From 1554b910db4074bd3cad190e1a723e807a50f78f Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Mon, 30 Nov 2020 08:10:21 +0000
Subject: automatic update

---
 data/CVE/list | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 6c12e26429..59385aa283 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -550,8 +550,8 @@ CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because
 	NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
 CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...)
 	TODO: check
-CVE-2020-29127
-	RESERVED
+CVE-2020-29127 (An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices th ...)
+	TODO: check
 CVE-2020-29126
 	RESERVED
 CVE-2020-29125
@@ -10276,6 +10276,7 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is vulnerable to Open Redirect.
 CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. ...)
 	NOT-FOR-US: touchbase.ai
 CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...)
+	{DLA-2471-1}
 	- libxstream-java 1.4.14-1
 	NOTE: https://x-stream.github.io/CVE-2020-26217.html
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
@@ -11807,8 +11808,7 @@ CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD l
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
 	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=patch;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0)
-CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors]
-	RESERVED
+CVE-2020-25624 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ...)
 	{DLA-2469-1}
 	- qemu <unfixed> (bug #970541)
 	[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
@@ -64364,7 +64364,7 @@ CVE-2019-20046 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a v
 CVE-2019-20045 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
 	NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
 CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can regain privi ...)
-	{DLA-2117-1}
+	{DLA-2470-1 DLA-2117-1}
 	- zsh 5.8-1 (bug #951458)
 	[buster] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/mla/zsh-announce/141
@@ -147898,6 +147898,7 @@ CVE-2018-13261
 CVE-2018-13260
 	REJECTED
 CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64  ...)
+	{DLA-2470-1}
 	- zsh 5.6-1 (bug #908000)
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/mla/zsh-announce/136
@@ -163534,7 +163535,7 @@ CVE-2018-7546 (wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.66
 CVE-2018-7545
 	RESERVED
 CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
-	{DLA-1304-1}
+	{DLA-2470-1 DLA-1304-1}
 	- zsh 5.4.1-1
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
@@ -182903,6 +182904,7 @@ CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Open
 CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of sys ...)
 	NOT-FOR-US: Ansible Tower
 CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
+	{DLA-2470-1}
 	- zsh 5.5-1 (bug #895225)
 	[jessie] - zsh <no-dsa> (Minor issue)
 	[wheezy] - zsh <no-dsa> (Minor issue)
@@ -182996,7 +182998,7 @@ CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflo
 	NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
 	NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
 CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in  ...)
-	{DLA-1335-1}
+	{DLA-2470-1 DLA-1335-1}
 	- zsh 5.4.2-4 (low; bug #894043)
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
@@ -183029,7 +183031,7 @@ CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 r
 CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an informatio ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
-	{DLA-1335-1}
+	{DLA-2470-1 DLA-1335-1}
 	- zsh 5.4.2-4 (low; bug #894044)
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
@@ -185177,6 +185179,7 @@ CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
 	NOTE: https://phabricator.wikimedia.org/T169545
 CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...)
+	{DLA-2470-1}
 	- zsh 5.6-1 (bug #908000)
 	[jessie] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/mla/zsh-announce/136
-- 
cgit v1.2.3