[Git][security-tracker-team/security-tracker][master] new qemu, tinymce, netxcloud-desktop, chromium, edk2 issues

Moritz Muehlenhoff jmm at debian.org
Fri Aug 21 19:24:55 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cb40725 by Moritz Muehlenhoff at 2020-08-21T20:24:25+02:00
new qemu, tinymce, netxcloud-desktop, chromium, edk2 issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -471,6 +471,9 @@ CVE-2020-24353
 	RESERVED
 CVE-2020-24352
 	RESERVED
+	- qemu <unfixed> (bug #968820)
+	[buster] - qemu <postponed> (Can be fixed along in later DSA)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584
 CVE-2020-24351
 	RESERVED
 CVE-2020-24350
@@ -14246,7 +14249,8 @@ CVE-2020-17482
 CVE-2020-17481
 	RESERVED
 CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...)
-	TODO: check
+	- tinymce <unfixed>
+	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...)
 	TODO: check
 CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...)
@@ -38343,9 +38347,10 @@ CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwi
 CVE-2020-8231
 	RESERVED
 CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...)
-	TODO: check
+	- netxcloud-desktop <not-affected> (Windows-specific)
 CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...)
-	TODO: check
+	- netxcloud-desktop <unfixed> (bug #968822)
+	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
 CVE-2020-8228
 	RESERVED
 CVE-2020-8227
@@ -38355,7 +38360,8 @@ CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which
 CVE-2020-8225
 	RESERVED
 CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
-	TODO: check
+	- netxcloud-desktop <unfixed> (bug #968822)
+	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
 CVE-2020-8223
 	RESERVED
 CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...)
@@ -42481,6 +42487,8 @@ CVE-2020-6557
 	RESERVED
 CVE-2020-6556
 	RESERVED
+	- chromium <unfixed>
+	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6555
 	RESERVED
 	- chromium <unfixed>
@@ -58029,7 +58037,7 @@ CVE-2020-1599
 CVE-2020-1598
 	RESERVED
 CVE-2020-1597 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1596
 	RESERVED
 CVE-2020-1595
@@ -58041,7 +58049,7 @@ CVE-2020-1593
 CVE-2020-1592
 	RESERVED
 CVE-2020-1591 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1590
 	RESERVED
 CVE-2020-1589
@@ -58049,163 +58057,163 @@ CVE-2020-1589
 CVE-2020-1588
 	RESERVED
 CVE-2020-1587 (An elevation of privilege vulnerability exists when the Windows Ancill ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1586
 	RESERVED
 CVE-2020-1585 (A remote code execution vulnerability exists in the way that Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1584 (An elevation of privilege vulnerability exists in the way that the dns ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1583 (An information disclosure vulnerability exists when Microsoft Word imp ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1582 (A remote code execution vulnerability exists in Microsoft Access softw ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1581 (An elevation of privilege vulnerability exists in the way that Microso ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1580 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1579 (An elevation of privilege vulnerability exists when the Windows Functi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1578 (An information disclosure vulnerability exists in the Windows kernel t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1577 (An information disclosure vulnerability exists when DirectWrite improp ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1576
 	RESERVED
 CVE-2020-1575
 	RESERVED
 CVE-2020-1574 (A remote code execution vulnerability exists in the way that Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1573 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1572
 	RESERVED
 CVE-2020-1571 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1570 (A remote code execution vulnerability exists in the way that the scrip ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1569 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1568 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1567 (A remote code execution vulnerability exists in the way that the MSHTM ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1566 (An elevation of privilege vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1565 (An elevation of privilege vulnerability exists when the &quot;Publ ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1564 (A remote code execution vulnerability exists when the Windows Jet Data ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1563 (A remote code execution vulnerability exists in Microsoft Office softw ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1562 (A remote code execution vulnerability exists in the way that Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1561 (A remote code execution vulnerability exists in the way that Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1560 (A remote code execution vulnerability exists in the way that Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1559
 	RESERVED
 CVE-2020-1558 (A remote code execution vulnerability exists when the Windows Jet Data ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1557 (A remote code execution vulnerability exists when the Windows Jet Data ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1556 (An elevation of privilege vulnerability exists in the way that the Win ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1555 (A remote code execution vulnerability exists in the way that the scrip ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1554 (A memory corruption vulnerability exists when Windows Media Foundation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1553 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1552 (An elevation of privilege vulnerability exists when the Windows Work F ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1551 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1550 (An elevation of privilege vulnerability exists when the Windows CDP Us ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1549 (An elevation of privilege vulnerability exists when the Windows CDP Us ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1548 (An information disclosure vulnerability exists when the Windows WaasMe ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1547 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1546 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1545 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1544 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1543 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1542 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1541 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1540 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1539 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1538 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1537 (An elevation of privilege vulnerability exists when the Windows Remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1536 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1535 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1534 (An elevation of privilege vulnerability exists when the Windows Backup ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1533 (An elevation of privilege vulnerability exists in the way that the Win ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1532
 	RESERVED
 CVE-2020-1531 (An elevation of privilege vulnerability exists when the Windows Accoun ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1530 (An elevation of privilege vulnerability exists when Windows Remote Acc ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1529 (An elevation of privilege vulnerability exists in the way that the Win ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1528 (An elevation of privilege vulnerability exists when the Windows Radio  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1527 (An elevation of privilege vulnerability exists when the Windows Custom ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1526 (An elevation of privilege vulnerability exists when the Windows Networ ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1525 (A memory corruption vulnerability exists when Windows Media Foundation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1524 (An elevation of privilege vulnerability exists when the Windows Speech ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1523
 	RESERVED
 CVE-2020-1522 (An elevation of privilege vulnerability exists when the Windows Speech ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1521 (An elevation of privilege vulnerability exists when the Windows Speech ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1520 (A remote code execution vulnerability exists when the Windows Font Dri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1519 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1518 (An elevation of privilege vulnerability exists when the Windows File S ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1517 (An elevation of privilege vulnerability exists when the Windows File S ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1516 (An elevation of privilege vulnerability exists when the Windows Work F ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1515 (An elevation of privilege vulnerability exists when the Windows Teleph ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1514
