[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Sat, 25 Jan 2020 12:55:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d05dd578 by Salvatore Bonaccorso at 2020-01-25T21:54:59+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute 
arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: Intellian Aptus Web
 CVE-2020-7979
        RESERVED
 CVE-2020-7978
@@ -197,7 +197,7 @@ CVE-2020-7905
 CVE-2020-7904
        RESERVED
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function 
in Parit ...)
-       TODO: check
+       NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before 
v1.0-r3 in the ...)
        - libyang <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935
@@ -852,7 +852,7 @@ CVE-2020-7598
 CVE-2020-7597
        RESERVED
 CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to 
execute arb ...)
-       TODO: check
+       NOT-FOR-US: Codecov npm module
 CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an 
infini ...)
        - libxml2 <unfixed> (bug #949582)
        [jessie] - libxml2 <no-dsa> (Minor issue)
@@ -2894,7 +2894,7 @@ CVE-2020-6640
 CVE-2020-6639
        RESERVED
 CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
-       TODO: check
+       NOT-FOR-US: Grin
 CVE-2020-6637
        RESERVED
 CVE-2020-6636
@@ -5888,7 +5888,7 @@ CVE-2020-5225 (Log injection in SimpleSAMLphp before 
version 1.18.4. The www/err
 CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, 
the views ...)
        NOT-FOR-US: Django User Sessions (django-user-sessions)
 CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 
1.3.2, a p ...)
-       TODO: check
+       NOT-FOR-US: PrivateBin
 CVE-2020-5222
        RESERVED
 CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated 
user to pe ...)
@@ -44296,7 +44296,7 @@ CVE-2019-10782
 CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted 
JavaScript obj ...)
        TODO: check
 CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to 
unsanit ...)
-       TODO: check
+       NOT-FOR-US: BibTeX-ruby
 CVE-2019-10779
        RESERVED
 CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to 
execute arbi ...)
@@ -60043,7 +60043,7 @@ CVE-2019-5185
 CVE-2019-5184
        RESERVED
 CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD 
ATIDXX64.DLL ...)
-       TODO: check
+       NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5182
        RESERVED
 CVE-2019-5181
@@ -60126,9 +60126,9 @@ CVE-2019-5149
 CVE-2019-5148
        RESERVED
 CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
-       TODO: check
+       NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
-       TODO: check
+       NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the 
JavaScript e ...)
        NOT-FOR-US: Foxit PDF Reader
 CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the 
derive_taps_ ...)
@@ -60172,7 +60172,7 @@ CVE-2019-5126 (An exploitable use-after-free 
vulnerability exists in the JavaScr
 CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the 
JPEG2000 pars ...)
        NOT-FOR-US: LEADTOOLS
 CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
-       TODO: check
+       NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5123 (Specially crafted web requests can cause SQL injections in 
YouPHPTube  ...)
        NOT-FOR-US: YouPHPTube
 CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part 
of YouP ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d05dd57840fbab176043961614c9e8931c54ba67

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d05dd57840fbab176043961614c9e8931c54ba67
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to