[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jul 30 10:35:39 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83b55530 by Moritz Muehlenhoff at 2020-07-30T11:35:11+02:00
NFUs
balsa no-dsa
add ark to dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2020-16145
 CVE-2020-16144
 	RESERVED
 CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...)
-	TODO: check
+	- seafile-client <not-affected> (Windows-specific)
 CVE-2020-16142
 	RESERVED
 CVE-2020-16141
@@ -30,7 +30,7 @@ CVE-2020-16133
 CVE-2020-16132
 	RESERVED
 CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...)
-	TODO: check
+	NOT-FOR-US: beroNet
 CVE-2020-16131
 	RESERVED
 CVE-2020-16130
@@ -59,6 +59,7 @@ CVE-2020-16119
 	RESERVED
 CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...)
 	- balsa 2.6.0-1
+	[buster] - balsa <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5
 	NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23
 CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can  ...)
@@ -505,7 +506,7 @@ CVE-2020-15910
 CVE-2020-15909
 	RESERVED
 CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...)
-	TODO: check
+	NOT-FOR-US: Cauldron cbang
 CVE-2020-15907
 	RESERVED
 CVE-2020-15906
@@ -528,7 +529,7 @@ CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50
 	NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1)
 	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
 CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...)
-	TODO: check
+	NOT-FOR-US: grin
 CVE-2020-15898
 	RESERVED
 CVE-2020-15897
@@ -2396,7 +2397,7 @@ CVE-2020-15113
 CVE-2020-15112
 	RESERVED
 CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able  ...)
 	NOT-FOR-US: jupyterhub-kubespawner
 CVE-2020-15109
@@ -5513,7 +5514,7 @@ CVE-2020-13921
 CVE-2020-13920
 	RESERVED
 CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
-	TODO: check
+	NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through  ...)
 	NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...)
@@ -15415,7 +15416,7 @@ CVE-2020-10645
 CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...)
 	NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...)
-	TODO: check
+	NOT-FOR-US: PI Vision
 CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
 	NOT-FOR-US: Rockwell
 CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+ark (jmm)
 --
 chromium
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b555306f6055a764e7d216bef1e7c2c3956691

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b555306f6055a764e7d216bef1e7c2c3956691
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200730/fcb374b0/attachment.html>

More information about the debian-security-tracker-commits mailing list