[Git][security-tracker-team/security-tracker][master] new libspring-security-2.0-java, glpi issues

Moritz Muehlenhoff jmm at debian.org
Thu May 14 21:41:45 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27e598cb by Moritz Muehlenhoff at 2020-05-14T22:41:24+02:00
new libspring-security-2.0-java, glpi issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18537,13 +18537,13 @@ CVE-2020-5579
 CVE-2020-5578
 	RESERVED
 CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2020-5576 (Cross-site request forgery (CSRF) vulnerability in Movable Type series ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...)
-	TODO: check
+	- movabletype-opensource <removed>
 CVE-2020-5573
 	RESERVED
 CVE-2020-5572
@@ -18934,9 +18934,9 @@ CVE-2020-5410
 CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
 	NOT-FOR-US: Pivotal
 CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
 CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
 CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...)
 	NOT-FOR-US: VMware
 CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...)
@@ -19351,7 +19351,10 @@ CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application usin
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
 	NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
 CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9
+	NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
 CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
 	- puma 3.12.4-1 (bug #952766)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
@@ -22173,7 +22176,7 @@ CVE-2020-4094
 CVE-2020-4093
 	RESERVED
 CVE-2020-4092 ("If port encryption is not enabled on the Domino Server, HCL Nomad on  ...)
-	TODO: check
+	NOT-FOR-US: HCL Nomad
 CVE-2020-4091
 	RESERVED
 CVE-2020-4090
@@ -28169,35 +28172,35 @@ CVE-2020-2009 (An external control of filename vulnerability in the SD WAN compo
 CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...)
 	NOT-FOR-US: PAN-OS
 CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2003 (An external control of filename vulnerability in the command processin ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-2000
 	RESERVED
 CVE-2020-1999
 	RESERVED
 CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS  ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session  ...)
-	TODO: check
+	NOT-FOR-US: PAN-OS
 CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...)
@@ -30401,7 +30404,7 @@ CVE-2019-19104 (The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaege
 CVE-2019-19103
 	RESERVED
 CVE-2019-19102 (A directory traversal vulnerability in SharpZipLib used in the upgrade ...)
-	TODO: check
+	NOT-FOR-US: B&R Automation Studio
 CVE-2019-19101 (A missing secure communication definition and an incomplete TLS valida ...)
 	NOT-FOR-US: B&R Automation Studio
 CVE-2019-19100 (A privilege escalation vulnerability in the upgrade service in B&R ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27e598cbe899e2fa3fd7103f5c2a8831d447987c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27e598cbe899e2fa3fd7103f5c2a8831d447987c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200514/829f002d/attachment.html>


More information about the debian-security-tracker-commits mailing list