[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sat Sep 19 12:42:09 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0bbd0fa6 by Moritz Muehlenhoff at 2020-09-19T13:41:42+02:00
NFUs
resteasy bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,7 +47,8 @@ CVE-2020-25758
CVE-2020-25757
RESERVED
CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2020-25755
RESERVED
CVE-2020-25754
@@ -300,10 +301,9 @@ CVE-2020-25634
RESERVED
NOT-FOR-US: 3scale
CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...)
- - resteasy <unfixed>
+ - resteasy <unfixed> (bug #970585)
- resteasy3.0 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
- TODO: check details, affects all RESTEasy versions up to 4.5.6.Final
CVE-2020-25632
RESERVED
CVE-2020-25631
@@ -2192,7 +2192,7 @@ CVE-2020-24755
CVE-2020-24754
RESERVED
CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...)
- TODO: check
+ NOT-FOR-US: Objective Open CBOR Run-time
CVE-2020-24752
RESERVED
CVE-2020-24751
@@ -27188,7 +27188,7 @@ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later
- gitlab <not-affected> (Only affects GitLab 12.6 and later)
NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
- TODO: check
+ NOT-FOR-US: RAD SecFlow-1v os-image
CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
NOT-FOR-US: RAD SecFlow-1v os-image
CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
@@ -41488,7 +41488,7 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2
[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...)
- TODO: check
+ NOT-FOR-US: TypeORM
CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
NOT-FOR-US: UniFi Cloud Key
CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
@@ -42047,7 +42047,7 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0
CVE-2020-7946
RESERVED
CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...)
- TODO: check
+ NOT-FOR-US: Puppet Enterprise
CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...)
NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bbd0fa63cef12361f0d9185213ea7460a4b1b4f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bbd0fa63cef12361f0d9185213ea7460a4b1b4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200919/65e1ecf3/attachment.html>
More information about the debian-security-tracker-commits
mailing list