[Git][security-tracker-team/security-tracker][master] new miller issue, NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Sep 3 10:50:46 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f332654e by Moritz Muehlenhoff at 2020-09-03T11:50:02+02:00
new miller issue, NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,21 +13,21 @@ CVE-2020-25095
 CVE-2020-25094
 	RESERVED
 CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25091 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25090 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25089 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25088 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
-	TODO: check
+	NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25085
 	RESERVED
 CVE-2020-25084
@@ -111,11 +111,11 @@ CVE-2020-25047 (An issue was discovered on Samsung mobile devices with P(9.0) an
 CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2020-25045 (Installers of Kaspersky Security Center and Kaspersky Security Center  ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 was vuln ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky
 CVE-2020-25042
 	RESERVED
 CVE-2020-25041
@@ -153,9 +153,9 @@ CVE-2020-25028
 CVE-2020-25027
 	RESERVED
 CVE-2020-25026 (The sf_event_mgt (aka Event management and registration) extension bef ...)
-	TODO: check
+	NOT-FOR-US: Typo extension
 CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x bef ...)
-	TODO: check
+	NOT-FOR-US: Typo extension
 CVE-2020-25024
 	RESERVED
 CVE-2020-25023
@@ -15408,7 +15408,7 @@ CVE-2020-17460
 CVE-2020-17459
 	RESERVED
 CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...)
-	TODO: check
+	NOT-FOR-US: MultiUx
 CVE-2020-17457
 	RESERVED
 CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
@@ -20552,7 +20552,10 @@ CVE-2020-15169
 CVE-2020-15168
 	RESERVED
 CVE-2020-15167 (In Miller (command line utility) using the configuration file support  ...)
-	TODO: check
+	- miller <unfixed>
+	[buster] - miller <not-affected> (Introduced in 5.9.0)
+	[stretch] - miller <not-affected> (Introduced in 5.9.0)
+	NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
 CVE-2020-15166
 	RESERVED
 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...)
@@ -24219,7 +24222,7 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.
 CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2020-13802 (The rebar3 tool 3.0.0-beta.3 through 3.13.2 for Erlang allows remote c ...)
-	TODO: check
+	TODO: check, whether this affects src:rebar (but the security implications seems a little far-fetched anyway)
 CVE-2020-13801
 	RESERVED
 CVE-2020-13799



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f332654ee928678ed666de2316998a0bcce57f3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f332654ee928678ed666de2316998a0bcce57f3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200903/7e38d0e5/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list