[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Jul 1 16:45:49 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43bf8aae by Moritz Muehlenhoff at 2020-07-01T17:45:27+02:00
NFUs
libmediainfo no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...)
-	TODO: check
+	NOT-FOR-US: Persian VIP Download Script
 CVE-2020-15467
 	RESERVED
 CVE-2020-15466
@@ -145,7 +145,9 @@ CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that
 CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...)
 	TODO: check
 CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...)
-	- libmediainfo <unfixed>
+	- libmediainfo <unfixed> (low)
+	[buster] - libmediainfo <no-dsa> (Minor issue)
+	[stretch] - libmediainfo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
 CVE-2020-15394
 	RESERVED
@@ -341,7 +343,7 @@ CVE-2020-15309
 CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
 	NOT-FOR-US: Support Incident Tracker
 CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...)
-	TODO: check
+	NOT-FOR-US: Nozomi Guardian
 CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...)
 	- openexr <unfixed>
 	[jessie] - openexr <no-dsa> (Minor issue)
@@ -787,11 +789,11 @@ CVE-2020-15089
 CVE-2020-15088
 	RESERVED
 CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...)
-	TODO: check
+	NOT-FOR-US: Presto query engine, different from src:presto
 CVE-2020-15086
 	RESERVED
 CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...)
-	TODO: check
+	NOT-FOR-US: Saleor Storefront
 CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...)
 	TODO: check
 CVE-2020-15083
@@ -1077,9 +1079,9 @@ CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin bef
 CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not  ...)
 	NOT-FOR-US: Go Git Service
 CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
-	TODO: check
+	NOT-FOR-US: Windows cleaning assistant
 CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
-	TODO: check
+	NOT-FOR-US: Windows cleaning assistant
 CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...)
 	NOT-FOR-US: Jiangmin Antivirus
 CVE-2020-14953
@@ -2059,7 +2061,7 @@ CVE-2020-14484
 CVE-2020-14483
 	RESERVED
 CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation DOPSoft
 CVE-2020-14481
 	RESERVED
 CVE-2020-14480
@@ -2076,7 +2078,7 @@ CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr
 	- dolibarr <removed>
 	NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08
 CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...)
-	TODO: check
+	NOT-FOR-US: Cellebrite
 CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
 	NOT-FOR-US: DrayTek
 CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...)
@@ -3059,17 +3061,17 @@ CVE-2020-14171
 CVE-2020-14170
 	RESERVED
 CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...)
-	TODO: check
+	NOT-FOR-US: Atlasstian
 CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...)
-	TODO: check
+	NOT-FOR-US: Atlasstian
 CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...)
-	TODO: check
+	NOT-FOR-US: Atlasstian
 CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...)
-	TODO: check
+	NOT-FOR-US: Atlasstian
 CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...)
-	TODO: check
+	NOT-FOR-US: Atlasstian
 CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...)
-	TODO: check
+	NOT-FOR-US: Atlasstian
 CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in  ...)
 	NOT-FOR-US: JerryScript
 CVE-2020-14162
@@ -4909,7 +4911,7 @@ CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pa
 CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...)
 	NOT-FOR-US: Liferay
 CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...)
-	TODO: check
+	NOT-FOR-US: ExpressionEngine
 CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...)
 	NOT-FOR-US: DEXT5
 CVE-2020-13441
@@ -5725,7 +5727,7 @@ CVE-2020-13097
 CVE-2020-13096
 	RESERVED
 CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...)
-	TODO: check
+	NOT-FOR-US: Little Snitch
 CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
 	- dolibarr <removed>
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
@@ -16284,9 +16286,9 @@ CVE-2020-9416
 CVE-2020-9415
 	RESERVED
 CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43bf8aae6ab147f31eec0ae6cadb12ff6dc26d8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43bf8aae6ab147f31eec0ae6cadb12ff6dc26d8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200701/8e02babb/attachment.html>

More information about the debian-security-tracker-commits mailing list