[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sun Aug 23 21:57:31 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b56e9894 by Moritz Muehlenhoff at 2020-08-23T22:53:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36803,9 +36803,9 @@ CVE-2020-8914
 CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...)
 	NOT-FOR-US: Android's Play Core Library
 CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...)
-	TODO: check
+	NOT-FOR-US: AWS S3 Crypto SDK for Go
 CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...)
-	TODO: check
+	NOT-FOR-US: AWS S3 Crypto SDK for Go
 CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...)
 	NOT-FOR-US: Google Closure Library
 CVE-2020-8909
@@ -41420,7 +41420,7 @@ CVE-2020-7020
 CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...)
 	- elasticsearch <removed>
 CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...)
-	TODO: check
+	- elasticsearch <removed>
 CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...)
 	- kibana <itp> (bug #700337)
 CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...)
@@ -45395,11 +45395,11 @@ CVE-2020-5419
 CVE-2020-5418
 	RESERVED
 CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when  ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...)
-	TODO: check
+	NOT-FOR-US: Councourse
 CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...)
 	NOT-FOR-US: VMware
 CVE-2020-5413 (Spring Integration framework provides Kryo Codec implementations as an ...)
@@ -48743,7 +48743,7 @@ CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasti
 CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
 	NOT-FOR-US: LoRa Basics Station
 CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: mversion
 CVE-2020-4058
 	RESERVED
 CVE-2020-4057
@@ -60714,7 +60714,7 @@ CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1
 CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...)
 	NOT-FOR-US: Intel
 CVE-2020-0559 (Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi p ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...)
 	NOT-FOR-US: Intel
 CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...)
@@ -60733,7 +60733,7 @@ CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.5
 	NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
 	NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e
 CVE-2020-0555 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0554 (Race condition in software installer for some Intel(R) Wireless Blueto ...)
 	NOT-FOR-US: Intel
 CVE-2020-0553 (Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b56e989427a2b772887e827d670f59c51046a8b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b56e989427a2b772887e827d670f59c51046a8b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200823/52fd0c56/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list