[Git][security-tracker-team/security-tracker][master] NFUs

Fri, 31 Jul 2020 05:54:14 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd6fa804 by Moritz Muehlenhoff at 2020-07-31T14:53:05+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -232,7 +232,7 @@ CVE-2020-16090
 CVE-2020-16089
        RESERVED
 CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows 
authenticatio ...)
-       TODO: check
+       NOT-FOR-US: OpenIKED
 CVE-2020-16087
        RESERVED
 CVE-2020-16086
@@ -2471,9 +2471,9 @@ CVE-2020-15133
 CVE-2020-15132
        RESERVED
 CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 
1.2.2, there ...)
-       TODO: check
+       NOT-FOR-US: Node slp-validate
 CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Node slpjs
 CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there 
exists  ...)
        NOT-FOR-US: Traefik
 CVE-2020-15128
@@ -2483,7 +2483,7 @@ CVE-2020-15127
 CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an 
authenticated ...)
        NOT-FOR-US: Node parser-server
 CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of 
specific  ...)
-       TODO: check
+       NOT-FOR-US: Node auth0
 CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal 
vulnerabil ...)
        NOT-FOR-US: Goobi Viewer Core
 CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload 
method has a  ...)
@@ -21204,7 +21204,7 @@ CVE-2020-8217 (A cross site scripting (XSS) 
vulnerability in Pulse Connect Secur
 CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse 
Connect Se ...)
        NOT-FOR-US: Pulse
 CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, 
which coul ...)
-       TODO: check
+       NOT-FOR-US: Node canvas
 CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows 
an atta ...)
        NOT-FOR-US: servey
 CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect 
v1.13.3  ...)
@@ -21233,7 +21233,7 @@ CVE-2020-8203 (Prototype pollution attack when using 
_.zipObjectDeep in lodash &
        [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by 
security support)
        NOTE: https://hackerone.com/reports/712065
 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app 
v1.6.0 a ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Preferred Providers app
 CVE-2020-8201
        RESERVED
 CVE-2020-8200
@@ -21253,7 +21253,7 @@ CVE-2020-8194 (Reflected code injection in Citrix ADC 
and Citrix Gateway version
 CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway 
versions befo ...)
        NOT-FOR-US: Citrix
 CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and 
v3.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Node fastify
 CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway 
versions be ...)
        NOT-FOR-US: Citrix
 CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway 
before ver ...)
@@ -21297,7 +21297,7 @@ CVE-2020-8177
 CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth 
v3.1.6 ...)
        NOT-FOR-US: koa-shopify-auth
 CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may 
allow  ...)
-       TODO: check
+       NOT-FOR-US: Node jimp
 CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory 
corruption in ...)
        {DSA-4696-1}
        - nodejs 10.21.0~dfsg-1 (bug #962145)
@@ -22551,7 +22551,7 @@ CVE-2020-7701
 CVE-2020-7700
        RESERVED
 CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If 
the parse ...)
-       TODO: check
+       NOT-FOR-US: express-fileupload
 CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The 
input bei ...)
        TODO: check
 CVE-2020-7697 (This affects all versions of package mock2easy. a malicious 
user could ...)
@@ -212195,9 +212195,9 @@ CVE-2016-7066 (It was found that the improper default 
permissions on /tmp/auth d
 CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application 
Platform (EAP) ...)
        NOT-FOR-US: Red Hat JBoss EAP
 CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A 
lack o ...)
-       TODO: check
+       NOT-FOR-US: pritunl-client
 CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. 
Arbitrar ...)
-       TODO: check
+       NOT-FOR-US: pritunl-client
 CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat 
Storage Co ...)
        NOT-FOR-US: Red Hat rhscon-core
 CVE-2016-7061 (An information disclosure vulnerability was found in JBoss 
Enterprise  ...)
@@ -282523,7 +282523,7 @@ CVE-2014-1424 (apparmor_parser in the apparmor 
package before 2.8.95~2430-0ubunt
 CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in 
Ubuntu Touch ...)
        NOT-FOR-US: signond from Ubuntu Touch
 CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from 
an app ...)
-       TODO: check
+       NOT-FOR-US: Ubuntu trust-store
 CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly 
handle the u ...)
        - mountall <not-affected> (partman-efi in jessie uses secure umask, 
mount in older releases not affected)
        NOTE: See 
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
@@ -289209,8 +289209,7 @@ CVE-2013-5961 (Unrestricted file upload vulnerability 
in lazyseo.php in the Lazy
 CVE-2013-5960 (The authenticated-encryption feature in the 
symmetric-encryption imple ...)
        NOT-FOR-US: OWASP Enterprise Security API for Java
 CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x 
before 2. ...)
-       NOT-FOR-US: Symfony
-       TODO: Check if php-symfony-polyfill/1.17.0-1 needs to be tracked
+       - symfony <not-affected> (Fixed before initial upload)
 CVE-2013-5957 (Multiple SQL injection vulnerabilities in 
CRM/Core/Page/AJAX/Location. ...)
        - civicrm <not-affected> (Fixed before initial upload to the archive)
 CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in 
includes/flvthumbnail.php  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd6fa804c093857496cc545929273746b2bc8a33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd6fa804c093857496cc545929273746b2bc8a33
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to