[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 28 Feb 2020 08:23:43 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ccbe3819 by Moritz Muehlenhoff at 2020-02-28T17:22:27+01:00
NFUs
update fixed proftpd version due to followup patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,11 +21,11 @@ CVE-2020-9436
 CVE-2020-9435
        RESERVED
 CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles 
X.509 cert ...)
-       TODO: check
+       NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles 
X.509 certi ...)
-       TODO: check
+       NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 
certif ...)
-       TODO: check
+       NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9427
        RESERVED
 CVE-2020-9426
@@ -426,7 +426,7 @@ CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. 
An uninitialized poi
        NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions
 CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by 
interru ...)
        {DSA-4635-1 DLA-2115-1}
-       - proftpd-dfsg 1.3.6c-1 (bug #951800)
+       - proftpd-dfsg 1.3.6c-2 (bug #951800)
        NOTE: https://github.com/proftpd/proftpd/issues/903
        NOTE: 
https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49
 (master)
        NOTE: 
https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3
 (master)
@@ -9055,11 +9055,11 @@ CVE-2020-5404
 CVE-2020-5403
        RESERVED
 CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry
 CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, 
contains GoR ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry
 CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 
1.91.0, logs  ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry
 CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a 
MySQL d ...)
        NOT-FOR-US: Cloud Foundry CredHub
 CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 
5.1.x pri ...)
@@ -48457,25 +48457,25 @@ CVE-2019-10801
 CVE-2019-10800
        RESERVED
 CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary 
commands. Th ...)
-       TODO: check
+       NOT-FOR-US: Node module compile-sass
 CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript 
objects r ...)
-       TODO: check
+       NOT-FOR-US: Node module rdf-graph-array
 CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to 
HTTP Respo ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The 
variable ...)
-       TODO: check
+       NOT-FOR-US: Node module rpi
 CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. 
The 'a' f ...)
        NOT-FOR-US: undefsafe
 CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype 
Pollutio ...)
-       TODO: check
+       NOT-FOR-US: Node module component-flatten
 CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. 
The set  ...)
-       TODO: check
+       NOT-FOR-US: Node module dot-object
 CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The 
handler ...)
-       TODO: check
+       NOT-FOR-US: Node module bodymen
 CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform 
a comma ...)
-       TODO: check
+       NOT-FOR-US: Node module promise-probe
 CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding 
additional proper ...)
-       TODO: check
+       NOT-FOR-US: Node module taffy
 CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection 
via the ...)
        NOT-FOR-US: curling.js
 CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute 
arbitrary ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccbe381946949cf3aaf8bc6680d1b00222ad2097

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccbe381946949cf3aaf8bc6680d1b00222ad2097
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to