[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Sep 10 16:40:15 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34dce990 by Moritz Muehlenhoff at 2020-09-10T17:40:02+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83985,7 +83985,7 @@ CVE-2019-11939 (Golang Facebook Thrift servers would not error upon receiving me
 	- thrift <unfixed>
 	NOTE: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
 CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...)
-	TODO: check
+	NOT-FOR-US: Java Facebook Thrift
 CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...)
 	NOT-FOR-US: mcrouter
 	NOTE: https://github.com/facebook/mcrouter/releases
@@ -87472,9 +87472,8 @@ CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found t
 CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
 	NOT-FOR-US: Apereo Central Authentication Service
 CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...)
-	- eclipse-wtp <undetermined>
+	- eclipse-wtp <not-affected> (Does not affect the Debian build/package)
 	NOTE: https://snyk.io/vuln/SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377
-	TODO: check
 CVE-2019-10752 (Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnera ...)
 	NOT-FOR-US: sequelize Node module
 CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dce9906e7a289a5eacefcd7d2c10e9fa1433dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34dce9906e7a289a5eacefcd7d2c10e9fa1433dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200910/2d511f42/attachment.html>

More information about the debian-security-tracker-commits mailing list