[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Aug 30 08:29:14 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f32f6495 by Salvatore Bonaccorso at 2020-08-30T09:28:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2020-25022
 CVE-2020-25021
 	RESERVED
 CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...)
-	TODO: check
+	NOT-FOR-US: MPXJ
 CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
-	TODO: check
+	NOT-FOR-US: jitsi-meet-electron
 CVE-2020-25018
 	RESERVED
 CVE-2020-25017
@@ -38720,7 +38720,7 @@ CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, ver
 CVE-2020-8554
 	RESERVED
 CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows  ...)
-	TODO: check
+	NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...)
 	- kubernetes 1.17.4-1
 	NOTE: https://github.com/kubernetes/kubernetes/issues/89378
@@ -40842,11 +40842,11 @@ CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via p
 CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
 	NOT-FOR-US: express-fileupload
 CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
-	TODO: check
+	NOT-FOR-US: Gerapy
 CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...)
-	TODO: check
+	NOT-FOR-US: mock2easy nodejs module
 CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an  ...)
-	TODO: check
+	NOT-FOR-US: react-native-fast-image nodejs module
 CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...)
 	TODO: check
 CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...)
@@ -51986,7 +51986,7 @@ CVE-2020-3568
 CVE-2020-3567
 	RESERVED
 CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3565
 	RESERVED
 CVE-2020-3564
@@ -102376,9 +102376,9 @@ CVE-2019-5323 (There are command injection vulnerabilities present in the AirWav
 CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
 	NOT-FOR-US: Edge Switch models
 CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...)
-	TODO: check
+	NOT-FOR-US: Aruba Intelligent Edge Switch Series
 CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...)
-	TODO: check
+	NOT-FOR-US: Aruba Intelligent Edge Switch Series
 CVE-2019-5319
 	RESERVED
 CVE-2019-5318



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32f64955b7f0d59716cc036ae8751b6c6cd931b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32f64955b7f0d59716cc036ae8751b6c6cd931b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200830/302f8b82/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list