 	RESERVED
 CVE-2020-1513 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1512 (An information disclosure vulnerability exists when the Windows State  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1511 (An elevation of privilege vulnerability exists when Connected User Exp ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1510 (An information disclosure vulnerability exists when the win32k compone ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1509 (An elevation of privilege vulnerability exists in the Local Security A ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1508
 	RESERVED
 CVE-2020-1507
@@ -58213,89 +58221,89 @@ CVE-2020-1507
 CVE-2020-1506
 	RESERVED
 CVE-2020-1505 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1504 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1503 (An information disclosure vulnerability exists when Microsoft Word imp ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1502 (An information disclosure vulnerability exists when Microsoft Word imp ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1501 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1500 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1499 (A spoofing vulnerability exists when Microsoft SharePoint Server does  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1498 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1497 (An information disclosure vulnerability exists when Microsoft Excel im ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1496 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1495 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1494 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1493 (An information disclosure vulnerability exists when attaching files to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1492 (A memory corruption vulnerability exists when Windows Media Foundation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1491
 	RESERVED
 CVE-2020-1490 (An elevation of privilege vulnerability exists when the Storage Servic ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1489 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1488 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1487 (An information disclosure vulnerability exists when Media Foundation i ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1486 (An elevation of privilege vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1485 (An information disclosure vulnerability exists when the Windows Image  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1484 (An elevation of privilege vulnerability exists when the Windows Work F ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1483 (A remote code execution vulnerability exists in Microsoft Outlook when ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1482
 	RESERVED
 CVE-2020-1481 (A remote code execution vulnerability exists in the ESLint extension f ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1480 (An elevation of privilege vulnerability exists in the way that the Win ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1479 (An elevation of privilege vulnerability exists when DirectX improperly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1478 (A memory corruption vulnerability exists when Windows Media Foundation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1477 (A memory corruption vulnerability exists when Windows Media Foundation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1476 (An elevation of privilege vulnerability exists when ASP.NET or .NET we ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1475 (An elevation of privilege vulnerability exists in the way that the srm ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1474 (An information disclosure vulnerability exists when the Windows Image  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1471
 	RESERVED
 CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows Work F ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1469 (A denial of service vulnerability exists when the .NET implementation  ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1468 (An information disclosure vulnerability exists when the Windows GDI co ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1467 (An elevation of privilege vulnerability exists when Windows improperly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1466 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1465 (An elevation of privilege vulnerability exists in Microsoft OneDrive t ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1464 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1463 (An elevation of privilege vulnerability exists in the way that the Sha ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1462 (An information disclosure vulnerability exists when Skype for Business ...)
@@ -58305,7 +58313,7 @@ CVE-2020-1461 (An elevation of privilege vulnerability exists when the MpSigStub
 CVE-2020-1460
 	RESERVED
 CVE-2020-1459 (An information disclosure vulnerability exists on ARM implementations  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...)
@@ -58313,7 +58321,7 @@ CVE-2020-1457 (A remote code execution vulnerability exists in the way that Micr
 CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1455 (A denial of service vulnerability exists when Microsoft SQL Server Man ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1454 (This vulnerability is caused when SharePoint Server does not properly  ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1453
@@ -58389,7 +58397,7 @@ CVE-2020-1419 (An information disclosure vulnerability exists when the Windows k
 CVE-2020-1418 (An elevation of privilege vulnerability exists when the Windows Diagno ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1417 (An elevation of privilege vulnerability exists when the Windows kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1416 (An elevation of privilege vulnerability exists in Visual Studio and Vi ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1415 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
@@ -58457,19 +58465,19 @@ CVE-2020-1385 (An elevation of privilege vulnerability exists in the way that th
 CVE-2020-1384 (An elevation of privilege vulnerability exists when the Windows Crypto ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1383 (An information disclosure vulnerability exists in RPC if the server ha ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1382 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1381 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1380 (A remote code execution vulnerability exists in the way that the scrip ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1379 (A memory corruption vulnerability exists when Windows Media Foundation ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1378 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1377 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1376
 	RESERVED
 CVE-2020-1375 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -58545,11 +58553,11 @@ CVE-2020-1341
 CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not properl ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1339 (A remote code execution vulnerability exists when Windows Media Audio  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1338
 	RESERVED
 CVE-2020-1337 (An elevation of privilege vulnerability exists when the Windows Print  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that the Win ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1335
@@ -58859,7 +58867,7 @@ CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows S
 CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1182 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1180
@@ -59131,7 +59139,7 @@ CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows P
 CVE-2020-1047
 	RESERVED
 CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-1045
 	RESERVED
 CVE-2020-1044
@@ -60015,7 +60023,7 @@ CVE-2020-0606 (A remote code execution vulnerability exists in .NET software whe
 CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-0604 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software  ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly  ...)
@@ -73328,6 +73336,10 @@ CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib]
 	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
 CVE-2019-14562
 	RESERVED
+	- edk2 <unfixed> (bug #968819)
+	[buster] - edk2 <no-dsa> (Minor issue)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245
+	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
 CVE-2019-14561
 	RESERVED
 CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb4072589e05645e505ff478104b6a3467ff3c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cb4072589e05645e505ff478104b6a3467ff3c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200821/e4243345/attachment.html>


More information about the debian-security-tracker-commits mailing list