[Git][security-tracker-team/security-tracker][master] new libreoffice issue

Moritz Muehlenhoff jmm at debian.org
Tue May 19 09:49:25 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16a1d8bd by Moritz Muehlenhoff at 2020-05-19T10:49:05+02:00
new libreoffice issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2020-13156
 CVE-2020-13155
 	RESERVED
 CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2020-13152
 	RESERVED
 CVE-2020-13151
@@ -25,17 +25,17 @@ CVE-2020-13151
 CVE-2020-13150
 	RESERVED
 CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
-	TODO: check
+	NOT-FOR-US: Dragon Center
 CVE-2020-13148
 	RESERVED
 CVE-2020-13147
 	RESERVED
 CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added  ...)
-	TODO: check
+	NOT-FOR-US: Studio in Open edX Ironwood
 CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...)
-	TODO: check
+	NOT-FOR-US: Studio in Open edX Ironwood
 CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...)
-	TODO: check
+	NOT-FOR-US: Studio in Open edX Ironwood
 CVE-2020-13142
 	RESERVED
 CVE-2020-13141
@@ -119,7 +119,7 @@ CVE-2020-13112
 CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
 	NOT-FOR-US: NaviServer
 CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...)
-	TODO: check
+	NOT-FOR-US: Node kerberos
 CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...)
 	NOT-FOR-US: Morita Shogi
 CVE-2020-13108
@@ -151,7 +151,7 @@ CVE-2020-13096
 CVE-2020-13095
 	RESERVED
 CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
 	NOT-FOR-US: iSpyConnect.com Agent DVR
 CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...)
@@ -756,7 +756,8 @@ CVE-2020-12803
 CVE-2020-12802
 	RESERVED
 CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
-	TODO: check
+	- libreoffice 1:6.4.3-1 (low)
+	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
 CVE-2020-12800
 	RESERVED
 CVE-2020-12799



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a1d8bd00723cb3bd16582ad563e556fff4bdbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a1d8bd00723cb3bd16582ad563e556fff4bdbe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200519/f4187797/attachment.html>

More information about the debian-security-tracker-commits mailing list