[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed May 6 22:07:25 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4fc5e741 by Moritz Muehlenhoff at 2020-05-06T23:07:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2020-12671
 CVE-2020-12670
 	RESERVED
 CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2020-12668
 	RESERVED
 CVE-2020-12667
@@ -3115,7 +3115,7 @@ CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL)
 	NOTE: https://gitlab.com/davical-project/awl/-/issues/19
 	NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428
 CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...)
-	TODO: check
+	NOT-FOR-US: AlgolPlus
 CVE-2020-11726
 	RESERVED
 CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...)
@@ -12821,7 +12821,7 @@ CVE-2020-7808
 CVE-2020-7807
 	RESERVED
 CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Xplatform
 CVE-2020-7805
 	RESERVED
 CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7,  ...)
@@ -14930,7 +14930,7 @@ CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access
 CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...)
 	NOT-FOR-US: ZTE F6x2W
 CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 for Led ...)
-	TODO: check
+	NOT-FOR-US: Ledger Monero app
 CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
 	- libmysofa 1.0~dfsg0-1 (bug #949325)
 	[buster] - libmysofa <no-dsa> (Minor issue)
@@ -16883,7 +16883,7 @@ CVE-2020-6084
 CVE-2020-6083
 	RESERVED
 CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
-	TODO: check
+	NOT-FOR-US: Accusoft
 CVE-2020-6081
 	RESERVED
 CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource  ...)
@@ -16923,9 +16923,9 @@ CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the mess
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
 	NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
 CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
-	TODO: check
+	NOT-FOR-US: Accusoft
 CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...)
-	TODO: check
+	NOT-FOR-US: Accusoft
 CVE-2020-6074
 	RESERVED
 CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
@@ -20884,7 +20884,7 @@ CVE-2020-4448
 CVE-2020-4447
 	RESERVED
 CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4445
 	RESERVED
 CVE-2020-4444
@@ -20934,7 +20934,7 @@ CVE-2020-4423
 CVE-2020-4422
 	RESERVED
 CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4420
 	RESERVED
 CVE-2020-4419
@@ -21008,7 +21008,7 @@ CVE-2020-4386
 CVE-2020-4385
 	RESERVED
 CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4383
 	RESERVED
 CVE-2020-4382
@@ -37005,7 +37005,7 @@ CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remot
 	NOTE: https://issues.apache.org/jira/browse/SOLR-14025
 	TODO: check, whilst the advisory claims 5.0.0 upwards only the SolrParamResourceLoader might be of issue already earlier?
 CVE-2019-17557 (It was found that the Apache Syncope EndUser UI login page prio to 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Apache Syncope
 CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...)
 	NOT-FOR-US: Olingo
 CVE-2019-17555 (The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fc5e741ee16ae1d892a460dbe77db20c0a72fae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fc5e741ee16ae1d892a460dbe77db20c0a72fae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200506/1a8a9ca1/attachment.html>

More information about the debian-security-tracker-commits mailing list