[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 19 08:59:57 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2ceff49 by Salvatore Bonaccorso at 2020-03-19T09:59:17+01:00
Process NFUs

- - - - -
0e2ffc26 by Salvatore Bonaccorso at 2020-03-19T09:59:19+01:00
Add CVE-2019-2045{2,3}/ajaxplorer (pydio), itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -687,7 +687,7 @@ CVE-2020-10367
 CVE-2020-10366
 	RESERVED
 CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
-	TODO: check
+	NOT-FOR-US: LogicalDoc
 CVE-2020-10364
 	RESERVED
 CVE-2020-10363
@@ -2698,7 +2698,7 @@ CVE-2020-9445
 CVE-2020-9444
 	RESERVED
 CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...)
-	TODO: check
+	NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server)
 CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...)
 	NOT-FOR-US: OpenVPN Connect on Windows
 CVE-2020-9441
@@ -2730,7 +2730,7 @@ CVE-2020-9425
 CVE-2020-9424
 	RESERVED
 CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: LogicalDoc
 CVE-2020-9422
 	RESERVED
 CVE-2020-9421
@@ -4021,9 +4021,9 @@ CVE-2020-8886
 CVE-2020-8885
 	RESERVED
 CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...)
-	TODO: check
+	- ajaxplorer <itp> (bug #668381)
 CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
 	NOT-FOR-US: SocialEngine
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
@@ -7678,11 +7678,11 @@ CVE-2020-7260
 CVE-2020-7259
 	RESERVED
 CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7257
 	RESERVED
 CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7255
 	RESERVED
 CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...)
@@ -8337,7 +8337,7 @@ CVE-2020-7004
 CVE-2020-7003
 	RESERVED
 CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior.  ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7001
 	RESERVED
 CVE-2020-7000
@@ -8389,7 +8389,7 @@ CVE-2020-6978
 CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
 	NOT-FOR-US: GE
 CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior.  ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor
 CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
 	NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
 CVE-2020-6974
@@ -9187,7 +9187,7 @@ CVE-2020-6648
 CVE-2020-6647
 	RESERVED
 CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-6645
 	RESERVED
 CVE-2020-6644
@@ -15393,9 +15393,9 @@ CVE-2020-3953
 CVE-2020-3952
 	RESERVED
 CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3949
 	RESERVED
 CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ddafc1771ed8099bb83e24c10815d4594dc3ac86...0e2ffc26ec915b96ac14d8cc49bb642a0933ff67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ddafc1771ed8099bb83e24c10815d4594dc3ac86...0e2ffc26ec915b96ac14d8cc49bb642a0933ff67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200319/c75da96e/attachment.html>

More information about the debian-security-tracker-commits mailing list