[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6976868f by Moritz Muehlenhoff at 2021-06-09T10:53:21+02:00
NFUs
add apache2 to dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50157,7 +50157,7 @@ CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker cont
 	NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9)
 	NOTE: https://github.com/urllib3/urllib3/pull/1800
 CVE-2020-26136 (In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-f ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe CMS
 CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setsettinga ...)
 	NOT-FOR-US: Live Helper Chat
 CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with  ...)
@@ -50856,7 +50856,7 @@ CVE-2020-25819
 CVE-2020-25818
 	RESERVED
 CVE-2020-25817 (SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentP ...)
-	TODO: check
+	NOT-FOR-US: Silverstripe CMS
 CVE-2020-25816 (HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed le ...)
 	NOT-FOR-US: HashiCorp Vault
 CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...)
@@ -85775,9 +85775,9 @@ CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that sc
 CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher device if t ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11266 (Image address is dereferenced before validating its range which can ca ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11265 (Information disclosure issue due to lack of validation of pointer argu ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11264
 	RESERVED
 CVE-2020-11263
@@ -85789,13 +85789,13 @@ CVE-2020-11261 (Memory corruption due to improper check to return error when use
 CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG services in ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11259 (Memory corruption due to lack of validation of pointer arguments passe ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11258 (Memory corruption due to lack of validation of pointer arguments passe ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11257 (Memory corruption due to lack of validation of pointer arguments passe ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11256 (Memory corruption due to lack of check of validation of pointer to buf ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+apache2
 --
 condor
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6976868f16f7e4e9a269075a19678350a2513cc5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6976868f16f7e4e9a269075a19678350a2513cc5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210609/6bc7f41c/attachment.htm>