[Git][security-tracker-team/security-tracker][master] new kitty issue, NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c662702 by Moritz Mühlenhoff at 2020-12-22T12:33:35+01:00
new kitty issue, NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -255,15 +255,15 @@ CVE-2021-21107
 CVE-2021-21106
 	RESERVED
 CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...)
-	TODO: check
+	NOT-FOR-US: PushToWatch MediaWiki extension
 CVE-2020-35625 (An issue was discovered in the Widgets extension for MediaWiki through ...)
-	TODO: check
+	NOT-FOR-US: Widgets MediaWiki extension
 CVE-2020-35624 (An issue was discovered in the SecurePoll extension for MediaWiki thro ...)
-	TODO: check
+	NOT-FOR-US: SecurePoll MediaWiki extension
 CVE-2020-35623 (An issue was discovered in the CasAuth extension for MediaWiki through ...)
-	TODO: check
+	NOT-FOR-US: CasAuth MediaWiki extension
 CVE-2020-35622 (An issue was discovered in the GlobalUsage extension for MediaWiki thr ...)
-	TODO: check
+	NOT-FOR-US: GlobalUsage MediaWiki extension
 CVE-2020-35621
 	RESERVED
 CVE-2020-35620
@@ -297,9 +297,11 @@ CVE-2020-35607
 CVE-2020-35606 (Arbitrary command execution can occur in Webmin through 1.962. Any use ...)
 	- webmin <removed>
 CVE-2020-35605 (The Graphics Protocol feature in graphics.c in kitty before 0.19.3 all ...)
-	TODO: check
+	- kitty <unfixed>
+	NOTE: https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901
+	NOTE: https://github.com/kovidgoyal/kitty/issues/3128
 CVE-2020-35604 (An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. ...)
-	TODO: check
+	NOT-FOR-US: Kronos WebTA
 CVE-2020-35603
 	RESERVED
 CVE-2020-35602
@@ -5295,7 +5297,7 @@ CVE-2020-29598
 CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file  ...)
 	NOT-FOR-US: IncomCMS
 CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial o ...)
-	TODO: check
+	NOT-FOR-US: MiniWeb HTTP server
 CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 ...)
 	NOT-FOR-US: ACDSee Photo Studio Studio Professional
 CVE-2020-29594
@@ -16335,7 +16337,7 @@ CVE-2020-26283
 CVE-2020-26282
 	RESERVED
 CVE-2020-26281 (async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). Ther ...)
-	TODO: check
+	NOT-FOR-US: Rust async-h1
 CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system for m ...)
 	NOT-FOR-US: OpenSlides
 CVE-2020-26279
@@ -16343,7 +16345,7 @@ CVE-2020-26279
 CVE-2020-26278
 	RESERVED
 CVE-2020-26277 (DBdeployer is a tool that deploys MySQL database servers easily. In DB ...)
-	TODO: check
+	NOT-FOR-US: DBdeployer
 CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...)
 	NOT-FOR-US: Fleet (osquery frontend)
 CVE-2020-26275 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
@@ -16906,7 +16908,7 @@ CVE-2020-26051
 CVE-2020-26050
 	RESERVED
 CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...)
-	TODO: check
+	NOT-FOR-US: Nifty-PM CPE
 CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
 	NOT-FOR-US: CuppaCMS
 CVE-2020-26047



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c6627024ed253fc30b9791bb4b9273bc78b065c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c6627024ed253fc30b9791bb4b9273bc78b065c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201222/8fce3803/attachment.html>