[Git][security-tracker-team/security-tracker][master] NFUs, python n/a

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5f78c627 by Moritz Muehlenhoff at 2020-07-20T11:00:12+02:00
NFUs, python n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,9 +17,9 @@ CVE-2020-15844
 CVE-2020-15843
 	RESERVED
 CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2020-15840
 	RESERVED
 CVE-2020-15839
@@ -80,7 +80,7 @@ CVE-2020-15815
 CVE-2020-15814
 	RESERVED
 CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...)
-	TODO: check
+	- graylog2 <itp> (bug #652273)
 CVE-2020-15812
 	RESERVED
 CVE-2020-15811
@@ -105,7 +105,11 @@ CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4
 CVE-2020-15802
 	RESERVED
 CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...)
-	TODO: check
+	- python3.9 <not-affected> (Windows-specific)
+	- python3.8 <not-affected> (Windows-specific)
+	- python3.7 <not-affected> (Windows-specific)
+	- python3.5 <not-affected> (Windows-specific)
+	- python2.7 <not-affected> (Windows-specific)
 CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
 	- libredwg <itp> (bug #595191)
 CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
@@ -166,7 +170,7 @@ CVE-2020-15782
 CVE-2020-15781
 	RESERVED
 CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
-	TODO: check
+	NOT-FOR-US: Node socket.io-file
 CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
@@ -1677,7 +1681,7 @@ CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of
 	NOTE: https://github.com/glpi-project/glpi/pull/6684
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
-	TODO: check
+	NOT-FOR-US: openenclave
 CVE-2020-15106
 	RESERVED
 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
@@ -1708,7 +1712,7 @@ CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an inf
 CVE-2020-15094
 	RESERVED
 CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...)
-	TODO: check
+	NOT-FOR-US: Rust tough
 CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...)
 	NOT-FOR-US: TimelineJS
 CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block  ...)
@@ -9456,19 +9460,19 @@ CVE-2020-12015 (A specially crafted communication packet sent to the affected sy
 CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
 	NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
 	NOT-FOR-US: Baxter
 CVE-2020-12011 (A specially crafted communication packet sent to the affected systems  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
 	NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
 	NOT-FOR-US: Baxter
 CVE-2020-12007 (A specially crafted communication packet sent to the affected devices  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
 	NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
@@ -15369,13 +15373,13 @@ CVE-2020-10290
 CVE-2020-10289
 	RESERVED
 CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
-	TODO: check
+	NOT-FOR-US: ABB IRC5
 CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...)
-	TODO: check
+	NOT-FOR-US: ABB IRC5
 CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers  ...)
-	TODO: check
+	NOT-FOR-US: xArm
 CVE-2020-10285 (The authentication implementation on the xArm controller has very low  ...)
-	TODO: check
+	NOT-FOR-US: xArm
 CVE-2020-10284 (No authentication is required to control the robot inside the network, ...)
 	TODO: check
 CVE-2020-10283
@@ -21331,7 +21335,7 @@ CVE-2020-7828
 CVE-2020-7827
 	RESERVED
 CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a  ...)
-	TODO: check
+	NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
 CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
 	TODO: check
 CVE-2020-7824



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f78c6278065061909c0868e97f0608e555df8be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f78c6278065061909c0868e97f0608e555df8be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200720/67afcf1f/attachment.html>