[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jan 25 20:55:17 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d05dd578 by Salvatore Bonaccorso at 2020-01-25T21:54:59+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: Intellian Aptus Web
 CVE-2020-7979
 	RESERVED
 CVE-2020-7978
@@ -197,7 +197,7 @@ CVE-2020-7905
 CVE-2020-7904
 	RESERVED
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
-	TODO: check
+	NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
 	- libyang <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935
@@ -852,7 +852,7 @@ CVE-2020-7598
 CVE-2020-7597
 	RESERVED
 CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
-	TODO: check
+	NOT-FOR-US: Codecov npm module
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
 	- libxml2 <unfixed> (bug #949582)
 	[jessie] - libxml2 <no-dsa> (Minor issue)
@@ -2894,7 +2894,7 @@ CVE-2020-6640
 CVE-2020-6639
 	RESERVED
 CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
-	TODO: check
+	NOT-FOR-US: Grin
 CVE-2020-6637
 	RESERVED
 CVE-2020-6636
@@ -5888,7 +5888,7 @@ CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/err
 CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...)
 	NOT-FOR-US: Django User Sessions (django-user-sessions)
 CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...)
-	TODO: check
+	NOT-FOR-US: PrivateBin
 CVE-2020-5222
 	RESERVED
 CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
@@ -44296,7 +44296,7 @@ CVE-2019-10782
 CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...)
 	TODO: check
 CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...)
-	TODO: check
+	NOT-FOR-US: BibTeX-ruby
 CVE-2019-10779
 	RESERVED
 CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...)
@@ -60043,7 +60043,7 @@ CVE-2019-5185
 CVE-2019-5184
 	RESERVED
 CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...)
-	TODO: check
+	NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5182
 	RESERVED
 CVE-2019-5181
@@ -60126,9 +60126,9 @@ CVE-2019-5149
 CVE-2019-5148
 	RESERVED
 CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
-	TODO: check
+	NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
-	TODO: check
+	NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...)
@@ -60172,7 +60172,7 @@ CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the JavaScr
 CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
 	NOT-FOR-US: LEADTOOLS
 CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
-	TODO: check
+	NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube  ...)
 	NOT-FOR-US: YouPHPTube
 CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d05dd57840fbab176043961614c9e8931c54ba67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d05dd57840fbab176043961614c9e8931c54ba67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200125/4f0a152c/attachment.html>

More information about the debian-security-tracker-commits mailing list