[Git][security-tracker-team/security-tracker][master] new lua-cgi issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70f13d29 by Moritz Muehlenhoff at 2020-02-07T13:18:23+01:00
new lua-cgi issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -229,9 +229,9 @@ CVE-2020-8669
 CVE-2020-8668
 	RESERVED
 CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
-	TODO: check
+	- lua-cgi <unfixed>
 CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...)
-	TODO: check
+	- lua-cgi <unfixed>
 CVE-2020-8667
 	RESERVED
 CVE-2020-8666
@@ -1925,7 +1925,7 @@ CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.
 CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...)
-	TODO: check
+	NOT-FOR-US: Percona Monitoring and Management (PMM)
 CVE-2020-7919
 	RESERVED
 	- golang-1.14 1.14~rc1-1
@@ -3446,7 +3446,7 @@ CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounde
 CVE-2020-7217
 	RESERVED
 CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...)
-	TODO: check
+	NOT-FOR-US: openSUSE wicked
 CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...)
 	NOT-FOR-US: Gallagher Command Centre
 CVE-2020-7214
@@ -6011,11 +6011,11 @@ CVE-2020-6062
 CVE-2020-6061
 	RESERVED
 CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...)
-	TODO: check
+	NOT-FOR-US: MiniSNMPD
 CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...)
-	TODO: check
+	NOT-FOR-US: MiniSNMPD
 CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...)
-	TODO: check
+	NOT-FOR-US: MiniSNMPD
 CVE-2020-6057
 	RESERVED
 CVE-2020-6056
@@ -7079,7 +7079,7 @@ CVE-2020-5530
 CVE-2020-5529
 	RESERVED
 CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2020-5527
 	RESERVED
 CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...)
@@ -8357,7 +8357,7 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide
 	NOTE: can trigger similar issues without triggering the specific assert) and
 	NOTE: is disputed by QEMU security team.
 CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...)
-	TODO: check
+	NOT-FOR-US: Auth0 Lock
 CVE-2019-20173 (The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XS ...)
 	NOT-FOR-US: Auth0 wp-auth0 plugin for WordPress
 CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
@@ -18744,7 +18744,7 @@ CVE-2019-18915
 CVE-2019-18914
 	RESERVED
 CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...)
-	TODO: check
+	NOT-FOR-US: Generic UEFI hardware/software issue
 CVE-2019-18912
 	RESERVED
 CVE-2019-18911
@@ -22001,7 +22001,7 @@ CVE-2019-18569
 CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...)
 	NOT-FOR-US: Avira Free Antivirus
 CVE-2019-18567 (Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an o ...)
-	TODO: check
+	NOT-FOR-US: Bromium
 CVE-2019-18566
 	REJECTED
 CVE-2019-18565



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70f13d29b6476b49e39da465d6f980520b0f4b6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/70f13d29b6476b49e39da465d6f980520b0f4b6f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200207/cc0faf48/attachment.html>