[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Tue, 08 Sep 2020 11:04:29 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d834879f by Moritz Muehlenhoff at 2020-09-08T20:03:34+02:00
NFUs
new reel issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41456,21 +41456,21 @@ CVE-2020-7689 (Data is truncated wrong when its 
length is greater than 255 bytes
 CVE-2020-7688 (The issue occurs because tagName user input is formatted inside 
the ex ...)
        NOT-FOR-US: Node mversion
 CVE-2020-7687 (This affects all versions of package fast-http. There is no 
path sanit ...)
-       TODO: check
+       NOT-FOR-US: Node fast-http
 CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. 
There i ...)
-       TODO: check
+       NOT-FOR-US: Node rollup-plugin-dev-server
 CVE-2020-7685 (This affects all versions of package UmbracoForms. When using 
the defa ...)
-       TODO: check
+       NOT-FOR-US: UmbracoForms
 CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There 
is no  ...)
-       TODO: check
+       NOT-FOR-US: Node rollup-plugin-server
 CVE-2020-7683 (This affects all versions of package rollup-plugin-server. 
There is no ...)
-       TODO: check
+       NOT-FOR-US: Node rollup-plugin-server
 CVE-2020-7682 (This affects all versions of package marked-tree. There is no 
path san ...)
-       TODO: check
+       NOT-FOR-US: Node marked-tree
 CVE-2020-7681 (This affects all versions of package marscode. There is no path 
saniti ...)
-       TODO: check
+       NOT-FOR-US: Node marscode
 CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting 
(XSS).  ...)
-       TODO: check
+       NOT-FOR-US: docsify
 CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility 
function ...)
        NOT-FOR-US: Node casperjs
 CVE-2020-7678
@@ -41498,16 +41498,16 @@ CVE-2020-7671 (goliath through 1.0.6 allows request 
smuggling attacks where goli
 CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo 
is use ...)
        NOT-FOR-US: Ruby gem agoo
 CVE-2020-7669 (This affects all versions of package 
github.com/u-root/u-root/pkg/taru ...)
-       TODO: check
+       NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package
 CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the 
ExtractT ...)
        - golang-github-unknwon-cae <removed> (bug #967956)
        NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384
 CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before 
version 0.1. ...)
        NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module
 CVE-2020-7666 (This affects all versions of package 
github.com/u-root/u-root/pkg/cpio ...)
-       TODO: check
+       NOT-FOR-US: github.com/u-root/u-root/pkg/cpio Go package
 CVE-2020-7665 (This affects all versions of package 
github.com/u-root/u-root/pkg/uzip ...)
-       TODO: check
+       NOT-FOR-US: github.com/u-root/u-root/pkg/uzip Go package
 CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the 
Extract ...)
        - golang-github-unknwon-cae <removed> (bug #967955)
        NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
@@ -41519,11 +41519,12 @@ CVE-2020-7663 (websocket-extensions ruby module prior 
to 0.1.5 allows Denial of
 CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of 
Servic ...)
        NOT-FOR-US: Node websocket-extensions
 CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression 
Denial  ...)
-       TODO: check
+       NOT-FOR-US: Node url-regex
 CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to 
inject  ...)
        NOT-FOR-US: serialize-javascript Node package
 CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to 
incorrect C ...)
-       TODO: check
+       - reel <removed>
+       NOTE: https://snyk.io/vuln/SNYK-RUBY-REEL-569135
 CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request 
Smuggling. HTTP  ...)
        NOT-FOR-US: meinheld
 CVE-2020-7657



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d834879ff051f07f073c868e47bee239d353dd56

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d834879ff051f07f073c868e47bee239d353dd56
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to