[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 25 20:55:17 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d05dd578 by Salvatore Bonaccorso at 2020-01-25T21:54:59+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...)
- TODO: check
+ NOT-FOR-US: Intellian Aptus Web
CVE-2020-7979
RESERVED
CVE-2020-7978
@@ -197,7 +197,7 @@ CVE-2020-7905
CVE-2020-7904
RESERVED
CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
- TODO: check
+ NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
- libyang <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935
@@ -852,7 +852,7 @@ CVE-2020-7598
CVE-2020-7597
RESERVED
CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
- TODO: check
+ NOT-FOR-US: Codecov npm module
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
- libxml2 <unfixed> (bug #949582)
[jessie] - libxml2 <no-dsa> (Minor issue)
@@ -2894,7 +2894,7 @@ CVE-2020-6640
CVE-2020-6639
RESERVED
CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
- TODO: check
+ NOT-FOR-US: Grin
CVE-2020-6637
RESERVED
CVE-2020-6636
@@ -5888,7 +5888,7 @@ CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/err
CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...)
NOT-FOR-US: Django User Sessions (django-user-sessions)
CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...)
- TODO: check
+ NOT-FOR-US: PrivateBin
CVE-2020-5222
RESERVED
CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
@@ -44296,7 +44296,7 @@ CVE-2019-10782
CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
TODO: check
CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...)
- TODO: check
+ NOT-FOR-US: BibTeX-ruby
CVE-2019-10779
RESERVED
CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...)
@@ -60043,7 +60043,7 @@ CVE-2019-5185
CVE-2019-5184
RESERVED
CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...)
- TODO: check
+ NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5182
RESERVED
CVE-2019-5181
@@ -60126,9 +60126,9 @@ CVE-2019-5149
CVE-2019-5148
RESERVED
CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
- TODO: check
+ NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
- TODO: check
+ NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
@@ -60172,7 +60172,7 @@ CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the JavaScr
CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
- TODO: check
+ NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...)
NOT-FOR-US: YouPHPTube
CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d05dd57840fbab176043961614c9e8931c54ba67
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d05dd57840fbab176043961614c9e8931c54ba67
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200125/4f0a152c/attachment.html>
More information about the debian-security-tracker-commits
mailing list