[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d834879f by Moritz Muehlenhoff at 2020-09-08T20:03:34+02:00
NFUs
new reel issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41456,21 +41456,21 @@ CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes
 CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
 	NOT-FOR-US: Node mversion
 CVE-2020-7687 (This affects all versions of package fast-http. There is no path sanit ...)
-	TODO: check
+	NOT-FOR-US: Node fast-http
 CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...)
-	TODO: check
+	NOT-FOR-US: Node rollup-plugin-dev-server
 CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...)
-	TODO: check
+	NOT-FOR-US: UmbracoForms
 CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no  ...)
-	TODO: check
+	NOT-FOR-US: Node rollup-plugin-server
 CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...)
-	TODO: check
+	NOT-FOR-US: Node rollup-plugin-server
 CVE-2020-7682 (This affects all versions of package marked-tree. There is no path san ...)
-	TODO: check
+	NOT-FOR-US: Node marked-tree
 CVE-2020-7681 (This affects all versions of package marscode. There is no path saniti ...)
-	TODO: check
+	NOT-FOR-US: Node marscode
 CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS).  ...)
-	TODO: check
+	NOT-FOR-US: docsify
 CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...)
 	NOT-FOR-US: Node casperjs
 CVE-2020-7678
@@ -41498,16 +41498,16 @@ CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goli
 CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo is use ...)
 	NOT-FOR-US: Ruby gem agoo
 CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...)
-	TODO: check
+	NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package
 CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...)
 	- golang-github-unknwon-cae <removed> (bug #967956)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384
 CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...)
 	NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module
 CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...)
-	TODO: check
+	NOT-FOR-US: github.com/u-root/u-root/pkg/cpio Go package
 CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...)
-	TODO: check
+	NOT-FOR-US: github.com/u-root/u-root/pkg/uzip Go package
 CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...)
 	- golang-github-unknwon-cae <removed> (bug #967955)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
@@ -41519,11 +41519,12 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of
 CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...)
 	NOT-FOR-US: Node websocket-extensions
 CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial  ...)
-	TODO: check
+	NOT-FOR-US: Node url-regex
 CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject  ...)
 	NOT-FOR-US: serialize-javascript Node package
 CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...)
-	TODO: check
+	- reel <removed>
+	NOTE: https://snyk.io/vuln/SNYK-RUBY-REEL-569135
 CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP  ...)
 	NOT-FOR-US: meinheld
 CVE-2020-7657



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d834879ff051f07f073c868e47bee239d353dd56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d834879ff051f07f073c868e47bee239d353dd56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200908/f5157ba0/attachment-0001.html>