[Git][security-tracker-team/security-tracker][master] 4 commits: Add new teampass issues

Salvatore Bonaccorso carnil at debian.org
Thu Apr 30 09:47:39 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28ff181a by Salvatore Bonaccorso at 2020-04-30T10:44:23+02:00
Add new teampass issues

- - - - -
871d317e by Salvatore Bonaccorso at 2020-04-30T10:45:13+02:00
Process some NFUs

- - - - -
6b3ced2b by Salvatore Bonaccorso at 2020-04-30T10:45:22+02:00
Add CVE-2020-12458/grafana

- - - - -
8ab79274 by Salvatore Bonaccorso at 2020-04-30T10:47:14+02:00
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2020-12481
 CVE-2020-12480
 	RESERVED
 CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...)
-	NOT-FOR-US: TeamPass
+	- teampass <itp> (bug #730180)
 CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...)
-	NOT-FOR-US: TeamPass
+	- teampass <itp> (bug #730180)
 CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...)
-	NOT-FOR-US: TeamPass
+	- teampass <itp> (bug #730180)
 CVE-2020-12476
 	RESERVED
 CVE-2020-12475
@@ -23,7 +23,7 @@ CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5
 CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...)
 	NOT-FOR-US: MonoX
 CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...)
-	NOT-FOR-US: MonoX
+	NOT-FOR-US: Subrion CMS
 CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...)
 	NOT-FOR-US: Subrion CMS
 CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...)
@@ -64,7 +64,7 @@ CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the c
 CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...)
 	- grafana <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
-	NOTE: https://github.com/grafana/grafana/issues/8283 
+	NOTE: https://github.com/grafana/grafana/issues/8283
 CVE-2020-12457
 	RESERVED
 CVE-2020-12456
@@ -1212,9 +1212,9 @@ CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker
 CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...)
 	NOT-FOR-US: bitcoin-abe
 CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...)
-	TODO: check
+	NOT-FOR-US: Open-AudIT
 CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...)
-	TODO: check
+	NOT-FOR-US: Open-AudIT
 CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
 	NOT-FOR-US: Open-AudIT
 CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
@@ -2016,7 +2016,7 @@ CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0
 CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...)
-	TODO: check
+	NOT-FOR-US: LG Bridge
 CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0ccb8adf5cfbcc810be720d9b93252befc419cb...8ab79274f25738cb59e53233bd5905c9fdde8828

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a0ccb8adf5cfbcc810be720d9b93252befc419cb...8ab79274f25738cb59e53233bd5905c9fdde8828
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200430/88765a3a/attachment.html>

More information about the debian-security-tracker-commits mailing list