[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
810c9ed7 by Moritz Muehlenhoff at 2020-09-23T15:08:16+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22252,7 +22252,8 @@ CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a po
 	- rails 2:6.0.3.3+dfsg-1 (bug #970040)
 	NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml
 	NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1
-	NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e
+	NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e (master)
+	NOTE: https://github.com/rails/rails/commit/aaa7ab1320330b3c4fa8f0fbda716dcfa21e3d65 (5.2)
 CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...)
 	[experimental] - node-fetch 2.6.1-1
 	- node-fetch <unfixed> (bug #970173)
@@ -41636,27 +41637,27 @@ CVE-2020-8167 (A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module
 	[stretch] - rails <not-affected> (Vulnerable code introduced later)
 	[jessie] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
-	NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3
+	NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 (5.2)
 CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6. ...)
 	- rails 2:5.2.4.3+dfsg-1
 	[stretch] - rails <not-affected> (Vulnerable code introduced later)
 	[jessie] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
-	NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1
+	NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 (5.2)
 	NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a
 CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...)
 	{DLA-2282-1 DLA-2251-1}
 	- rails 2:5.2.4.3+dfsg-1
 	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
-	NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend)
-	NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend)
+	NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2)
+	NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2)
 	NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b
 CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails < ...)
 	{DLA-2282-1 DLA-2251-1}
 	[experimental] - rails 2:6.0.3.1+dfsg-1
 	- rails 2:5.2.4.3+dfsg-1
 	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
-	NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec
+	NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2)
 CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...)
 	{DLA-2282-1}
 	- rails 2:5.2.0+dfsg-2
@@ -41674,7 +41675,7 @@ CVE-2020-8162 (A client side enforcement of server side security vulnerability e
 	[stretch] - rails <not-affected> (Vulnerable code introduced later)
 	[jessie] - rails <not-affected> (Vulnerable code introduced later)
 	NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
-	NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be
+	NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be (5.2)
 CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...)
 	{DLA-2275-1 DLA-2216-1}
 	- ruby-rack 2.1.1-5
@@ -57245,18 +57246,25 @@ CVE-2020-2286
 	RESERVED
 CVE-2020-2285
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2284
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2283
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2282
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2281
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2280
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2279
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/ ...)
@@ -65197,7 +65205,7 @@ CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing b
 CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
 	NOT-FOR-US: Android
 CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...)
-	- iptables <undetermined>
+	- linux <undetermined>
 CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810c9ed748397ca3f09101faf8b54ea1d88101f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810c9ed748397ca3f09101faf8b54ea1d88101f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200923/c26253d0/attachment.html>