[Git][security-tracker-team/security-tracker][master] new spring issue, NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d412c358 by Moritz Muehlenhoff at 2020-09-22T11:14:46+02:00
new spring issue, NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19665,7 +19665,7 @@ CVE-2020-16173
 CVE-2020-16172
 	RESERVED
 CVE-2020-16171 (An issue was discovered in Acronis Cyber Backup before 12.5 Build 1634 ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...)
 	NOT-FOR-US: Temi application fo Android
 CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...)
@@ -41326,7 +41326,7 @@ CVE-2020-8239
 CVE-2020-8238
 	RESERVED
 CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to  ...)
-	TODO: check
+	NOT-FOR-US: Node json-bigint
 CVE-2020-8236
 	RESERVED
 CVE-2020-8235
@@ -41886,7 +41886,7 @@ CVE-2020-8030
 CVE-2020-8029
 	RESERVED
 CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...)
-	TODO: check
+	NOT-FOR-US: Salt configuration in SUSE Server Manager
 CVE-2020-8027
 	RESERVED
 CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn  ...)
@@ -48341,7 +48341,8 @@ CVE-2020-5423
 CVE-2020-5422
 	RESERVED
 CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
-	TODO: check
+	- libspring-java <unfixed>
+	NOTE: https://tanzu.vmware.com/security/cve-2020-5421
 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
@@ -64949,7 +64950,7 @@ CVE-2020-0409
 CVE-2020-0408
 	RESERVED
 CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...)
-	TODO: check
+	NOT-FOR-US: Android kernel
 CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d412c358fe696ae8adb8ef65cd2bbcf69f319464

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d412c358fe696ae8adb8ef65cd2bbcf69f319464
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200922/7e259530/attachment-0001.html>