[Git][security-tracker-team/security-tracker][master] twisted no-dsa

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb50483e by Moritz Muehlenhoff at 2020-03-19T16:10:29+01:00
twisted no-dsa
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -274,9 +274,9 @@ CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0
 CVE-2018-21036
 	RESERVED
 CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...)
 	NOT-FOR-US: File Upload plugin for WordPress
 CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...)
@@ -338,7 +338,7 @@ CVE-2020-10537
 CVE-2020-10536
 	RESERVED
 CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension
 CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...)
 	- gitlab <not-affected> (Only affects Gitlab 12.8.x)
 	NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/
@@ -1261,11 +1261,15 @@ CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Inform
 CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
 	{DLA-2145-1}
 	- twisted <unfixed> (bug #953950)
+	[buster] - twisted <no-dsa> (Minor issue)
+	[stretch] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
 	{DLA-2145-1}
 	- twisted <unfixed> (bug #953950)
+	[buster] - twisted <no-dsa> (Minor issue)
+	[stretch] - twisted <no-dsa> (Minor issue)
 	NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
 	NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
@@ -2799,7 +2803,7 @@ CVE-2020-9410
 CVE-2020-9409
 	RESERVED
 CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive  ...)
 	NOT-FOR-US: IBL Online Weather
 CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb50483e6f9c6bddfa0335eb6e51024edd5f4d37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb50483e6f9c6bddfa0335eb6e51024edd5f4d37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200319/2c5a6e6f/attachment.html>