[Git][security-tracker-team/security-tracker][master] - "new" dnsmasq issue (CVE is for Red Hat, but they essentially found the same...

Wed, 01 Jul 2020 03:12:54 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bce5996a by Moritz Muehlenhoff at 2020-07-01T12:10:45+02:00
- "new" dnsmasq issue (CVE is for Red Hat, but they essentially found 
the same issue Mika Prokop did back in 2014)
- new rails issue
- NFU
- add squid to dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2732,6 +2732,8 @@ CVE-2020-14313
        RESERVED
 CVE-2020-14312
        RESERVED
+       - dnsmasq 2.69-1 (bug #732610)
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
 CVE-2020-14311
        RESERVED
 CVE-2020-14310
@@ -2744,6 +2746,7 @@ CVE-2020-14307
        RESERVED
 CVE-2020-14306
        RESERVED
+       NOT-FOR-US: OpenShift
 CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
        RESERVED
        - linux 4.12.6-1
@@ -19156,6 +19159,9 @@ CVE-2020-8186
        RESERVED
 CVE-2020-8185
        RESERVED
+       [experimental] - rails <unfixed>
+       - rails <not-affected> (Introduced in rails 6.x)
+       NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
 CVE-2020-8184 (A reliance on cookies without validation/integrity check 
security vuln ...)
        - ruby-rack <unfixed> (bug #963477)
        NOTE: Fixed by: 
https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c


=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,8 @@ rails
 ruby2.5/stable
   Utkarsh Gupta proposed to work on an update
 --
+squid/stable
+--
 squid3/oldstable
 --
 teeworlds/stable (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce5996ab8f2bd2b6973399354cc25c0f1d4c0e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bce5996ab8f2bd2b6973399354cc25c0f1d4c0e0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to