[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff jmm at debian.org
Tue Dec 15 18:17:33 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c939238 by Moritz Muehlenhoff at 2020-12-15T19:17:13+01:00
new gitlab issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2020-35462
 CVE-2020-35461
 	RESERVED
 CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...)
-	TODO: check
+	NOT-FOR-US: Packwood MPXJ
 CVE-2020-35459
 	RESERVED
 CVE-2020-35458
@@ -471,7 +471,7 @@ CVE-2020-35238
 CVE-2020-35237
 	RESERVED
 CVE-2020-35236 (The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incor ...)
-	TODO: check
+	NOT-FOR-US: amazee.io Lagoon
 CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal. ...)
 	NOT-FOR-US: WordPress plugin secure-file-manager
 CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrato ...)
@@ -2925,6 +2925,7 @@ CVE-2020-29488
 	RESERVED
 CVE-2020-29487
 	RESERVED
+	NOT-FOR-US: xapi
 CVE-2020-29486
 	RESERVED
 	- xen 4.14.0+88-g1d1d1f5391-1
@@ -6462,7 +6463,7 @@ CVE-2020-28398
 CVE-2020-28397
 	RESERVED
 CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-28395
 	RESERVED
 CVE-2020-28394
@@ -13171,17 +13172,17 @@ CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16739
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-16.html
 CVE-2020-26417 (Information disclosure via GraphQL in GitLab CE/EE 13.1 and later expo ...)
-	TODO: check
+	- gitlab 13.4.7-1
 CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE start ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2020-26415 (Information about the starred projects for private user profiles was e ...)
-	TODO: check
+	- gitlab 13.4.7-1
 CVE-2020-26414
 	RESERVED
 CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	TODO: check
+	- gitlab 13.4.7-1
 CVE-2020-26412 (Removed group members were able to use the To-Do functionality to retr ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2020-26411 (A potential DOS vulnerability was discovered in all versions of Gitlab ...)
 	- gitlab 13.4.7-1
 	NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
@@ -14180,7 +14181,7 @@ CVE-2020-25969
 CVE-2020-25968
 	RESERVED
 CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta is vulner ...)
-	TODO: check
+	NOT-FOR-US: fastadmin
 CVE-2020-25966 (** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API  ...)
 	NOT-FOR-US: Sectona Spectra
 CVE-2020-25965
@@ -15988,21 +15989,21 @@ CVE-2020-25237
 CVE-2020-25236
 	RESERVED
 CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25233 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25232 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25231 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25230 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25229 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25228 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-25227
 	RESERVED
 CVE-2020-25226



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c9392380a98e18a45084c507f345a7edd56cc5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c9392380a98e18a45084c507f345a7edd56cc5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201215/1b65b792/attachment.html>

More information about the debian-security-tracker-commits mailing list