[Git][security-tracker-team/security-tracker][master] 3 commits: Remove TODO item CVE-2020-1930 and CVE-2020-1931 (checked)

Salvatore Bonaccorso carnil at debian.org
Thu Jan 30 08:48:23 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34d740c6 by Salvatore Bonaccorso at 2020-01-30T09:47:25+01:00
Remove TODO item CVE-2020-1930 and CVE-2020-1931 (checked)

- - - - -
7b764d43 by Salvatore Bonaccorso at 2020-01-30T09:47:50+01:00
Process one NFU

- - - - -
9fa19b6d by Salvatore Bonaccorso at 2020-01-30T09:48:00+01:00
Add CVE-2019-2044{4,5}/netty

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2020-8440
 CVE-2020-8439
 	RESERVED
 CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...)
-	TODO: check
+	NOT-FOR-US: Ruckus devices
 CVE-2020-8437
 	RESERVED
 CVE-2020-8436
@@ -31,9 +31,11 @@ CVE-2020-8434
 CVE-2020-8433
 	RESERVED
 CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length  ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/issues/9861
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/issues/9866
 CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
 	- u-boot <unfixed> (low)
 	[buster] - u-boot <no-dsa> (Minor issue)
@@ -15770,13 +15772,11 @@ CVE-2020-1931
 	- spamassassin <unfixed>
 	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
-	TODO: check
 CVE-2020-1930
 	RESERVED
 	- spamassassin <unfixed>
 	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
-	TODO: check
 CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an  ...)
 	TODO: check
 CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/176033688ae4c26598f805d2ae98ab947641b909...9fa19b6d237334f77548c5c7e5af26cd5f2092cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/176033688ae4c26598f805d2ae98ab947641b909...9fa19b6d237334f77548c5c7e5af26cd5f2092cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200130/9cf99555/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list