[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Feb 28 16:22:50 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ccbe3819 by Moritz Muehlenhoff at 2020-02-28T17:22:27+01:00
NFUs
update fixed proftpd version due to followup patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,11 +21,11 @@ CVE-2020-9436
 CVE-2020-9435
 	RESERVED
 CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...)
-	TODO: check
+	NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...)
-	TODO: check
+	NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...)
-	TODO: check
+	NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9427
 	RESERVED
 CVE-2020-9426
@@ -426,7 +426,7 @@ CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized poi
 	NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions
 CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
 	{DSA-4635-1 DLA-2115-1}
-	- proftpd-dfsg 1.3.6c-1 (bug #951800)
+	- proftpd-dfsg 1.3.6c-2 (bug #951800)
 	NOTE: https://github.com/proftpd/proftpd/issues/903
 	NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master)
 	NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master)
@@ -9055,11 +9055,11 @@ CVE-2020-5404
 CVE-2020-5403
 	RESERVED
 CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs  ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...)
 	NOT-FOR-US: Cloud Foundry CredHub
 CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
@@ -48457,25 +48457,25 @@ CVE-2019-10801
 CVE-2019-10800
 	RESERVED
 CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...)
-	TODO: check
+	NOT-FOR-US: Node module compile-sass
 CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...)
-	TODO: check
+	NOT-FOR-US: Node module rdf-graph-array
 CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The variable ...)
-	TODO: check
+	NOT-FOR-US: Node module rpi
 CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
 	NOT-FOR-US: undefsafe
 CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...)
-	TODO: check
+	NOT-FOR-US: Node module component-flatten
 CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set  ...)
-	TODO: check
+	NOT-FOR-US: Node module dot-object
 CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler ...)
-	TODO: check
+	NOT-FOR-US: Node module bodymen
 CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...)
-	TODO: check
+	NOT-FOR-US: Node module promise-probe
 CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...)
-	TODO: check
+	NOT-FOR-US: Node module taffy
 CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...)
 	NOT-FOR-US: curling.js
 CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccbe381946949cf3aaf8bc6680d1b00222ad2097

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccbe381946949cf3aaf8bc6680d1b00222ad2097
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200228/9ac30d91/attachment.html>

More information about the debian-security-tracker-commits mailing list