[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2020-1737 as unimportant

Salvatore Bonaccorso carnil at debian.org
Sat Apr 18 19:47:51 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78c6d1e5 by Salvatore Bonaccorso at 2020-04-18T20:31:00+02:00
Mark CVE-2020-1737 as unimportant

Whilst the binary packages whip the affected module we can consider it a
non-issue for us as the win_unzip module should extract only on Windows
platform.

- - - - -
e29b9eb5 by Salvatore Bonaccorso at 2020-04-18T20:38:36+02:00
Update affected information for CVE-2020-10691

The affected code (respectively the code adding collection sub command)
was only introduced in later branches in 2.9.

- - - - -
64030b23 by Salvatore Bonaccorso at 2020-04-18T20:47:23+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2020-11888
 	RESERVED
 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an  ...)
-	TODO: check
+	NOT-FOR-US: svg2png
 CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...)
-	TODO: check
+	NOT-FOR-US: OpenNMS
 CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
-	TODO: check
+	NOT-FOR-US: WSO2 Enterprise Integrator
 CVE-2020-11884
 	RESERVED
 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
@@ -29,11 +29,11 @@ CVE-2020-11877 (airhost.exe in Zoom Client for Meetings 4.6.11 uses 342342343232
 CVE-2020-11876 (airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash o ...)
 	NOT-FOR-US: Zoom Client for Meetings
 CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...)
 	TODO: check
 CVE-2020-11871
@@ -61,39 +61,39 @@ CVE-2020-11864
 CVE-2020-11863
 	RESERVED
 CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20781
 	RESERVED
 CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 9.0 (Qual ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0 softw ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...)
-	TODO: check
+	NOT-FOR-US: LG PC Suite
 CVE-2020-11862
 	RESERVED
 CVE-2020-11861
@@ -3493,6 +3493,9 @@ CVE-2020-10692
 CVE-2020-10691
 	RESERVED
 	- ansible <unfixed>
+	[buster] - ansible <not-affected> (Vulnerable code introduced later)
+	[stretch] - ansible <not-affected> (Vulnerable code introduced later)
+	[jessie] - ansible <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161
 	NOTE: https://github.com/ansible/ansible/pull/68596
 	NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9)
@@ -26130,10 +26133,11 @@ CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or ser
 	NOTE: Marked unimportant as for exploitation it requires already a remote that is
 	NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017
 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...)
-	- ansible <unfixed>
+	- ansible <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
 	NOTE: https://github.com/ansible/ansible/issues/67795
 	NOTE: https://github.com/ansible/ansible/pull/67799
+	NOTE: Issue in the win_unzip module which is executed only on Windows plattform
 CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c53b896c8eda41f81f738dd00a203e565c538b7c...64030b2311b1fdcd4465ba71d931c4955de80fad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c53b896c8eda41f81f738dd00a203e565c538b7c...64030b2311b1fdcd4465ba71d931c4955de80fad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200418/f587136a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list