[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Feb 23 13:51:48 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f392ad5 by Moritz Muehlenhoff at 2021-02-23T14:51:34+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2021-27570
 CVE-2021-27569
 	RESERVED
 CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
-	TODO: check
+	NOT-FOR-US: netplex
 CVE-2021-27567
 	RESERVED
 CVE-2021-27566
@@ -52,7 +52,7 @@ CVE-2021-27551
 CVE-2021-27550
 	RESERVED
 CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...)
-	TODO: check
+	NOT-FOR-US: Genymotion Desktop
 CVE-2021-27548
 	RESERVED
 CVE-2021-27547
@@ -36970,9 +36970,8 @@ CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const a
 	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976
 	NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a
 CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of  ...)
-	- mujs <undetermined>
+	- mujs <not-affected> (Didn't affect any released version of mujs)
 	NOTE: https://github.com/ccxvii/mujs/issues/136
-	TODO: check, issue seems to be of disputed validity
 CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...)
 	- lua5.4 5.4.1-1 (bug #971012)
 	NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html
@@ -37339,7 +37338,7 @@ CVE-2020-24177
 CVE-2020-24176
 	RESERVED
 CVE-2020-24175 (Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius  ...)
-	TODO: check
+	NOT-FOR-US: IZArc
 CVE-2020-24174
 	RESERVED
 CVE-2020-24173
@@ -40745,7 +40744,7 @@ CVE-2020-22477
 CVE-2020-22476
 	RESERVED
 CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...)
-	TODO: check
+	NOT-FOR-US: Tasks app
 CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...)
 	NOT-FOR-US: webERP
 CVE-2020-22473
@@ -77276,13 +77275,13 @@ CVE-2020-7787 (This affects all versions of package react-adal. It is possible f
 CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...)
 	NOT-FOR-US: Node macfromip
 CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...)
-	TODO: check
+	NOT-FOR-US: Noed node-ps
 CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...)
-	TODO: check
+	NOT-FOR-US: Node ts-process-promises
 CVE-2020-7783
 	RESERVED
 CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...)
-	TODO: check
+	NOT-FOR-US: Node spritesheet-js
 CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...)
 	NOT-FOR-US: Node connection-tester
 CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13  ...)
@@ -77296,7 +77295,7 @@ CVE-2020-7777 (This affects all versions of package jsen. If an attacker can con
 CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...)
 	NOT-FOR-US: phpoffice/phpspreadsheet
 CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Node freediskspace
 CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
 	- node-y18n 4.0.0-3 (bug #976390)
 	[buster] - node-y18n 3.2.1-2+deb10u1
@@ -100235,7 +100234,7 @@ CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there
 CVE-2020-0237
 	REJECTED
 CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...)
 	NOT-FOR-US: Pixel kernel drivers
 CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
@@ -144962,7 +144961,7 @@ CVE-2019-3407
 CVE-2019-3406
 	RESERVED
 CVE-2019-3405 (In the 3.1.3.64296 and lower version of 360F5, the third party can tri ...)
-	TODO: check
+	NOT-FOR-US: 360F5
 CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...)
 	NOT-FOR-US: ofrouter
 CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
@@ -353455,7 +353454,7 @@ CVE-2013-2514
 CVE-2013-2513
 	RESERVED
 CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...)
-	TODO: check
+	NOT-FOR-US: Ruby ftpd gem
 CVE-2013-2511
 	RESERVED
 CVE-2013-2510



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f392ad53ed6158f2d143ec731d69b8a993adffb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f392ad53ed6158f2d143ec731d69b8a993adffb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210223/14ad9e00/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list