[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c338d27 by Moritz Muehlenhoff at 2020-03-23T16:48:34+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -299,9 +299,9 @@ CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buf
 CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...)
 	NOT-FOR-US: Vesta Control Panel
 CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...)
-	TODO: check
+	NOT-FOR-US: Caldera
 CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...)
-	TODO: check
+	NOT-FOR-US: eZ Publish Kernel
 CVE-2020-10805
 	RESERVED
 CVE-2016-11022
@@ -328,9 +328,9 @@ CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injec
 CVE-2020-10801
 	RESERVED
 CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...)
-	TODO: check
+	NOT-FOR-US: lix node (different from src:lix)
 CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an  ...)
-	TODO: check
+	NOT-FOR-US: svglib
 CVE-2020-10798
 	RESERVED
 CVE-2020-10797
@@ -608,7 +608,7 @@ CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS
 	- libperlspeak-perl <removed> (bug #954238)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop on Windows
 CVE-2020-10664
 	RESERVED
 CVE-2020-10663
@@ -2640,7 +2640,7 @@ CVE-2020-9754
 CVE-2020-9753
 	RESERVED
 CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)
-	TODO: check
+	NOT-FOR-US: Naver Cloud Explorer
 CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an  ...)
 	NOT-FOR-US: Naver Cloud Explorer
 CVE-2020-9750
@@ -6278,11 +6278,11 @@ CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This
 	[buster] - node-dot <no-dsa> (Will be fixed via point release)
 	NOTE: https://hackerone.com/reports/390929
 CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...)
-	TODO: check
+	- nextcloud-desktop <not-affected> (MacOS-specific)
 CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...)
-	TODO: check
+	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...)
 	TODO: check
 CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c338d27633ba40515bb7c1024c760c2ebbc7007

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c338d27633ba40515bb7c1024c760c2ebbc7007
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/afc75d52/attachment.html>