[Git][security-tracker-team/security-tracker][master] inn2 n/a

Moritz Muehlenhoff Tue, 08 Sep 2020 04:01:19 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
888e7224 by Moritz Muehlenhoff at 2020-09-08T13:00:14+02:00
inn2 n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18979,17 +18979,12 @@ CVE-2020-15889 (Lua through 5.4.0 has a getobjname 
heap-based buffer over-read b
        NOTE: Introduced in 5.4
 CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack 
resizes and ...)
        - lua5.4 <unfixed>
-       - lua5.3 <undetermined>
-       - lua5.2 <undetermined>
-       - lua5.1 <undetermined>
-       - lua50 <undetermined>
        NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html
        NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html
        NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html
        NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html
        NOTE: 
https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
        NOTE: 
https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5
-       TODO: check details for older versions
 CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php 
in the  ...)
        NOT-FOR-US: MunkiReport
 CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in 
the repo ...)
@@ -40564,7 +40559,7 @@ CVE-2020-8028
 CVE-2020-8027
        RESERVED
 CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging 
of inn  ...)
-       TODO: check
+       - inn2 <not-affected> (inews has correct ownership in Debian)
 CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the 
permis ...)
        NOT-FOR-US: SAP
 CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging 
of hyla ...)
@@ -41364,39 +41359,39 @@ CVE-2020-7729 (The package grunt before 1.3.0 are 
vulnerable to Arbitrary Code E
 CVE-2020-7728
        RESERVED
 CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype 
Pollution via ...)
-       TODO: check
+       NOT-FOR-US: Node gedi
 CVE-2020-7726 (All versions of package safe-object2 are vulnerable to 
Prototype Pollu ...)
-       TODO: check
+       NOT-FOR-US: Node safe-object2
 CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype 
Pollutio ...)
-       TODO: check
+       NOT-FOR-US: Node worksmith
 CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype 
Pollutio ...)
-       TODO: check
+       NOT-FOR-US: Node tiny-conf
 CVE-2020-7723 (All versions of package promisehelpers are vulnerable to 
Prototype Pol ...)
-       TODO: check
+       NOT-FOR-US: Node promisehelpers
 CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype 
Pollut ...)
-       TODO: check
+       NOT-FOR-US: Node nodee-utils
 CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype 
Pollutio ...)
-       TODO: check
+       NOT-FOR-US: Node node-oojs
 CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype 
Pollut ...)
        - node-node-forge <unfixed> (bug #969669)
        NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
        NOTE: 
https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
 CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to 
prototype  ...)
-       TODO: check
+       NOT-FOR-US: Node locutus
 CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype 
Polluti ...)
-       TODO: check
+       NOT-FOR-US: Node gammautils
 CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype 
Pollutio ...)
-       TODO: check
+       NOT-FOR-US: Node dot-notes
 CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype 
Pollution vi ...)
-       TODO: check
+       NOT-FOR-US: Node deeps
 CVE-2020-7715 (All versions of package deep-get-set are vulnerable to 
Prototype Pollu ...)
-       TODO: check
+       NOT-FOR-US: Node deep-get-set
 CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype 
Polluti ...)
-       TODO: check
+       NOT-FOR-US: Node confucious
 CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to 
Protot ...)
-       TODO: check
+       NOT-FOR-US: Node arr-flatten-unflatten
 CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to 
inject  ...)
-       TODO: check
+       NOT-FOR-US: Node json
 CVE-2020-7711 (This affects all versions of package 
github.com/russellhaering/goxmlds ...)
        - golang-github-russellhaering-goxmldsig <unfixed> (bug #968928)
        NOTE: https://github.com/russellhaering/goxmldsig/issues/48



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/888e72243c8e862d08236222ec2685a2421e2238

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/888e72243c8e862d08236222ec2685a2421e2238
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] inn2 n/a

Reply via email to