[Git][security-tracker-team/security-tracker][master] new miller issue, NFUs

Moritz Muehlenhoff Thu, 03 Sep 2020 02:50:57 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f332654e by Moritz Muehlenhoff at 2020-09-03T11:50:02+02:00
new miller issue, NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,21 +13,21 @@ CVE-2020-25095
 CVE-2020-25094
        RESERVED
 CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in blog.p ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in _parts ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25091 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25090 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25089 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25088 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in applic ...)
-       TODO: check
+       NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25085
        RESERVED
 CVE-2020-25084
@@ -111,11 +111,11 @@ CVE-2020-25047 (An issue was discovered on Samsung mobile 
devices with P(9.0) an
 CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x), 
P(9.0), ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2020-25045 (Installers of Kaspersky Security Center and Kaspersky Security 
Center  ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 
was vuln ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2020-25042
        RESERVED
 CVE-2020-25041
@@ -153,9 +153,9 @@ CVE-2020-25028
 CVE-2020-25027
        RESERVED
 CVE-2020-25026 (The sf_event_mgt (aka Event management and registration) 
extension bef ...)
-       TODO: check
+       NOT-FOR-US: Typo extension
 CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 
8.x bef ...)
-       TODO: check
+       NOT-FOR-US: Typo extension
 CVE-2020-25024
        RESERVED
 CVE-2020-25023
@@ -15408,7 +15408,7 @@ CVE-2020-17460
 CVE-2020-17459
        RESERVED
 CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx 
v.3.1.12.0 via th ...)
-       TODO: check
+       NOT-FOR-US: MultiUx
 CVE-2020-17457
        RESERVED
 CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code 
Execution ...)
@@ -20552,7 +20552,10 @@ CVE-2020-15169
 CVE-2020-15168
        RESERVED
 CVE-2020-15167 (In Miller (command line utility) using the configuration file 
support  ...)
-       TODO: check
+       - miller <unfixed>
+       [buster] - miller <not-affected> (Introduced in 5.9.0)
+       [stretch] - miller <not-affected> (Introduced in 5.9.0)
+       NOTE: 
https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
 CVE-2020-15166
        RESERVED
 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google 
Play Stor ...)
@@ -24219,7 +24222,7 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader 
and PhantomPDF before 9.
 CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit 
Reader for M ...)
        NOT-FOR-US: Foxit Reader
 CVE-2020-13802 (The rebar3 tool 3.0.0-beta.3 through 3.13.2 for Erlang allows 
remote c ...)
-       TODO: check
+       TODO: check, whether this affects src:rebar (but the security 
implications seems a little far-fetched anyway)
 CVE-2020-13801
        RESERVED
 CVE-2020-13799



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f332654ee928678ed666de2316998a0bcce57f3b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f332654ee928678ed666de2316998a0bcce57f3b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new miller issue, NFUs

Reply via email to