[Git][security-tracker-team/security-tracker][master] new cgal issues

Moritz Muehlenhoff jmm at debian.org
Wed Mar 10 14:05:23 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76f96f88 by Moritz Muehlenhoff at 2021-03-10T15:04:44+01:00
new cgal issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16232,7 +16232,8 @@ CVE-2020-35638
 CVE-2020-35637
 	RESERVED
 CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	TODO: check
+	- cgal <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-35635
 	RESERVED
 CVE-2020-35634
@@ -16248,7 +16249,8 @@ CVE-2020-35630
 CVE-2020-35629
 	RESERVED
 CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	TODO: check
+	- cgal <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2021-21433
 	RESERVED
 CVE-2021-21432
@@ -20127,7 +20129,7 @@ CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature i
 CVE-2020-35452
 	RESERVED
 CVE-2020-35451 (There is a race condition in OozieSharelibCLI in Apache Oozie before v ...)
-	TODO: check
+	NOT-FOR-US: Apache Oozie
 CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler fo ...)
 	- gobby 0.6.0~20201227~b98f4d2-1 (bug #978446)
 	[buster] - gobby <no-dsa> (Minor issue)
@@ -20788,7 +20790,7 @@ CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
 	NOTE: https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2
 	NOTE: https://github.com/leenooks/phpLDAPadmin/issues/130
-	TODO: check, unclear that the issue is completely fixed, cf. https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
+	NOTE: unclear whether the issue is completely fixed, cf. https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
 CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP code and  ...)
 	NOT-FOR-US: Agentejo Cockpit
 CVE-2020-35130
@@ -23688,7 +23690,7 @@ CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An a
 CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...)
 	NOT-FOR-US: Online Birth Certificate System Project
 CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of ExpressVPN Router ...)
-	TODO: check
+	NOT-FOR-US: ExpressVPN
 CVE-2020-29237
 	RESERVED
 CVE-2020-29236
@@ -24125,11 +24127,11 @@ CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware
 CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...)
 	NOT-FOR-US: GateManager
 CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea  ...)
-	TODO: check
+	NOT-FOR-US: Secomea GateManager
 CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Secomea GateManager
 CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...)
-	TODO: check
+	NOT-FOR-US: Secomea GateManager
 CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
 	NOT-FOR-US: Secomea
 CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
@@ -24145,7 +24147,7 @@ CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManag
 CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
 	NOT-FOR-US: GateManager
 CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
-	TODO: check
+	NOT-FOR-US: Secomea
 CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through  ...)
 	NOT-FOR-US: Fortiguard
 CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...)
@@ -24316,7 +24318,7 @@ CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before 2.2
 CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once in a si ...)
 	NOT-FOR-US: BigBlueButton
 CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices before 5. ...)
-	TODO: check
+	NOT-FOR-US: Athom Homey
 CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...)
 	NOT-FOR-US: libuci in OpenWrt
 CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
@@ -24984,7 +24986,7 @@ CVE-2020-28659
 CVE-2020-28658
 	RESERVED
 CVE-2020-28657 (In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) a ...)
-	TODO: check
+	NOT-FOR-US: bPanel
 CVE-2020-28656 (The update functionality of the Discover Media infotainment system in  ...)
 	NOT-FOR-US: 3Discover Media infotainment system in Volkswagen Polo 2019 vehicles
 CVE-2020-28655
@@ -26033,7 +26035,8 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine
 CVE-2020-28637
 	RESERVED
 CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	TODO: check
+	- cgal <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-28635
 	RESERVED
 CVE-2020-28634
@@ -26103,7 +26106,8 @@ CVE-2020-28603
 CVE-2020-28602
 	RESERVED
 CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
-	TODO: check
+	- cgal <unfixed>
+	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
 CVE-2020-28600
 	RESERVED
 CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76f96f8852ad6b7d22df7318a8034ebca8a46d76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76f96f8852ad6b7d22df7318a8034ebca8a46d76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/17e08ab4/attachment.htm>

More information about the debian-security-tracker-commits mailing list