[Git][security-tracker-team/security-tracker][master] NFUs

Tue Jul 28 07:58:46 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a755982e by Moritz Muehlenhoff at 2020-07-28T08:58:19+02:00
NFUs
mruby, kmail, gpac no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,8 @@ CVE-2020-15955
 	RESERVED
 CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
 	- kmail <unfixed>
+	[buster] - kmail <no-dsa> (Minor issue)
+	- kdepim <removed>
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=423426
 CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other  ...)
 	- libetpan <unfixed>
@@ -219,6 +221,7 @@ CVE-2020-15867
 	RESERVED
 CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
 	- mruby <unfixed>
+	[buster] - mruby <no-dsa> (Minor issue)
 	NOTE: https://github.com/mruby/mruby/issues/5042
 	NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b
 CVE-2020-15865
@@ -1922,11 +1925,11 @@ CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the
 	NOTE: https://github.com/radareorg/radare2/issues/16945
 	NOTE: https://github.com/radareorg/radare2/pull/16966
 CVE-2020-15120 (An authenticated member of one project can modify and delete members o ...)
-	TODO: check
+	NOT-FOR-US: ihatemoney
 CVE-2020-15119
 	RESERVED
 CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...)
-	TODO: check
+	NOT-FOR-US: Wagtail
 CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...)
 	- synergy <removed>
 	NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
@@ -12125,6 +12128,7 @@ CVE-2020-11559
 	RESERVED
 CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...)
 	- gpac <unfixed>
+	[buster] - gpac <no-dsa> (Minor issue)
 	[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
 	NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
 	NOTE: https://github.com/gpac/gpac/issues/1440
@@ -21662,7 +21666,7 @@ CVE-2020-7827
 CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a  ...)
 	NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
 CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
-	TODO: check
+	NOT-FOR-US: MiPlatform
 CVE-2020-7824
 	RESERVED
 CVE-2020-7823
@@ -21676,7 +21680,7 @@ CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version conta
 CVE-2020-7819
 	RESERVED
 CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...)
-	TODO: check
+	NOT-FOR-US: Daview
 CVE-2020-7817
 	RESERVED
 CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
@@ -22307,19 +22311,19 @@ CVE-2020-7522
 CVE-2020-7521
 	RESERVED
 CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in Easergy Bu ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory vulner ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in cleartext vul ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...)
@@ -22365,7 +22369,7 @@ CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an
 CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
@@ -23515,9 +23519,9 @@ CVE-2020-7019
 CVE-2020-7018
 	RESERVED
 CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...)
 	- kibana <itp> (bug #700337)
 CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a755982e999313cfbbc703d3c3aa8e6b85d42eb4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a755982e999313cfbbc703d3c3aa8e6b85d42eb4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200728/5f9f07c4/attachment.html>
