[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Apr 2 09:33:44 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bca3ba7 by Moritz Muehlenhoff at 2020-04-02T10:33:27+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3859,11 +3859,11 @@ CVE-2020-9787
 CVE-2020-9786
 	RESERVED
 CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2020-9783 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9782
 	RESERVED
 CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...)
@@ -7648,11 +7648,11 @@ CVE-2020-8148
 CVE-2020-8147
 	RESERVED
 CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...)
-	TODO: check
+	NOT-FOR-US: UniFi
 CVE-2020-8143
 	RESERVED
 CVE-2020-8142
@@ -14221,7 +14221,7 @@ CVE-2020-5293
 CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
 	NOT-FOR-US: Leantime
 CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: RedpwnCTF
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
 	NOT-FOR-US: Elide
 CVE-2020-5288
@@ -69583,7 +69583,7 @@ CVE-2019-5107 (A cleartext transmission vulnerability exists in the network comm
 CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentication ...)
 	NOT-FOR-US: WAGO
 CVE-2019-5105 (An exploitable memory corruption vulnerability exists in the Name Serv ...)
-	TODO: check
+	NOT-FOR-US: 3S-Smart Software Solutions CODESYS GatewayService
 CVE-2019-5104
 	REJECTED
 CVE-2019-5103
@@ -72846,9 +72846,9 @@ CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packagin
 CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE  ...)
 	TODO: check
 CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...)
-	TODO: check
+	NOT-FOR-US: SUSE packaging of inn
 CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
-	TODO: check
+	NOT-FOR-US: SUSE packaging of munge
 CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...)
 	NOT-FOR-US: SuSE-specific tool
 CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...)
@@ -72869,7 +72869,7 @@ CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS ce
 CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
 	NOT-FOR-US: SUSE Manager
 CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before  ...)
-	TODO: check
+	NOT-FOR-US: SuSE Openstack Cloud
 CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
 	NOT-FOR-US: SuSE
 CVE-2019-3681
@@ -77566,7 +77566,7 @@ CVE-2018-20107
 CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer set ...)
 	NOT-FOR-US: yast2-printer
 CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files vulnerability in yas ...)
-	TODO: check
+	NOT-FOR-US: yast-rmt
 CVE-2018-20104
 	RESERVED
 CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bca3ba7462800c37bc85929ce0817ed18cceac2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bca3ba7462800c37bc85929ce0817ed18cceac2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200402/4b64dfaf/attachment.html>

More information about the debian-security-tracker-commits mailing list