[Git][security-tracker-team/security-tracker][master] Update status for CVE-2020-23066 and sync with CVE-2020-17480

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c8813d1 by Salvatore Bonaccorso at 2023-07-10T20:39:10+02:00
Update status for CVE-2020-23066 and sync with CVE-2020-17480

The former looks to be a duplicate assignment for CVE-2020-17480, MITRE
as the both assignin CNA is contacted to decide on the possible
rejection. Until it's not clear they were not assigned for a particular
reason (e.g. to cover different vectors) keep both in sync.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -210402,7 +210402,10 @@ CVE-2020-23068
 CVE-2020-23067
 	RESERVED
 CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v ...)
-	- tinymce <removed>
+	- tinymce <removed> (bug #972642)
+	[buster] - tinymce <no-dsa> (Minor issue)
+	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
+	NOTE: Duplicate CVE of CVE-2020-17480
 CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform ...)
 	NOT-FOR-US: eZ Systems AS eZPublish
 CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c8813d16eb10b38f25e84a25d2dcdeb47a22c26

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c8813d16eb10b38f25e84a25d2dcdeb47a22c26
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230710/ad1a215c/attachment.htm>