[Git][security-tracker-team/security-tracker][master] new nomad issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29e91add by Moritz Muehlenhoff at 2020-11-25T19:33:57+01:00
new nomad issue
NFUs
more imagemagick triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2680,7 +2680,7 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.
 CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...)
 	TODO: check, this might be specific to Kamailio as used in the specified product
 CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...)
-	TODO: check
+	NOT-FOR-US: Node private-ip
 CVE-2020-28359
 	RESERVED
 CVE-2020-28358
@@ -2704,7 +2704,8 @@ CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sok
 CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...)
 	NOT-FOR-US: ChirpStack Network Server
 CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker  ...)
-	TODO: check
+	- nomad <unfixed>
+	NOTE: https://github.com/hashicorp/nomad/issues/9303
 CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-28346
@@ -5809,6 +5810,7 @@ CVE-2020-27751
 CVE-2020-27750
 	RESERVED
 	- imagemagick 8:6.9.11.24+dfsg-1
+	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f
@@ -10907,6 +10909,7 @@ CVE-2020-25667
 CVE-2020-25666
 	RESERVED
 	- imagemagick 8:6.9.11.24+dfsg-1
+	[buster] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/91ae12c57f3b9b23f2072462c27a8378b59f395e
@@ -12156,7 +12159,7 @@ CVE-2020-25161
 CVE-2020-25160
 	RESERVED
 CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...)
-	TODO: check
+	NOT-FOR-US: 499ES
 CVE-2020-25158
 	RESERVED
 CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...)
@@ -53943,7 +53946,7 @@ CVE-2020-7779
 CVE-2020-7778
 	RESERVED
 CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control  ...)
-	TODO: check
+	NOT-FOR-US: Node jsen
 CVE-2020-7776
 	RESERVED
 CVE-2020-7775



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29e91addcc744a2510e01eb27edbaae37e2fb679

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29e91addcc744a2510e01eb27edbaae37e2fb679
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201125/f7cef370/attachment.html>