automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-07-22 20:10:21 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-07-22 20:10:21 +0000
commit: 8ad3dc0bd402bba7903c54c56ca56c3e099717c4 (patch)
tree: 31c358cf7b2df2032bcb68e4540495e74c327c61 /data/CVE
parent: 0dde566372c1966da59ae6868e377cdbf3695be3 (diff)
4 files changed, 60 insertions, 79 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index d710407136..e136da3cef 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -23699,8 +23699,8 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt
 	NOTE: include the faulty patch.
 CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...)
 	NOT-FOR-US: signond from Ubuntu Touch
-CVE-2014-1422
-	RESERVED
+CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from an app ...)
+	TODO: check
 CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...)
 	- mountall <not-affected> (partman-efi in jessie uses secure umask, mount in older releases not affected)
 	NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 309c5b605a..40a27ab30f 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -21340,6 +21340,7 @@ CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 al
 	- ruby2.3 <not-affected> (Specific to Ruby 2.4)
 	- ruby2.1 <not-affected> (Specific to Ruby 2.4)
 CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in G ...)
+	{DLA-2285-1}
 	- librsvg 2.40.18-1 (bug #869129)
 	[jessie] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
 	[wheezy] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 03c9acf73d..5ac678cf69 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1090,6 +1090,7 @@ CVE-2019-20448
 CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
 	NOT-FOR-US: Jobberbase CMS
 CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...)
+	{DLA-2285-1}
 	- librsvg 2.46.4-1
 	[buster] - librsvg <no-dsa> (Will be fixed via spu)
 	[jessie] - librsvg <no-dsa> (Minor issue)
@@ -6031,10 +6032,10 @@ CVE-2019-18621
 	RESERVED
 CVE-2019-18620
 	RESERVED
-CVE-2019-18619
-	RESERVED
-CVE-2019-18618
-	RESERVED
+CVE-2019-18619 (Incorrect parameter validation in the synaTee component of Synaptics W ...)
+	TODO: check
+CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx family f ...)
+	TODO: check
 CVE-2019-18617
 	RESERVED
 CVE-2019-18616
@@ -11657,8 +11658,8 @@ CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a di
 	NOT-FOR-US: Intesync Solismed
 CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...)
 	NOT-FOR-US: OMERO
-CVE-2019-16244
-	RESERVED
+CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the security filt ...)
+	TODO: check
 CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
 	NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
 CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 88a8184487..2eb5e4142c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,13 @@
+CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
+	TODO: check
+CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...)
+	TODO: check
+CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...)
+	TODO: check
+CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...)
+	TODO: check
+CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...)
+	TODO: check
 CVE-2020-15891
 	RESERVED
 CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...)
@@ -184,8 +194,8 @@ CVE-2020-15808
 	RESERVED
 CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted  ...)
 	- libredwg <itp> (bug #595191)
-CVE-2020-15806
-	RESERVED
+CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...)
+	TODO: check
 CVE-2020-15805
 	RESERVED
 CVE-2020-15804
@@ -1662,8 +1672,8 @@ CVE-2020-15126
 	RESERVED
 CVE-2020-15125
 	RESERVED
-CVE-2020-15124
-	RESERVED
+CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...)
+	TODO: check
 CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a  ...)
 	TODO: check
 CVE-2020-15122
@@ -4380,14 +4390,14 @@ CVE-2020-13937
 CVE-2020-13936
 	RESERVED
 CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
-	{DSA-4727-1}
+	{DSA-4727-1 DLA-2286-1}
 	- tomcat9 9.0.37-1
 	- tomcat8 <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3
 	NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57)
 	NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37)
 CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...)
-	{DSA-4727-1}
+	{DSA-4727-1 DLA-2286-1}
 	- tomcat9 9.0.37-1
 	- tomcat8 <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4
@@ -7061,8 +7071,8 @@ CVE-2020-12776
 	RESERVED
 CVE-2020-12775
 	RESERVED
-CVE-2020-12774
-	RESERVED
+CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...)
+	TODO: check
 CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...)
 	NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware
 CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...)
@@ -17255,8 +17265,7 @@ CVE-2020-8561
 	RESERVED
 CVE-2020-8560
 	RESERVED
-CVE-2020-8559
-	RESERVED
+CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...)
