[Git][security-tracker-team/security-tracker][master] new libspring-java issues
Moritz Muehlenhoff
jmm at debian.org
Thu Feb 6 12:37:59 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba7e744a by Moritz Muehlenhoff at 2020-02-06T13:37:37+01:00
new libspring-java issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1666,19 +1666,19 @@ CVE-2019-20408
CVE-2019-20407
RESERVED
CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-7920
RESERVED
CVE-2020-7919
@@ -3987,7 +3987,7 @@ CVE-2020-6856
CVE-2020-6855
RESERVED
CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...)
- TODO: check
+ NOT-FOR-US: JOC Cockpit, different from src:cockpit
CVE-2020-6853
RESERVED
CVE-2020-6852
@@ -7149,9 +7149,11 @@ CVE-2020-5400
CVE-2020-5399
RESERVED
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
- TODO: check
+ - libspring-java <unfixed>
+ NOTE: https://pivotal.io/security/cve-2020-5398
CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...)
- TODO: check
+ - libspring-java <unfixed>
+ NOTE: https://pivotal.io/security/cve-2020-5397
CVE-2020-5396
RESERVED
CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
@@ -7499,7 +7501,7 @@ CVE-2020-5239
CVE-2020-5238
RESERVED
CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...)
- TODO: check
+ NOT-FOR-US: oneup/uploader-bundle
CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
- waitress <unfixed>
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
@@ -7511,11 +7513,11 @@ CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nan
NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3
NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2
CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...)
- TODO: check
+ NOT-FOR-US: MessagePack for C#
CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
NOT-FOR-US: OAuth2 Proxy
CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
- TODO: check
+ NOT-FOR-US: Ethereum
CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...)
NOT-FOR-US: Opencast
CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...)
@@ -10686,11 +10688,11 @@ CVE-2019-20108
CVE-2019-20107
RESERVED
CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20105
RESERVED
CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20103
RESERVED
CVE-2019-20102
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba7e744acf96c47471d36a425945181888ea61a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ba7e744acf96c47471d36a425945181888ea61a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200206/298bd9a9/attachment.html>
More information about the debian-security-tracker-commits
mailing list