[Git][security-tracker-team/security-tracker][master] NFUs

Tue Sep 8 19:09:11 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a26873b by Moritz Muehlenhoff at 2020-09-08T20:08:41+02:00
NFUs
undertow bugnum

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34009,9 +34009,8 @@ CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204
 	NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef
 CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...)
-	- undertow <undetermined>
+	- undertow <unfixed> (bug #969913)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
-	TODO: no details on Red Hat bugreport
 CVE-2020-10718
 	RESERVED
 	- wildfly <itp> (bug #752018)
@@ -42538,7 +42537,7 @@ CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resol
 CVE-2020-7207
 	RESERVED
 CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has  ...)
-	TODO: check
+	NOT-FOR-US: HP nagios plugin for iLO
 CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...)
 	NOT-FOR-US: HPE
 CVE-2020-7204
@@ -47039,11 +47038,11 @@ CVE-2020-5422
 CVE-2020-5421
 	RESERVED
 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
 	- rabbitmq-server <not-affected> (Windows-specific vulnerability)
 CVE-2020-5418 (Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow a ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when  ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...)
@@ -50380,7 +50379,7 @@ CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/
 	NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
 	NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
 CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection  ...)
-	TODO: check
+	NOT-FOR-US: Limdu
 CVE-2020-4065
 	RESERVED
 CVE-2020-4064



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a26873bcf92ee788910d890978ac140692a2a65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a26873bcf92ee788910d890978ac140692a2a65
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200908/51a0562a/attachment.html>
