diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-03 17:09:04 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-03 17:09:04 +0200 |
commit | 1a0d3a9a2e4f7c1c2602bfaf4c98507e455524a1 (patch) | |
tree | 4e9a833f9a3d314cfa1c6d5b2bf27325878e5cb0 /data | |
parent | 8e2d000c7d2fce822fa1bdb97d4a942675423acd (diff) |
buster triage
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 3ddfdf2e34..4f6716a6e6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -801,8 +801,9 @@ CVE-2020-15891 RESERVED CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...) {DLA-2296-1} - - luajit <unfixed> (bug #966148) + - luajit <unfixed> (unimportant; bug #966148) NOTE: https://github.com/LuaJIT/LuaJIT/issues/601 + NOTE: No security impact, only "exploitable" with untrusted Lua code CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...) - lua5.4 5.4.0-2 - lua5.3 <undetermined> @@ -9582,12 +9583,14 @@ CVE-2020-12402 (During RSA key generation, bignum implementations used a variati CVE-2020-12401 [ECDSA timing attack mitigation bypass] RESERVED - nss 2:3.55-1 + [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function] RESERVED - nss 2:3.55-1 + [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes @@ -20020,6 +20023,7 @@ CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext H NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template. CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) - cacti 1.2.10+ds1-1 (bug #951832) + [buster] - cacti <no-dsa> (Minor issue) [stretch] - cacti <not-affected> (Vulnerable code not present) [jessie] - cacti <not-affected> (Vulnerable code not present) NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 @@ -24746,6 +24750,7 @@ CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be CVE-2020-6829 [Side channel attack on ECDSA signature generation] RESERVED - nss 2:3.55-1 + [buster] - nss <no-dsa> (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes |