[Git][security-tracker-team/security-tracker][master] new OBS, dojo issues

Wed, 09 Sep 2020 00:25:33 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4829ff54 by Moritz Muehlenhoff at 2020-09-09T09:24:32+02:00
new OBS, dojo issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23105,7 +23105,7 @@ CVE-2020-14336
        NOT-FOR-US: OpenShift
 CVE-2020-14335
        RESERVED
-       TODO: check, not entirely clear if this is Red Hat Sattelite specific 
or as well generally for foreman
+       NOT-FOR-US: Red Hat Satellite
 CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows 
privileged attack ...)
        - foreman <itp> (bug #663101)
 CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 
and earl ...)
@@ -40584,9 +40584,11 @@ CVE-2020-8023 (A acceptance of Extraneous Untrusted 
Data With Trusted Data vulne
 CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging 
of tomc ...)
        NOT-FOR-US: SAP
 CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build 
Service allow ...)
-       TODO: check
+       - open-build-service <unfixed>
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
 CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation 
vulnerab ...)
-       TODO: check
+       - open-build-service <unfixed>
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
 CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the 
packagin ...)
        NOT-FOR-US: SAP
 CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the 
SLES15-SP1-CHOST- ...)
@@ -45546,9 +45548,8 @@ CVE-2020-6100 (An exploitable memory corruption 
vulnerability exists in AMD atid
 CVE-2020-6099
        RESERVED
 CVE-2020-6098 (An exploitable denial of service vulnerability exists in the 
freeDiame ...)
-       - freediameter <undetermined>
+       - freediameter <unfixed>
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
-       TODO: check
 CVE-2020-6097
        RESERVED
 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the 
ARMv7 mem ...)
@@ -50379,7 +50380,7 @@ CVE-2020-4072 (In generator-jhipster-kotlin version 
1.6.0 log entries are create
 CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential 
timing att ...)
        NOT-FOR-US: django-basic-auth-ip-whitelist
 CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is 
a cros ...)
-       TODO: check
+       NOT-FOR-US: w3c css-validator
 CVE-2020-4069
        RESERVED
 CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is 
likely to r ...)
@@ -50398,7 +50399,7 @@ CVE-2020-4064
 CVE-2020-4063
        RESERVED
 CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified 
critical  ...)
-       TODO: check
+       NOT-FOR-US: Conjur Helm Chart
 CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, 
pasting co ...)
        NOT-FOR-US: October CMS
 CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free 
vulnera ...)
@@ -50427,7 +50428,9 @@ CVE-2020-4053 (In Helm greater than or equal to 3.0.0 
and less than 3.2.4, a pat
 CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site 
scripting thro ...)
        NOT-FOR-US: Wiki.js
 CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 
1.12.0  ...)
-       TODO: check
+       - dojo <unfixed>
+       [buster] - dojo <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure 
vulnerability. The ...)
        NOT-FOR-US: SSB-DB
 CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed 
by conn ...)
@@ -56259,7 +56262,7 @@ CVE-2020-2077 (SICK Package Analytics software up to 
and including version V04.0
 CVE-2020-2076 (SICK Package Analytics software up to and including version 
V04.0.0 ar ...)
        NOT-FOR-US: SICK
 CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the 
device ...)
-       TODO: check
+       NOT-FOR-US: SICK
 CVE-2020-2074
        RESERVED
 CVE-2020-2073
@@ -56953,7 +56956,7 @@ CVE-2020-1913
 CVE-2020-1912
        RESERVED
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of 
JavaScript ...)
-       TODO: check
+       NOT-FOR-US: Facebook Hermes
 CVE-2020-1910
        RESERVED
 CVE-2020-1909



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4829ff54873981afc4b6939a9d88a9faa9440f44

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4829ff54873981afc4b6939a9d88a9faa9440f44
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to