[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
701fd667 by Salvatore Bonaccorso at 2020-08-10T22:21:01+02:00
Process one NFU

- - - - -
1739e3e1 by Salvatore Bonaccorso at 2020-08-10T22:22:28+02:00
Add firefox issues from mfsa2020-34 (Firefox for iOS specific)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly c
 CVE-2020-17477
 	RESERVED
 CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name. ...)
-	TODO: check
+	NOT-FOR-US: Mibew Messenger
 CVE-2020-17475
 	RESERVED
 CVE-2020-17474
@@ -3844,9 +3844,11 @@ CVE-2020-15664
 CVE-2020-15663
 	RESERVED
 CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...)
-	TODO: check
+	- firefox <not-affected> (Specific to Firefox for iOS)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662
 CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...)
-	TODO: check
+	- firefox <not-affected> (Specific to Firefox for iOS)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661
 CVE-2020-15660
 	RESERVED
 CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...)
@@ -3898,7 +3900,8 @@ CVE-2020-15652 (By observing the stack trace for JavaScript errors in web worker
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652
 CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used  ...)
-	TODO: check
+	- firefox <not-affected> (Specific to Firefox for iOS)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651
 CVE-2020-15650 (Given an installed malicious file picker application, an attacker was  ...)
 	- firefox-esr <not-affected> (Android specific)
 	- firefox <not-affected> (Android specific)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c27216a7372b2a6f6070dc924c9e0b71818ab09c...1739e3e173a17ac6624d48077233d4ed295c09cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c27216a7372b2a6f6070dc924c9e0b71818ab09c...1739e3e173a17ac6624d48077233d4ed295c09cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200810/ab44a035/attachment-0001.html>