[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Oct 1 09:38:26 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d75b9ddf by Moritz Muehlenhoff at 2020-10-01T10:38:04+02:00
NFUs
glibc commit refs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102,7 +102,7 @@ CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Serv
 	NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
 	NOTE: https://www.npmjs.com/advisories/1300
 CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It d ...)
-	TODO: check
+	NOT-FOR-US: bootstrap-select
 CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...)
 	- node-handlebars 3:4.5.3-1
 	- libjs-handlebars <removed>
@@ -126,7 +126,7 @@ CVE-2020-26151
 CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attackers t ...)
 	NOT-FOR-US: Logaritmo Aware CallManager 2012
 CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...)
-	TODO: check
+	NOT-FOR-US: nats.js
 CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when  ...)
 	- libproxy <unfixed> (bug #968366)
 	NOTE: https://github.com/libproxy/libproxy/pull/126
@@ -813,7 +813,7 @@ CVE-2020-25832
 CVE-2020-25831
 	RESERVED
 CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...)
-	TODO: check
+	- mantis <removed>
 CVE-2020-25829
 	RESERVED
 CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...)
@@ -847,7 +847,7 @@ CVE-2020-25818
 CVE-2020-25817
 	RESERVED
 CVE-2020-25816 (HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect A ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...)
 	- mediawiki 1:1.35.0-1
 	[buster] - mediawiki <not-affected> (Vulnerable code introduced in 1.32)
@@ -925,7 +925,7 @@ CVE-2020-25783
 CVE-2020-25782
 	RESERVED
 CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...)
-	TODO: check
+	- mantis <removed>
 CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
 	- rust-sized-chunks <unfixed> (bug #970586)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
@@ -2018,7 +2018,7 @@ CVE-2020-25290
 CVE-2020-25289 (The VPN service in AVAST SecureLine before 5.6.4982.470 allows local u ...)
 	NOT-FOR-US: VPN service in AVAST SecureLine
 CVE-2020-25288 (An issue was discovered in MantisBT before 2.24.3. When editing an Iss ...)
-	TODO: check
+	- mantis <removed>
 CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
 	NOT-FOR-US: Pligg CMS
 CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
@@ -7887,7 +7887,7 @@ CVE-2020-22483
 CVE-2020-22482
 	RESERVED
 CVE-2020-22481 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...)
-	TODO: check
+	NOT-FOR-US: HFish
 CVE-2020-22480
 	RESERVED
 CVE-2020-22479
@@ -13497,7 +13497,7 @@ CVE-2020-19678
 CVE-2020-19677
 	RESERVED
 CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...)
-	TODO: check
+	NOT-FOR-US: Nacos
 CVE-2020-19675
 	RESERVED
 CVE-2020-19674
@@ -20528,7 +20528,7 @@ CVE-2020-16236
 CVE-2020-16235
 	RESERVED
 CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
-	TODO: check
+	NOT-FOR-US: PLC WinProladder
 CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
 	NOT-FOR-US: CodeMeter
 CVE-2020-16232
@@ -47938,6 +47938,8 @@ CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv
 	[jessie] - glibc <not-affected> (Vulnerable code not present)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=beea361050728138b82c57dda0c4810402d342b9
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79a4fa341b8a89cb03f84564fd72abaa1a2db394
 CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...)
 	- gst-rtsp-server1.0 1.16.2-3 (low)
 	[buster] - gst-rtsp-server1.0 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d75b9ddf033666c61534840a80d5712a7500d615

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d75b9ddf033666c61534840a80d5712a7500d615
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201001/486b4609/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list