Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4829ff54 by Moritz Muehlenhoff at 2020-09-09T09:24:32+02:00 new OBS, dojo issues NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -23105,7 +23105,7 @@ CVE-2020-14336 NOT-FOR-US: OpenShift CVE-2020-14335 RESERVED - TODO: check, not entirely clear if this is Red Hat Sattelite specific or as well generally for foreman + NOT-FOR-US: Red Hat Satellite CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...) - foreman <itp> (bug #663101) CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...) @@ -40584,9 +40584,11 @@ CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulne CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) NOT-FOR-US: SAP CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) - TODO: check + - open-build-service <unfixed> + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649 CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) - TODO: check + - open-build-service <unfixed> + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439 CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SAP CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) @@ -45546,9 +45548,8 @@ CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atid CVE-2020-6099 RESERVED CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...) - - freediameter <undetermined> + - freediameter <unfixed> NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 - TODO: check CVE-2020-6097 RESERVED CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) @@ -50379,7 +50380,7 @@ CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are create CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...) NOT-FOR-US: django-basic-auth-ip-whitelist CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...) - TODO: check + NOT-FOR-US: w3c css-validator CVE-2020-4069 RESERVED CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...) @@ -50398,7 +50399,7 @@ CVE-2020-4064 CVE-2020-4063 RESERVED CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...) - TODO: check + NOT-FOR-US: Conjur Helm Chart CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasting co ...) NOT-FOR-US: October CMS CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...) @@ -50427,7 +50428,9 @@ CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a pat CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...) NOT-FOR-US: Wiki.js CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...) - TODO: check + - dojo <unfixed> + [buster] - dojo <no-dsa> (Minor issue) + NOTE: https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...) NOT-FOR-US: SSB-DB CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...) @@ -56259,7 +56262,7 @@ CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0 CVE-2020-2076 (SICK Package Analytics software up to and including version V04.0.0 ar ...) NOT-FOR-US: SICK CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the device ...) - TODO: check + NOT-FOR-US: SICK CVE-2020-2074 RESERVED CVE-2020-2073 @@ -56953,7 +56956,7 @@ CVE-2020-1913 CVE-2020-1912 RESERVED CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2020-1910 RESERVED CVE-2020-1909 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4829ff54873981afc4b6939a9d88a9faa9440f44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4829ff54873981afc4b6939a9d88a9faa9440f44 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits