[Git][security-tracker-team/security-tracker][master] new webkit issue

Moritz Muehlenhoff jmm at debian.org
Thu Mar 5 16:49:39 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa71536b by Moritz Muehlenhoff at 2020-03-05T17:49:21+01:00
new webkit issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -696,7 +696,9 @@ CVE-2020-10020
 CVE-2020-10019
 	RESERVED
 CVE-2020-10018 (accessibility/AXObjectCache.cpp in WebKit, as used in WebKitGTK throug ...)
-	TODO: check
+	- webkit2gtk <unfixed>
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 CVE-2020-10017
 	RESERVED
 CVE-2020-10016
@@ -10829,7 +10831,7 @@ CVE-2020-5253
 CVE-2020-5252
 	RESERVED
 CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
-	TODO: check
+	NOT-FOR-US: parser-server
 CVE-2020-5250
 	RESERVED
 CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
@@ -50059,7 +50061,7 @@ CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 us
 CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...)
 	NOT-FOR-US: IOBroker
 CVE-2019-10770 (All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and befo ...)
-	TODO: check
+	NOT-FOR-US: ratpack-core
 CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used  ...)
 	NOT-FOR-US: safer-eval Node module
 CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...)
@@ -69253,9 +69255,9 @@ CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the
 CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...)
 	NOT-FOR-US: yast2
 CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
-	NOT-FOR-US: SUSE specific privoxy issue
+	NOT-FOR-US: SUSE-specific privoxy issue
 CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob sh ...)
-	TODO: check
+	NOT-FOR-US: SUSE-specific Nagios issue
 CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
 	NOT-FOR-US: SuSE-specific issue in gnump3d (removed for a decade from Debian)
 CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa71536be7b7c2461334772e2d8cb36c5e60966d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa71536be7b7c2461334772e2d8cb36c5e60966d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/45786b2b/attachment.html>

More information about the debian-security-tracker-commits mailing list