[Git][security-tracker-team/security-tracker][master] ngircd, NM fixed

Wed Oct 14 18:45:10 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1b376af by Moritz Mühlenhoff at 2020-10-14T19:44:45+02:00
ngircd, NM fixed
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28024,7 +28024,7 @@ CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path
 	NOT-FOR-US: uftpd
 CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...)
 	{DLA-2252-1}
-	- ngircd <unfixed> (bug #963147)
+	- ngircd 26-1 (bug #963147)
 	[buster] - ngircd <no-dsa> (Minor issue)
 	[stretch] - ngircd <no-dsa> (Minor issue)
 	NOTE: https://github.com/ngircd/ngircd/issues/274
@@ -31137,7 +31137,7 @@ CVE-2020-12930
 CVE-2020-12929
 	RESERVED
 CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
-	TODO: check
+	NOT-FOR-US: AMD Ryzen Master
 CVE-2020-12927
 	RESERVED
 CVE-2020-12926
@@ -38378,7 +38378,7 @@ CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder v
 	NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
 	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
 CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
-	- network-manager <unfixed> (unimportant)
+	- network-manager 1.26.0-1 (unimportant)
 	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
 	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4
 	NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only
@@ -63571,9 +63571,9 @@ CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field
 CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
 	NOT-FOR-US: OpenWrt
 CVE-2019-18991 (A partial authentication bypass vulnerability exists on Atheros AR9132 ...)
-	TODO: check
+	NOT-FOR-US: Atheros devices
 CVE-2019-18990 (A partial authentication bypass vulnerability exists on Realtek RTL881 ...)
-	TODO: check
+	NOT-FOR-US: Realtek devices
 CVE-2019-18989 (A partial authentication bypass vulnerability exists on Mediatek MT762 ...)
 	NOT-FOR-US: Mediatek devices
 CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
@@ -85096,7 +85096,7 @@ CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation beca
 	NOT-FOR-US: Waves MAXX Audio
 CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
 	- nsd 4.2.4-1 (low; bug #931476)
-	[buster] - nsd <no-dsa> (Minor issue)
+	[buster] - nsd <ignored> (Minor issue)
 	[stretch] - nsd <no-dsa> (Minor issue)
 	[jessie] - nsd <postponed> (Minor issue, crash on malformed admin-controlled disk configuration)
 	- nsd3 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1b376affc290601bc6b0a6a20563f741b72210a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1b376affc290601bc6b0a6a20563f741b72210a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201014/056c2bfd/attachment.html>
