[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sun, 30 Aug 2020 00:29:37 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f32f6495 by Salvatore Bonaccorso at 2020-08-30T09:28:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2020-25022
 CVE-2020-25021
        RESERVED
 CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the 
GanttProjectRe ...)
-       TODO: check
+       NOT-FOR-US: MPXJ
 CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 
calls the E ...)
-       TODO: check
+       NOT-FOR-US: jitsi-meet-electron
 CVE-2020-25018
        RESERVED
 CVE-2020-25017
@@ -38720,7 +38720,7 @@ CVE-2020-8555 (The Kubernetes kube-controller-manager 
in versions v1.0-1.14, ver
 CVE-2020-8554
        RESERVED
 CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Kubernetes ingress-nginx component
 CVE-2020-8552 (The Kubernetes API server component in versions prior to 
1.15.9, 1.16. ...)
        - kubernetes 1.17.4-1
        NOTE: https://github.com/kubernetes/kubernetes/issues/89378
@@ -40842,11 +40842,11 @@ CVE-2020-7700 (All versions of phpjs are vulnerable 
to Prototype Pollution via p
 CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If 
the parse ...)
        NOT-FOR-US: express-fileupload
 CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The 
input bei ...)
-       TODO: check
+       NOT-FOR-US: Gerapy
 CVE-2020-7697 (This affects all versions of package mock2easy. a malicious 
user could ...)
-       TODO: check
+       NOT-FOR-US: mock2easy nodejs module
 CVE-2020-7696 (This affects all versions of package react-native-fast-image. 
When an  ...)
-       TODO: check
+       NOT-FOR-US: react-native-fast-image nodejs module
 CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. 
CRLF s ...)
        TODO: check
 CVE-2020-7694 (This affects all versions of package uvicorn. The request 
logger provi ...)
@@ -51986,7 +51986,7 @@ CVE-2020-3568
 CVE-2020-3567
        RESERVED
 CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing 
Protocol (DVM ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3565
        RESERVED
 CVE-2020-3564
@@ -102376,9 +102376,9 @@ CVE-2019-5323 (There are command injection 
vulnerabilities present in the AirWav
 CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is 
present ...)
        NOT-FOR-US: Edge Switch models
 CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 
2920, 5 ...)
-       TODO: check
+       NOT-FOR-US: Aruba Intelligent Edge Switch Series
 CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 
2920, 5 ...)
-       TODO: check
+       NOT-FOR-US: Aruba Intelligent Edge Switch Series
 CVE-2019-5319
        RESERVED
 CVE-2019-5318



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32f64955b7f0d59716cc036ae8751b6c6cd931b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f32f64955b7f0d59716cc036ae8751b6c6cd931b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to