[Git][security-tracker-team/security-tracker][master] new openldap issue

Moritz Muehlenhoff jmm at debian.org
Thu Jul 16 08:48:52 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc9a62dd by Moritz Muehlenhoff at 2020-07-16T09:48:32+02:00
new openldap issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -123,7 +123,8 @@ CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273
 	NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72
 CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...)
-	TODO: check
+	- openldap <unfixed> (low)
+	[buster] - openldap <no-dsa> (Minor issue)
 CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
 	NOT-FOR-US: RosarioSIS
 CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
@@ -2367,7 +2368,7 @@ CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Founda
 CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox 6.1.12-dfsg-1
 CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -2474,7 +2475,7 @@ CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle F
 CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -2526,7 +2527,7 @@ CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
 CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox 6.1.12-dfsg-1
 CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -2546,9 +2547,9 @@ CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
@@ -2558,7 +2559,7 @@ CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion  ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
@@ -2582,7 +2583,7 @@ CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applic
 CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of  ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of  ...)
@@ -2600,7 +2601,7 @@ CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
 	- openjdk-11 <unfixed>
 	- openjdk-8 <unfixed>
 CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
@@ -2610,7 +2611,7 @@ CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
@@ -2646,43 +2647,43 @@ CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
 	- openjdk-14 <unfixed>
 	- openjdk-11 <unfixed>
 CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...)
 	- openjdk-14 <unfixed>
 	- openjdk-11 <unfixed>
 CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
 	- openjdk-14 <unfixed>
 	- openjdk-11 <unfixed>
@@ -16271,7 +16272,7 @@ CVE-2020-9795 (A use after free issue was addressed with improved memory managem
 CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	- sqlite3 <undetermined>
 	NOTE: https://vuldb.com/?id.155768
-	TODO: Try to get more information, as usual Apple advisories are too unspecific
+	NOTE: As usual Apple advisories are too unspecific
 CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
 	NOT-FOR-US: Apple
 CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9a62ddaef89978973d7656227e1f5ee148b9b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9a62ddaef89978973d7656227e1f5ee148b9b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200716/bd05073c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list