[Git][security-tracker-team/security-tracker][master] NFUs (issues affecting src:gradle are listed at...

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa0b3060 by Moritz Muehlenhoff at 2020-09-21T11:29:52+02:00
NFUs (issues affecting src:gradle are listed at https://github.com/gradle/gradle/security/advisories)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20599,25 +20599,25 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r
 CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
 	NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
 CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because  ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There  ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of  ...)
-	TODO: check
+	NOT-FOR-US: Gradle Enterprise
 CVE-2020-15766
 	RESERVED
 CVE-2020-15765
@@ -26982,7 +26982,7 @@ CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/p
 	NOT-FOR-US: Gila CMS
 CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...)
 	- jodd <unfixed> (bug #961298)
-	[buster] - jodd <no-dsa> (Minor issue)
+	[buster] - jodd <ignored> (Minor issue; upstream fix needs changes in rdeps and none present in Buster)
 	NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16
 	NOTE: https://github.com/oblac/jodd/issues/628
 CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...)
@@ -52131,7 +52131,7 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based
 	NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034
 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
 	- libpodofo <unfixed>
-	[buster] - libpodofo <no-dsa> (Minor issue)
+	[buster] - libpodofo <ignored> (Minor issue)
 	[stretch] - libpodofo <no-dsa> (Minor issue)
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/podofo/tickets/75/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0b3060d871cd236263d96925004ad370fe2fbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0b3060d871cd236263d96925004ad370fe2fbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200921/660be8fc/attachment.html>