[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Aug 9 09:31:11 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f5729ee by Salvatore Bonaccorso at 2020-08-09T10:30:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -192,7 +192,7 @@ CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and
 	- lilypond <unfixed>
 	NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff
 CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos  ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2020-17351
 	RESERVED
 CVE-2020-17350
@@ -3333,35 +3333,35 @@ CVE-2020-15833
 CVE-2020-15832
 	RESERVED
 CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...)
-	TODO: check
+	NOT-FOR-US: JetBrains ToolBox
 CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-15824 (In JetBrains Kotlin before 1.4.0, there is a script-cache privilege es ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Kotlin
 CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15822
 	RESERVED
 CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15862 [privilege escalation]
 	RESERVED
 	{DLA-2299-1}
@@ -38805,7 +38805,7 @@ CVE-2019-19706
 CVE-2019-19705
 	RESERVED
 CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is possibl ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Upsource
 CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...)
 	NOT-FOR-US: Ktor
 CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...)
@@ -82325,7 +82325,7 @@ CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya E
 CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
 	NOT-FOR-US: Avaya
 CVE-2019-7005 (A vulnerability was discovered in the web interface component of IP Of ...)
-	TODO: check
+	NOT-FOR-US: IP Office
 CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI component of I ...)
 	NOT-FOR-US: Avaya
 CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f5729ee5389eaa65e5bd62b70ae23393634cf2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f5729ee5389eaa65e5bd62b70ae23393634cf2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200809/9457b310/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list