automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-08-30 08:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-08-30 08:10:20 +0000
commit: 53137ee506392eff0a4ec5196be13a8c7af61be4 (patch)
tree: 5510bcc049ed19775883acfc9cb8b64975275629 /data/CVE
parent: b97e2690d8f3aa35c5694cae9beb2e199eda33f0 (diff)
2 files changed, 28 insertions, 10 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 0fdeec9b2c..0c8189a9c7 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -24643,6 +24643,7 @@ CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers t
 CVE-2014-0790
 	RESERVED
 CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...)
+	{DLA-2356-1}
 	- freerdp <removed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 43dd9d1cdc..497052b298 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,5 @@
+CVE-2020-25024
+	RESERVED
 CVE-2020-25023
 	RESERVED
 CVE-2020-25022
@@ -98,8 +100,8 @@ CVE-2020-24974
 	RESERVED
 CVE-2020-24973
 	RESERVED
-CVE-2020-24972
-	RESERVED
+CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG  ...)
+	TODO: check
 CVE-2020-24971
 	RESERVED
 CVE-2020-24970
@@ -186,8 +188,8 @@ CVE-2020-24930
 	RESERVED
 CVE-2020-24929
 	RESERVED
-CVE-2020-24928
-	RESERVED
+CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...)
+	TODO: check
 CVE-2020-24927
 	RESERVED
 CVE-2020-24926
@@ -246,10 +248,10 @@ CVE-2020-24900
 	RESERVED
 CVE-2020-24899
 	RESERVED
-CVE-2020-24898
-	RESERVED
-CVE-2020-24897
-	RESERVED
+CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...)
+	TODO: check
+CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...)
+	TODO: check
 CVE-2020-24896
 	RESERVED
 CVE-2020-24895
@@ -19594,6 +19596,7 @@ CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of s
 CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...)
 	NOT-FOR-US: RaspberryTortoise
 CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
+	{DLA-2354-1}
 	- ndpi <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
 	NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
@@ -24515,16 +24518,19 @@ CVE-2020-13400
 CVE-2020-13399
 	RESERVED
 CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
 CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -29150,6 +29156,7 @@ CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte w
 CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
 	NOT-FOR-US: Zoho
 CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions &gt; 1.1 through 2.0.0-rc ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
@@ -29157,6 +29164,7 @@ CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions &gt; 1.1 through 2.
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions &gt; 1.0 through 2.0.0-r ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
@@ -29170,18 +29178,21 @@ CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions &gt; 1.0 thro
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions &gt; 1.0 through 2.0.0-rc4 ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
 CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP &gt; 1.0 through 2.0.0-rc4 has an Out- ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
 CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version &gt; 1.0 through 2.0.0-rc ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
 	- freerdp <removed>
@@ -30219,6 +30230,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
 	NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and  ...)
+	{DLA-2353-1}
 	- bacula 9.6.5-1
 	[buster] - bacula <no-dsa> (Minor issue; can be fixed via point release)
 	- bareos <unfixed> (bug #968957)
@@ -30236,6 +30248,7 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by
 CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir  ...)
 	NOT-FOR-US: AEgir
 CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in  ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -30270,6 +30283,7 @@ CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound
 	NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
 CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -30285,6 +30299,7 @@ CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -30292,6 +30307,7 @@ CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-
 	NOTE: Fixed  by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
 	NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -30312,6 +30328,7 @@ CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound
 	[stretch] - freerdp <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
+	{DLA-2356-1}
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
 	- freerdp <removed>
@@ -36163,13 +36180,13 @@ CVE-2020-8624 (In BIND 9.9.12 -&gt; 9.9.13, 9.10.7 -&gt; 9.10.8, 9.11.3 -&gt; 9.
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22)
 CVE-2020-8623 (In BIND 9.10.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3 ...)
-	{DSA-4752-1}
+	{DSA-4752-1 DLA-2355-1}
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8623
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6)
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22)
 CVE-2020-8622 (In BIND 9.0.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, ...)
-	{DSA-4752-1}
+	{DSA-4752-1 DLA-2355-1}
 	- bind9 1:9.16.6-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8622
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6)
author	security tracker role <sectracker@soriano.debian.org>	2020-08-30 08:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-08-30 08:10:20 +0000
commit	53137ee506392eff0a4ec5196be13a8c7af61be4 (patch)
tree	5510bcc049ed19775883acfc9cb8b64975275629 /data/CVE
parent	b97e2690d8f3aa35c5694cae9beb2e199eda33f0 (diff)