[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Mar 31 09:44:27 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f11225a1 by Moritz Muehlenhoff at 2020-03-31T10:44:10+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1859,7 +1859,7 @@ CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attack
 CVE-2020-10375
 	RESERVED
 CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...)
-	TODO: check
+	NOT-FOR-US: PRTG Network Monitor
 CVE-2020-10373
 	RESERVED
 CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...)
@@ -4829,7 +4829,7 @@ CVE-2020-9057
 CVE-2020-9056
 	RESERVED
 CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Versiant LYNX Customer Service Portal
 CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...)
 	NOT-FOR-US: ZyXEL
 CVE-2020-9053
@@ -8187,7 +8187,7 @@ CVE-2020-7613
 CVE-2020-7612
 	RESERVED
 CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...)
-	TODO: check
+	NOT-FOR-US: io.micronaut:micronaut-http-client
 CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...)
 	TODO: check, might affect node-mongodb embedding bson
 CVE-2020-7609
@@ -8216,7 +8216,7 @@ CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary comman
 CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The  ...)
 	NOT-FOR-US: querymen nodejs module
 CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: com.gradle.plugin-publish
 CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...)
 	- node-minimist 1.2.5-1 (bug #953762)
 	[buster] - node-minimist <no-dsa> (Minor issue)
@@ -13445,7 +13445,7 @@ CVE-2020-5291
 CVE-2020-5290
 	RESERVED
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
-	TODO: check
+	NOT-FOR-US: Elide
 CVE-2020-5288
 	RESERVED
 CVE-2020-5287
@@ -13455,7 +13455,7 @@ CVE-2020-5286
 CVE-2020-5285
 	RESERVED
 CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...)
-	TODO: check
+	NOT-FOR-US: next.js
 CVE-2020-5283
 	RESERVED
 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...)
@@ -17396,9 +17396,9 @@ CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 f
 CVE-2019-19914
 	RESERVED
 CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the ...)
-	TODO: check
+	NOT-FOR-US: Intland codeBeamer ALM
 CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS ...)
-	TODO: check
+	NOT-FOR-US: Intland codeBeamer ALM
 CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...)
 	{DSA-4631-1 DLA-2057-1}
 	- pillow 7.0.0-1 (bug #948224)
@@ -21195,9 +21195,9 @@ CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing compone
 CVE-2019-19607 (A SQL injection vulnerability in the web conferencing component of Mit ...)
 	NOT-FOR-US: Mitel
 CVE-2019-19606 (X-Plane 11.41 and earlier has multiple improper path validations that  ...)
-	TODO: check
+	NOT-FOR-US: X-Plane
 CVE-2019-19605 (X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted ne ...)
-	TODO: check
+	NOT-FOR-US: X-Plane
 CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.21.x b ...)
 	- git 1:2.24.0-2
 	[buster] - git 1:2.20.1-2+deb10u1
@@ -31501,9 +31501,11 @@ CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.
 CVE-2019-17562
 	RESERVED
 CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully validate code s ...)
-	TODO: check
+	- netbeans <unfixed> (unimportant)
+	NOTE: Debian packages updated via apt
 CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL certific ...)
-	TODO: check
+	- netbeans <unfixed> (unimportant)
+	NOTE: Debian packages updated via apt
 CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
 	- trafficserver 8.0.6+ds-1
 	NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11225a1fa4a1f6592f759018bc8f9a855b0b35f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11225a1fa4a1f6592f759018bc8f9a855b0b35f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/c6eadc14/attachment.html>

More information about the debian-security-tracker-commits mailing list