 	- kubernetes 1.18.5-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6
 CVE-2020-8558
@@ -20105,7 +20114,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
 	NOT-FOR-US: McAfee
 CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
 	NOT-FOR-US: McAfee
-CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in McAfee En ...)
+CVE-2020-7263 (Improper access control vulnerability in ESconfigTool.exe in McAfee En ...)
 	NOT-FOR-US: ENS for Windows
 CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
 	NOT-FOR-US: McAfee
@@ -21902,131 +21911,101 @@ CVE-2020-6538
 	RESERVED
 CVE-2020-6537
 	RESERVED
-CVE-2020-6536
-	RESERVED
+CVE-2020-6536 (Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 a ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6535
-	RESERVED
+CVE-2020-6535 (Insufficient data validation in WebUI in Google Chrome prior to 84.0.4 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6534
-	RESERVED
+CVE-2020-6534 (Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6533
-	RESERVED
+CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6532
 	RESERVED
-CVE-2020-6531
-	RESERVED
+CVE-2020-6531 (Side-channel information leakage in scroll to text in Google Chrome pr ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6530
-	RESERVED
+CVE-2020-6530 (Out of bounds memory access in developer tools in Google Chrome prior  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6529
-	RESERVED
+CVE-2020-6529 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6528
-	RESERVED
+CVE-2020-6528 (Incorrect security UI in basic auth in Google Chrome on iOS prior to 8 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6527
-	RESERVED
+CVE-2020-6527 (Insufficient policy enforcement in CSP in Google Chrome prior to 84.0. ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6526
-	RESERVED
+CVE-2020-6526 (Inappropriate implementation in iframe sandbox in Google Chrome prior  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6525
-	RESERVED
+CVE-2020-6525 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 al ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6524
-	RESERVED
+CVE-2020-6524 (Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.8 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6523
-	RESERVED
+CVE-2020-6523 (Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 all ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6522
-	RESERVED
+CVE-2020-6522 (Inappropriate implementation in external protocol handlers in Google C ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6521
-	RESERVED
+CVE-2020-6521 (Side-channel information leakage in autofill in Google Chrome prior to ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6520
-	RESERVED
+CVE-2020-6520 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6519
-	RESERVED
+CVE-2020-6519 (Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6518
-	RESERVED
+CVE-2020-6518 (Use after free in developer tools in Google Chrome prior to 84.0.4147. ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6517
-	RESERVED
+CVE-2020-6517 (Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6516
-	RESERVED
+CVE-2020-6516 (Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6515
-	RESERVED
+CVE-2020-6515 (Use after free in tab strip in Google Chrome prior to 84.0.4147.89 all ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6514
-	RESERVED
+CVE-2020-6514 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6513
-	RESERVED
+CVE-2020-6513 (Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6512
-	RESERVED
+CVE-2020-6512 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6511
-	RESERVED
+CVE-2020-6511 (Information leak in content security policy in Google Chrome prior to  ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6510
-	RESERVED
+CVE-2020-6510 (Heap buffer overflow in background fetch in Google Chrome prior to 84. ...)
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6509
-	RESERVED
+CVE-2020-6509 (Use after free in extensions in Google Chrome prior to 83.0.4103.116 a ...)
 	{DSA-4714-1}
 	- chromium 83.0.4103.116-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6508
 	RESERVED
-CVE-2020-6507
-	RESERVED
+CVE-2020-6507 (Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allo ...)
 	{DSA-4714-1}
 	- chromium 83.0.4103.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6506
-	RESERVED
+CVE-2020-6506 (Insufficient policy enforcement in WebView in Google Chrome on Android ...)
 	{DSA-4714-1}
 	- chromium 83.0.4103.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6505
-	RESERVED
+CVE-2020-6505 (Use after free in speech in Google Chrome prior to 83.0.4103.106 allow ...)
 	{DSA-4714-1}
 	- chromium 83.0.4103.106-1
 	[stretch] - chromium <end-of-life> (see DSA 4562)
author	security tracker role <sectracker@soriano.debian.org>	2020-07-22 20:10:21 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-07-22 20:10:21 +0000
commit	8ad3dc0bd402bba7903c54c56ca56c3e099717c4 (patch)
tree	31c358cf7b2df2032bcb68e4540495e74c327c61 /data/CVE
parent	0dde566372c1966da59ae6868e377cdbf3695be3 (diff)