[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Sep 10 21:16:42 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3555450e by Salvatore Bonaccorso at 2020-09-10T22:16:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1032,7 +1032,7 @@ CVE-2020-24741
 CVE-2020-24740
 	RESERVED
 CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
-	TODO: check
+	NOT-FOR-US: idreamsoft iCMS
 CVE-2020-24738
 	RESERVED
 CVE-2020-24737
@@ -1374,7 +1374,7 @@ CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before
 	NOTE: https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10)
 	NOTE: https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16)
 CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...)
-	TODO: check
+	NOT-FOR-US: Zulip Desktop
 CVE-2020-24581
 	RESERVED
 CVE-2020-24580
@@ -1449,7 +1449,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex
 	NOTE: https://github.com/golang/go/issues/41165 (1.15 backport)
 	NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
 CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...)
-	TODO: check
+	NOT-FOR-US: Atop Technology industrial 3G/4G gateway
 CVE-2020-24551
 	RESERVED
 CVE-2020-24550
@@ -15820,7 +15820,7 @@ CVE-2020-17410
 CVE-2020-17409
 	RESERVED
 CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: NEC
 CVE-2020-17407
 	RESERVED
 CVE-2020-17406
@@ -21213,7 +21213,7 @@ CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allow
 	NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
 	NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661
 CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-15023
 	RESERVED
 CVE-2020-15022
@@ -49423,7 +49423,7 @@ CVE-2020-4580
 CVE-2020-4579
 	RESERVED
 CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4577
 	RESERVED
 CVE-2020-4576



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3555450ec66bc4e8436109932aa14dd537936d24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3555450ec66bc4e8436109932aa14dd537936d24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200910/1ff8ef27/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list