Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4bc4d1fa by security tracker role at 2020-09-13T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,13 @@
-CVE-2020-25285 [mm/hugetlb: fix a race between hugetlb sysctl handlers]
+CVE-2020-25288
+ RESERVED
+CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute
arbitrary com ...)
+ TODO: check
+CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2,
comment ...)
+ TODO: check
+CVE-2020-25285 (A race condition between hugetlb sysctl handlers in
mm/hugetlb.c in th ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
-CVE-2020-25284 [rbd: require global CAP_SYS_ADMIN for mapping and unmapping]
+CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the
Linux kernel ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS
8.0, 8.1, ...)
@@ -18756,7 +18762,7 @@ CVE-2020-16093
[buster] - lemonldap-ng <no-dsa> (Minor issue)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250
CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the
network p ...)
- {DSA-4760-1}
+ {DSA-4760-1 DLA-2373-1}
- qemu 1:5.1+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
@@ -23192,7 +23198,7 @@ CVE-2020-14365 [dnf module install packages with no GPG
signature]
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB
emulator ...)
- {DSA-4760-1}
+ {DSA-4760-1 DLA-2373-1}
- qemu 1:5.1+dfsg-4 (bug #968947)
NOTE: https://xenbits.xen.org/xsa/advisory-335.html
NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
@@ -26211,6 +26217,7 @@ CVE-2020-13254 (An issue was discovered in Django 2.2
before 2.2.13 and 3.0 befo
NOTE:
https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206
(2.2 branch)
NOTE: Regression https://code.djangoproject.com/ticket/31654
CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated
address, wh ...)
+ {DLA-2373-1}
- qemu 1:5.0-8 (bug #961297)
[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
@@ -58125,7 +58132,7 @@ CVE-2020-1712 (A heap use-after-free vulnerability was
found in systemd before v
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way
the iSCS ...)
- {DLA-2144-1}
+ {DLA-2373-1 DLA-2144-1}
- qemu 1:4.2-2 (bug #949731)
[buster] - qemu 1:3.1+dfsg-8+deb10u4
- qemu-kvm <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc4d1fa245261890620e432607ca38c9ecfa947
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc4d1fa245261890620e432607ca38c9ecfa947
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
