[Git][security-tracker-team/security-tracker][master] new OBS, dojo issues

Moritz Muehlenhoff jmm at debian.org
Wed Sep 9 08:24:55 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4829ff54 by Moritz Muehlenhoff at 2020-09-09T09:24:32+02:00
new OBS, dojo issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23105,7 +23105,7 @@ CVE-2020-14336
 	NOT-FOR-US: OpenShift
 CVE-2020-14335
 	RESERVED
-	TODO: check, not entirely clear if this is Red Hat Sattelite specific or as well generally for foreman
+	NOT-FOR-US: Red Hat Satellite
 CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...)
 	- foreman <itp> (bug #663101)
 CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...)
@@ -40584,9 +40584,11 @@ CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulne
 CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...)
 	NOT-FOR-US: SAP
 CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
-	TODO: check
+	- open-build-service <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
 CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
-	TODO: check
+	- open-build-service <unfixed>
+	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
 CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
 	NOT-FOR-US: SAP
 CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...)
@@ -45546,9 +45548,8 @@ CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atid
 CVE-2020-6099
 	RESERVED
 CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
-	- freediameter <undetermined>
+	- freediameter <unfixed>
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
-	TODO: check
 CVE-2020-6097
 	RESERVED
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
@@ -50379,7 +50380,7 @@ CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are create
 CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...)
 	NOT-FOR-US: django-basic-auth-ip-whitelist
 CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...)
-	TODO: check
+	NOT-FOR-US: w3c css-validator
 CVE-2020-4069
 	RESERVED
 CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
@@ -50398,7 +50399,7 @@ CVE-2020-4064
 CVE-2020-4063
 	RESERVED
 CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical  ...)
-	TODO: check
+	NOT-FOR-US: Conjur Helm Chart
 CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasting co ...)
 	NOT-FOR-US: October CMS
 CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
@@ -50427,7 +50428,9 @@ CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a pat
 CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)
 	NOT-FOR-US: Wiki.js
 CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0  ...)
-	TODO: check
+	- dojo <unfixed>
+	[buster] - dojo <no-dsa> (Minor issue)
+	NOTE: https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
 	NOT-FOR-US: SSB-DB
 CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...)
@@ -56259,7 +56262,7 @@ CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0
 CVE-2020-2076 (SICK Package Analytics software up to and including version V04.0.0 ar ...)
 	NOT-FOR-US: SICK
 CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the device ...)
-	TODO: check
+	NOT-FOR-US: SICK
 CVE-2020-2074
 	RESERVED
 CVE-2020-2073
@@ -56953,7 +56956,7 @@ CVE-2020-1913
 CVE-2020-1912
 	RESERVED
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2020-1910
 	RESERVED
 CVE-2020-1909



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4829ff54873981afc4b6939a9d88a9faa9440f44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4829ff54873981afc4b6939a9d88a9faa9440f44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200909/c6f0d0a5/attachment.html>

More information about the debian-security-tracker-commits mailing list