[Git][security-tracker-team/security-tracker][master] Process some Drupal 8 / module NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon Feb 14 08:49:23 GMT 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca5019d1 by Neil Williams at 2022-02-14T08:49:08+00:00
Process some Drupal 8 / module NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124841,26 +124841,26 @@ CVE-2020-13679
 CVE-2020-13678
 	RESERVED
 CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does not pro ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13676 (The QuickEdit module does not properly check access to fields in some  ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads through the ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13674 (The QuickEdit module does not properly validate access to routes, whic ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding entities  ...)
-	TODO: check
+	NOT-FOR-US: Drupal Entity Embed module
 CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...)
 	{DLA-2458-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2020-012
 	NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84
 CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal Core all ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core al ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an attacker to l ...)
-	TODO: check
+	NOT-FOR-US: Drupal 8.x
 CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
 	NOT-FOR-US: Drupal 8.x
 CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca5019d1abbd008d49a81ad469ecbbfe1302377a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca5019d1abbd008d49a81ad469ecbbfe1302377a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220214/3db2c660/attachment.htm>

More information about the debian-security-tracker-commits mailing list