[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Tue, 04 Aug 2020 00:23:46 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ea6f18f6 by Moritz Muehlenhoff at 2020-08-04T09:22:56+02:00
NFUs
golang postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,9 +27,9 @@ CVE-2020-16274
 CVE-2020-16273
        RESERVED
 CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 
1.12.0 is mis ...)
-       TODO: check
+       NOT-FOR-US: Kee Vault KeePassRPC
 CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 
1.12.0 genera ...)
-       TODO: check
+       NOT-FOR-US: Kee Vault KeePassRPC
 CVE-2020-16270
        RESERVED
 CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, 
causing ...)
@@ -42,7 +42,7 @@ CVE-2020-16267
 CVE-2020-16266
        RESERVED
 CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in 
OcPorta ...)
-       TODO: check
+       NOT-FOR-US: OcPortal
 CVE-2020-16265
        RESERVED
 CVE-2020-16264
@@ -303,7 +303,7 @@ CVE-2020-16138
 CVE-2020-16137
        RESERVED
 CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user 
with permis ...)
-       TODO: check
+       NOT-FOR-US: tgstation-server
 CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if 
ssh_buf ...)
        {DLA-2303-1}
        - libssh <unfixed> (bug #966560)
@@ -1651,6 +1651,7 @@ CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 
1.14.5 has a data race in so
        - golang-1.15 1.15~rc1-1
        - golang-1.14 1.14.6-1
        - golang-1.11 <removed>
+       [buster] - golang-1.11 <postponed> (Minor issue, can be fixed along in 
next DSA)
        - golang-1.8 <removed>
        - golang-1.7 <removed>
        - golang <removed>
@@ -5674,7 +5675,7 @@ CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby 
processes the template op
        - ruby-kramdown <unfixed> (bug #965305)
        NOTE: 
https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
 CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 
0.2.0-prerelease.2 ...)
-       TODO: check
+       NOT-FOR-US: scratch-vm different from src:scratch
 CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 
Metafile Libr ...)
        - libemf 1.0.13-1 (bug #963778)
        [buster] - libemf <no-dsa> (Minor issue)
@@ -6033,7 +6034,7 @@ CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote 
command execution via the
 CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a 
web folder ...)
        NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout 
value of 1. ...)
-       TODO: check
+       NOT-FOR-US: MQTT protocol flaw
 CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows 
remote attac ...)
        {DLA-2238-1}
        - pupnp-1.8 <unfixed> (bug #962282)
@@ -6104,7 +6105,7 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js 
allows ECDSA signature ma
 CVE-2020-13821
        RESERVED
 CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated 
reflected XS ...)
-       TODO: check
+       NOT-FOR-US: Extreme Management Center
 CVE-2020-13819
        RESERVED
 CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when 
&lt;cachestart&gt;  ...)
@@ -8765,7 +8766,7 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has 
a heap-based buffer ov
        NOTE: --fuzz-seed in PoC not present until version 4.2.0
        NOTE: Crash in CLI tool, no security impact
 CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i 
Mate-MD) could ...)
-       TODO: check
+       NOT-FOR-US: Fanuc i Series CNC
 CVE-2020-12738
        RESERVED
 CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on 
macOS. Authen ...)
@@ -20643,9 +20644,9 @@ CVE-2020-8577
 CVE-2020-8576
        RESERVED
 CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows 
versions prio ...)
-       TODO: check
+       NOT-FOR-US: Active IQ Unified Manager
 CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship 
with th ...)
-       TODO: check
+       NOT-FOR-US: Active IQ Unified Manager
 CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management 
Controllers ...)
        NOT-FOR-US: NetApp
 CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior 
to vers ...)
@@ -21746,7 +21747,7 @@ CVE-2020-8110
 CVE-2020-8109
        RESERVED
 CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint 
Security ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2020-8107
        RESERVED
 CVE-2020-8106



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea6f18f6fb0e5b94ff3192cf664c6a4b8ed31d49

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea6f18f6fb0e5b94ff3192cf664c6a4b8ed31d49
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to