Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ffc9a9b by security tracker role at 2021-01-31T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11278,6 +11278,7 @@ CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF
for password changes via
CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the
admin/logs_ajax.php tipo ...)
NOT-FOR-US: MK-AUTH
CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an
out-of-bounds ...)
+ {DLA-2537-1}
- ffmpeg 7:4.3.1-6 (bug #979999)
[buster] - ffmpeg <postponed> (Wait for 4.1.7)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
@@ -55369,12 +55370,14 @@ CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote
Command Execution. System-Snap
CVE-2020-14411
RESERVED
CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based
buffer ...)
+ {DLA-2536-1}
- libsdl1.2 <undetermined>
- libsdl2 2.0.14+dfsg2-2
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
TODO: check libsdl1.2
CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer
Overflow ...)
+ {DLA-2536-1}
- libsdl1.2 <undetermined>
- libsdl2 2.0.14+dfsg2-2
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
@@ -99225,7 +99228,7 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a
heap-based buffer overflow in
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c
allows a NUL ...)
- {DSA-4722-1}
+ {DSA-4722-1 DLA-2537-1}
- ffmpeg 7:4.2.1-1 (low)
- libav <removed> (low)
[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
@@ -111508,6 +111511,7 @@ CVE-2019-13618 (In GPAC before 0.8.0,
isomedia/isom_read.c in libgpac.a has a he
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer
over-read in ...)
NOT-FOR-US: njs
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
+ {DLA-2536-1}
- libsdl2 2.0.10+dfsg1-1
[buster] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <postponed> (can be fixed along with more important
patches)
@@ -130007,7 +130011,7 @@ CVE-2019-7640
CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora
29. If P ...)
NOT-FOR-US: gsi-openssh-server (OpenSSH patched with
openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130031,7 +130035,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2)
NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637.
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130041,7 +130045,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- {DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130184,7 +130188,7 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote
attackers to execute arbitrary
CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766
devices. An ...)
NOT-FOR-US: Linksys
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130194,7 +130198,7 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
@@ -130217,7 +130221,7 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: Proposed patch:
https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is
applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffc9a9ba30663de970ea3177a9431e460d511a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffc9a9ba30663de970ea3177a9431e460d511a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
