[Git][security-tracker-team/security-tracker][master] ruby-omniauth-auth0 n/a

Moritz Muehlenhoff jmm at debian.org
Thu Oct 22 15:39:14 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0e9e4ba by Moritz Muehlenhoff at 2020-10-22T16:38:56+02:00
ruby-omniauth-auth0 n/a
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,9 +31,9 @@ CVE-2020-27623
 CVE-2020-27622
 	RESERVED
 CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not properl ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension
 CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because Me ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki extension
 CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK  ...)
 	TODO: check
 CVE-2020-27618
@@ -26068,9 +26068,9 @@ CVE-2020-15268
 CVE-2020-15267
 	RESERVED
 CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...)
 	NOT-FOR-US: Boxstarter
 CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...)
@@ -26126,7 +26126,8 @@ CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an O
 CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...)
 	NOT-FOR-US: TYPO3 Fluid Engine
 CVE-2020-15240 (omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improper ...)
-	TODO: check
+	- ruby-omniauth-auth0 <not-affected> (Introduced in 2.3.0)
+	NOTE: https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm
 CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...)
 	NOT-FOR-US: xmpp-http-upload
 CVE-2020-15238
@@ -41095,11 +41096,11 @@ CVE-2020-10142
 CVE-2020-10141
 	RESERVED
 CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramDa ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that specifies a ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-10137
 	RESERVED
 CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
@@ -43979,7 +43980,7 @@ CVE-2020-8931
 CVE-2020-8930
 	RESERVED
 CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...)
-	TODO: check
+	NOT-FOR-US: Tink
 CVE-2020-8928
 	RESERVED
 CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...)
@@ -52190,9 +52191,9 @@ CVE-2020-5653
 CVE-2020-5652
 	RESERVED
 CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and earli ...)
-	TODO: check
+	NOT-FOR-US: Simple Download Monitor
 CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...)
-	TODO: check
+	NOT-FOR-US: Simple Download Monitor
 CVE-2020-5649
 	RESERVED
 CVE-2020-5648
@@ -58810,7 +58811,7 @@ CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FM
 CVE-2020-3300
 	RESERVED
 CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3297 (A vulnerability in session management for the web-based interface of C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0e9e4ba660eefd7065c3d77eb18513eaa1793f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0e9e4ba660eefd7065c3d77eb18513eaa1793f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201022/beb48670/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list