From 7b4b63b3e8e84be4291889830d3ae8395429a0ca Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sun, 29 Nov 2020 20:10:34 +0000 Subject: automatic update --- data/CVE/list | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/data/CVE/list b/data/CVE/list index 4ed4ebf73f..e216a28302 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -7213,6 +7213,7 @@ CVE-2020-27618 [iconv when processing invalid multi-byte input sequences fails t NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...) + {DLA-2469-1} - qemu (bug #973324) [buster] - qemu (Fix along in future DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html @@ -11413,6 +11414,7 @@ CVE-2020-25724 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM) CVE-2020-25723 [assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c] RESERVED + {DLA-2469-1} - qemu (bug #975276) [buster] - qemu (Fix along in future DSA) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 @@ -11791,6 +11793,7 @@ CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0 NOTE: https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429 NOTE: Fixed upstream in 3.12.0 and 3.11.2 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...) + {DLA-2469-1} - qemu (bug #970542) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html @@ -11798,6 +11801,7 @@ CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD l NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=patch;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0) CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors] RESERVED + {DLA-2469-1} - qemu (bug #970541) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html @@ -13006,6 +13010,7 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...) + {DLA-2469-1} - qemu (bug #970540) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html -- cgit v1.2.3