[Git][security-tracker-team/security-tracker][master] Process several NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59201973 by Salvatore Bonaccorso at 2020-06-01T10:16:59+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7285,7 +7285,7 @@ CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smu
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
 	NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
 CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...)
-	TODO: check
+	NOT-FOR-US: Anchore Engine
 CVE-2020-11074
 	RESERVED
 CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...)
@@ -7323,7 +7323,7 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by
 	NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir  ...)
-	TODO: check
+	NOT-FOR-US: AEgir
 CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in  ...)
 	- freerdp2 2.1.1+dfsg1-1
 	[buster] - freerdp2 <no-dsa> (Minor issue)
@@ -15463,7 +15463,7 @@ CVE-2020-7814
 CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
 	NOT-FOR-US: Kaoni
 CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
-	TODO: check
+	NOT-FOR-US: Kaoni ezHTTPTrans
 CVE-2020-7811
 	RESERVED
 CVE-2020-7810
@@ -24417,27 +24417,27 @@ CVE-2020-4025
 CVE-2020-4024
 	RESERVED
 CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2020-4022
 	RESERVED
 CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4019 (The file editing functionality in the Atlassian Companion App before v ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4018 (The setup resources in Atlassian Fisheye and Crucible before version 4 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4017 (The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jir ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4016 (The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4015 (The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Cru ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4014 (The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4013 (The review resource in Atlassian Fisheye and Crucible before version 4 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4012
 	RESERVED
 CVE-2020-4011



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5920197339774079929ea836f7c3d7edf1edc8a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5920197339774079929ea836f7c3d7edf1edc8a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200601/c286a6ef/attachment.html>