[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c11df04c by Salvatore Bonaccorso at 2020-02-18T20:52:17+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2015,9 +2015,9 @@ CVE-2020-8131
 CVE-2020-8130
 	RESERVED
 CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
-	TODO: check
+	NOT-FOR-US: script-manager nodejs module
 CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
-	TODO: check
+	NOT-FOR-US: jsreport
 CVE-2020-8127
 	RESERVED
 CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
@@ -2452,7 +2452,7 @@ CVE-2020-7961
 CVE-2020-7960
 	RESERVED
 CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of  ...)
-	TODO: check
+	NOT-FOR-US: LabVantage LIMS
 CVE-2020-7958
 	RESERVED
 CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
@@ -3270,7 +3270,7 @@ CVE-2020-7599
 CVE-2020-7598
 	RESERVED
 CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...)
-	TODO: check
+	NOT-FOR-US: codecov-node nodejs module
 CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
 	NOT-FOR-US: Codecov npm module
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
@@ -4112,9 +4112,9 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent
 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...)
-	TODO: check
+	NOT-FOR-US: LinuxKI
 CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...)
-	TODO: check
+	NOT-FOR-US: LinuxKI
 CVE-2020-7207
 	RESERVED
 CVE-2020-7206
@@ -7731,7 +7731,7 @@ CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo Ap
 CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...)
-	TODO: check
+	NOT-FOR-US: Easy Property Listings plugin for WordPress
 CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
 	- htmlunit <removed>
 	NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28
@@ -8400,11 +8400,11 @@ CVE-2020-5243
 CVE-2020-5242
 	RESERVED
 CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...)
-	TODO: check
+	NOT-FOR-US: matestack-ui-core Ruby gem
 CVE-2020-5240
 	RESERVED
 CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
-	TODO: check
+	NOT-FOR-US: Mailu
 CVE-2020-5238
 	RESERVED
 CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...)
@@ -18403,7 +18403,7 @@ CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0
 CVE-2019-19326
 	RESERVED
 CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows  ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2019-19324
 	RESERVED
 CVE-2019-19323



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c11df04cabe288fa54d5bb88e1bb2c680d198571

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c11df04cabe288fa54d5bb88e1bb2c680d198571
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/7b18b01c/attachment.html>