[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Oct 10 10:19:16 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8cc3dd91 by Salvatore Bonaccorso at 2020-10-10T11:17:43+02:00
Process some NFUs

- - - - -
73d60972 by Salvatore Bonaccorso at 2020-10-10T11:18:52+02:00
Add some new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -261,7 +261,7 @@ CVE-2020-26804
 CVE-2020-26803
 	RESERVED
 CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in  ...)
-	TODO: check
+	NOT-FOR-US: forma.lms
 CVE-2020-26801
 	RESERVED
 CVE-2020-26800
@@ -24581,7 +24581,7 @@ CVE-2020-15244
 CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...)
 	NOT-FOR-US: Smartstore
 CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Re ...)
-	TODO: check
+	NOT-FOR-US: next.js
 CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...)
 	NOT-FOR-US: TYPO3 Fluid Engine
 CVE-2020-15240
@@ -28103,7 +28103,7 @@ CVE-2020-13956 [incorrect handling of malformed authority component in request U
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
 	NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)
 CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...)
-	TODO: check
+	NOT-FOR-US: Apache Calcite
 CVE-2020-13954
 	RESERVED
 CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...)
@@ -29055,7 +29055,7 @@ CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers
 CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...)
-	TODO: check
+	NOT-FOR-US: OnePlus App Locker
 CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
 	{DLA-2306-1 DLA-2244-1}
 	- libphp-phpmailer 6.1.6-1 (bug #962827)
@@ -29697,7 +29697,7 @@ CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in Gi
 CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
@@ -29705,9 +29705,9 @@ CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior
 CVE-2020-13341
 	RESERVED
 CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
 	- gitlab 13.2.3-2
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273
@@ -37669,7 +37669,7 @@ CVE-2019-20531 (An issue was discovered on Samsung mobile devices with P(9.0) (E
 CVE-2019-20530 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-10815
 	RESERVED
 CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
@@ -41940,7 +41940,7 @@ CVE-2020-9107
 CVE-2020-9106
 	RESERVED
 CVE-2020-9105 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an ins ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05d30dfa690cafa3d684445f7155acb373361952...73d60972d419b0515b7fde8b74c3d56d359a0bf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05d30dfa690cafa3d684445f7155acb373361952...73d60972d419b0515b7fde8b74c3d56d359a0bf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201010/107f5345/attachment.html>

More information about the debian-security-tracker-commits mailing list