[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2020-1737 as unimportant

Salvatore Bonaccorso Sat, 18 Apr 2020 11:48:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
78c6d1e5 by Salvatore Bonaccorso at 2020-04-18T20:31:00+02:00
Mark CVE-2020-1737 as unimportant

Whilst the binary packages whip the affected module we can consider it a
non-issue for us as the win_unzip module should extract only on Windows
platform.

- - - - -
e29b9eb5 by Salvatore Bonaccorso at 2020-04-18T20:38:36+02:00
Update affected information for CVE-2020-10691

The affected code (respectively the code adding collection sub command)
was only introduced in later branches in 2.9.

- - - - -
64030b23 by Salvatore Bonaccorso at 2020-04-18T20:47:23+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2020-11888
        RESERVED
 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript 
inside an  ...)
-       TODO: check
+       NOT-FOR-US: svg2png
 CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in 
element/nodeList. ...)
-       TODO: check
+       NOT-FOR-US: OpenNMS
 CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE 
vulnerability wher ...)
-       TODO: check
+       NOT-FOR-US: WSO2 Enterprise Integrator
 CVE-2020-11884
        RESERVED
 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and 
storefront-api throug ...)
@@ -29,11 +29,11 @@ CVE-2020-11877 (airhost.exe in Zoom Client for Meetings 
4.6.11 uses 342342343232
 CVE-2020-11876 (airhost.exe in Zoom Client for Meetings 4.6.11 uses the 
SHA-256 hash o ...)
        NOT-FOR-US: Zoom Client for Meetings
 CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 
8.0, 8.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 
8.0, 8.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 
7.2, 8.0, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow 
fabrication ...)
        TODO: check
 CVE-2020-11871
@@ -61,39 +61,39 @@ CVE-2020-11864
 CVE-2020-11863
        RESERVED
 CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 
8.0 and 8 ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20781
        RESERVED
 CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 
9.0 (Qual ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 
7.0, 7.1, ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 
9.0 softw ...)
-       TODO: check
+       NOT-FOR-US: LG mobile devices
 CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier 
(aka LG P ...)
-       TODO: check
+       NOT-FOR-US: LG PC Suite
 CVE-2020-11862
        RESERVED
 CVE-2020-11861
@@ -3493,6 +3493,9 @@ CVE-2020-10692
 CVE-2020-10691
        RESERVED
        - ansible <unfixed>
+       [buster] - ansible <not-affected> (Vulnerable code introduced later)
+       [stretch] - ansible <not-affected> (Vulnerable code introduced later)
+       [jessie] - ansible <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161
        NOTE: https://github.com/ansible/ansible/pull/68596
        NOTE: 
https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8
 (stable-2.9)
@@ -26130,10 +26133,11 @@ CVE-2020-1738 (A flaw was found in Ansible Engine 
when the module package or ser
        NOTE: Marked unimportant as for exploitation it requires already a 
remote that is
        NOTE: compromised, cf. 
https://github.com/ansible/ansible/issues/67796#issuecomment-614656017
 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, 
and 2.9 ...)
-       - ansible <unfixed>
+       - ansible <unfixed> (unimportant)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154
        NOTE: https://github.com/ansible/ansible/issues/67795
        NOTE: https://github.com/ansible/ansible/pull/67799
+       NOTE: Issue in the win_unzip module which is executed only on Windows 
plattform
 CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using 
atomic_m ...)
        - ansible <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c53b896c8eda41f81f738dd00a203e565c538b7c...64030b2311b1fdcd4465ba71d931c4955de80fad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c53b896c8eda41f81f738dd00a203e565c538b7c...64030b2311b1fdcd4465ba71d931c4955de80fad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Mark CVE-2020-1737 as unimportant

Reply via email to