diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-09 19:43:51 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-09 19:43:51 +0200 |
| commit | 7f06a4a366a7aed52ff63e7e95dd8fce8abb55bf (patch) | |
| tree | dd1e02404571abd99010ee62781ee4d2c020d455 /data/CVE | |
| parent | 8edd1b5dde28051d174a80dae5ee284dd9e8f230 (diff) | |
buster triage
mark Google Closure Library as NFU, if this were a security issue as bundled
in Chromium, it would get fixed via Chromium updates anyway
Diffstat (limited to 'data/CVE')
| -rw-r--r-- | data/CVE/2015.list | 1 | ||||
| -rw-r--r-- | data/CVE/2020.list | 9 |
2 files changed, 6 insertions, 4 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index e28a00700a..4af86f4b9c 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -18,6 +18,7 @@ CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x bef CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...) {DLA-2116-1} - libpam-radius-auth 1.4.0-3 (bug #951396) + [buster] - libpam-radius-auth <no-dsa> (Minor issue) NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 97fe0a95ad..faadb67386 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -156,6 +156,7 @@ CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0. NOT-FOR-US: Whoopsie CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...) - milkytracker <unfixed> + [buster] - milkytracker <no-dsa> (Minor issue) NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf CVE-2020-15568 RESERVED @@ -12508,7 +12509,9 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) - pillow <unfixed> - [jessie] - pillow <no-dsa> (Minor issue) + [buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + [stretch] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + [jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an out-of-bou ...) @@ -15734,9 +15737,7 @@ CVE-2020-8912 CVE-2020-8911 RESERVED CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) - - chromium <unfixed> - [stretch] - chromium <end-of-life> (see DSA 4562) - NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9 + NOT-FOR-US: Google Closure Library CVE-2020-8909 RESERVED CVE-2020-8908 |