stretch] - jinja2 <no-dsa> (Minor issue) NOTE: https://github.com/pallets/jinja/pull/1343 NOTE: https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 @@ -7025,7 +7029,6 @@ CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. T CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior t ...) {DLA-2550-1} - openjpeg2 2.4.0-1 - [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1302 NOTE: https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 (v2.4.0) CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...) @@ -7035,19 +7038,16 @@ CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...) - openjpeg2 2.4.0-1 (bug #983663) - [buster] - openjpeg2 <no-dsa> (Minor issue) [stretch] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1297 NOTE: Partial fix (preventing the out of bounds access): https://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 (2.4.0) CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...) - openjpeg2 2.4.0-1 - [buster] - openjpeg2 <no-dsa> (Minor issue) [stretch] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1294 CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...) {DLA-2550-1} - openjpeg2 2.4.0-1 - [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1293 NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0) CVE-2020-27840 [Heap corruption via crafted DN strings] @@ -7136,7 +7136,6 @@ CVE-2020-27824 [global-buffer-overflow read in lib-openjp2] RESERVED {DLA-2550-1} - openjpeg2 2.4.0-1 - [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1286 NOTE: https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d (v2.4.0) CVE-2020-27823 [Heap-buffer-overflow write in lib-openjp2] @@ -7182,6 +7181,8 @@ CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled ce NOTE: https://github.com/uclouvain/openjpeg/issues/1283 NOTE: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc (v2.4.0) NOTE: https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae (v2.4.0) + NOTE: https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6 + NOTE: https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9 CVE-2020-27813 (An integer overflow vulnerability exists with the length of websocket ...) {DLA-2520-1} - golang-github-gorilla-websocket <not-affected> (Fixed with first upload to Debian with renamed source package) @@ -12541,6 +12542,7 @@ CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6 [buster] - ruby2.5 2.5.5-3+deb10u3 - ruby2.3 <removed> - jruby <unfixed> (bug #972230) + [buster] - jruby <no-dsa> (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7 CVE-2020-25612 (The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an atta ...) @@ -13903,6 +13905,7 @@ CVE-2020-24995 RESERVED CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...) - libass 1:0.15.0-1 + [buster] - libass <no-dsa> (Minor issue) NOTE: https://github.com/libass/libass/issues/422 NOTE: https://github.com/libass/libass/issues/423 NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0) @@ -34151,7 +34154,6 @@ CVE-2020-15390 CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) {DLA-2277-1} - openjpeg2 2.4.0-1 (bug #965220) - [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1261 NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0) CVE-2020-15388 @@ -52417,7 +52419,6 @@ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) {DLA-2277-1 DLA-2089-1} - openjpeg2 2.4.0-1 (bug #950184) - [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 NOTE: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 (v2.4.0) CVE-2020-8111 @@ -55302,7 +55303,6 @@ CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwa CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...) {DLA-2277-1 DLA-2081-1} - openjpeg2 2.4.0-1 (bug #950000) - [buster] - openjpeg2 <no-dsa> (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1228 NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 (v2.4.0) CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...) |