[Git][security-tracker-team/security-tracker][master] new libreoffice issue

Tue, 19 May 2020 01:50:10 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
16a1d8bd by Moritz Muehlenhoff at 2020-05-19T10:49:05+02:00
new libreoffice issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,9 +15,9 @@ CVE-2020-13156
 CVE-2020-13155
        RESERVED
 CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows 
low-priv ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 
has XSS ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2020-13152
        RESERVED
 CVE-2020-13151
@@ -25,17 +25,17 @@ CVE-2020-13151
 CVE-2020-13150
        RESERVED
 CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" 
folder in Dr ...)
-       TODO: check
+       NOT-FOR-US: Dragon Center
 CVE-2020-13148
        RESERVED
 CVE-2020-13147
        RESERVED
 CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because 
an added  ...)
-       TODO: check
+       NOT-FOR-US: Studio in Open edX Ironwood
 CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG 
files via t ...)
-       TODO: check
+       NOT-FOR-US: Studio in Open edX Ironwood
 CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, 
allows a u ...)
-       TODO: check
+       NOT-FOR-US: Studio in Open edX Ironwood
 CVE-2020-13142
        RESERVED
 CVE-2020-13141
@@ -119,7 +119,7 @@ CVE-2020-13112
 CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to 
the nsd/d ...)
        NOT-FOR-US: NaviServer
 CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary 
code ex ...)
-       TODO: check
+       NOT-FOR-US: Node kerberos
 CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices 
allows remo ...)
        NOT-FOR-US: Morita Shogi
 CVE-2020-13108
@@ -151,7 +151,7 @@ CVE-2020-13096
 CVE-2020-13095
        RESERVED
 CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
-       TODO: check
+       - dolibarr <removed>
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory 
traversal. ...)
        NOT-FOR-US: iSpyConnect.com Agent DVR
 CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can 
unseriali ...)
@@ -756,7 +756,8 @@ CVE-2020-12803
 CVE-2020-12802
        RESERVED
 CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, 
that docume ...)
-       TODO: check
+       - libreoffice 1:6.4.3-1 (low)
+       NOTE: 
https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
 CVE-2020-12800
        RESERVED
 CVE-2020-12799



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a1d8bd00723cb3bd16582ad563e556fff4bdbe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16a1d8bd00723cb3bd16582ad563e556fff4bdbe
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to