Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc319a8d by Moritz Muehlenhoff at 2020-01-30T11:52:23-08:00
NFUs
stb code copy bugs
- - - - -
2 changed files:
- data/CVE/list
- data/embedded-code-copies
Changes:
=====================================
data/CVE/list
=====================================
@@ -1459,7 +1459,7 @@ CVE-2020-7801
CVE-2020-7800
RESERVED
CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An
authenticated ...)
- TODO: check
+ NOT-FOR-US: FusionAuth
CVE-2020-7798
RESERVED
CVE-2020-7797
@@ -6234,7 +6234,7 @@ CVE-2020-5525
CVE-2020-5524
RESERVED
CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking
applications b ...)
- TODO: check
+ NOT-FOR-US: MyPallete
CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not
verify ...)
NOT-FOR-US: kantan netprint App for Android
CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not
verify X.50 ...)
@@ -6933,11 +6933,11 @@ CVE-2020-5222
CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated
user to pe ...)
NOT-FOR-US: uftpd
CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups
to be ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code
execution v ...)
- TODO: check
+ NOT-FOR-US: Angular Expressions
CVE-2020-5218 (Affected versions of Sylius give attackers the ability to
switch chann ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive
injection vuln ...)
- ruby-secure-headers <unfixed> (bug #949999)
NOTE:
https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
@@ -7005,7 +7005,7 @@ CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS
rebinding attacks against the O
CVE-2019-20328
RESERVED
CVE-2019-20327 (Insecure permissions in cwrapper_perl in Centreon
Infrastructure Monit ...)
- TODO: check
+ NOT-FOR-US: Centreon Infrastructure Monitoring
CVE-2019-20325
REJECTED
CVE-2019-20324
@@ -11516,9 +11516,9 @@ CVE-2019-19825 (On certain TOTOLINK Realtek SDK based
routers, the CAPTCHA text
CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an
authenticated attack ...)
NOT-FOR-US: TOTOLINK Realtek SDK based routers
CVE-2019-19823 (A certain router administration interface (that includes
Realtek APMIB ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2019-19822 (A certain router administration interface (that includes
Realtek APMIB ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2019-19821
RESERVED
CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the
kyrld.sys dr ...)
@@ -12589,7 +12589,7 @@ CVE-2020-3149
CVE-2020-3148
RESERVED
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches
could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3146
RESERVED
CVE-2020-3145
@@ -25094,7 +25094,7 @@ CVE-2019-17352 (In JFinal cos before 2019-08-13, as
used in JFinal 4.4, there is
CVE-2019-17339
RESERVED
CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO
Patterns - ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO
Spotfir ...)
@@ -33203,7 +33203,7 @@ CVE-2019-14631
CVE-2019-14630
RESERVED
CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold
may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14628
RESERVED
CVE-2019-14627
@@ -33237,7 +33237,7 @@ CVE-2019-14615 (Insufficient control flow in certain
data structures for some In
CVE-2019-14614
RESERVED
CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM)
Amplifier for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow
a privil ...)
NOT-FOR-US: Intel
CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a
privilege ...)
@@ -33263,9 +33263,9 @@ CVE-2019-14603 (Improper permissions in the installer
for the License Server sof
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR
Driver vers ...)
NOT-FOR-US: Nuvoton* CIR Driver
CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for
Windows b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R)
SNMP Su ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and
earlier ...)
NOT-FOR-US: Intel
CVE-2019-14598
@@ -44006,7 +44006,7 @@ CVE-2019-11290 (Cloud Foundry UAA Release, versions
prior to v74.8.0, logs all q
CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not
properly ...)
NOT-FOR-US: Cloud Foundry Routing
CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x
versions pr ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x
prior to 3. ...)
- rabbitmq-server <unfixed> (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
=====================================
data/embedded-code-copies
=====================================
@@ -3469,3 +3469,6 @@ libstb
- libsixel <unfixed> (embed; bug #949707)
- retroarch <unfixed> (embed; bug #949708)
- libsfml <unfixed> (embed; bug #949709)
+ - sumo <unfixed> (embed; bug #950251)
+ - yquake2 <unfixed> (embed; bug #950252)
+ - dart <unfixed> (modified-embed)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc319a8d4120a13458c13a6825b73e61f1ca5a53
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc319a8d4120a13458c13a6825b73e61f1ca5a53
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
