Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d54b0200 by Moritz Muehlenhoff at 2020-11-17T15:59:12+01:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5922,15 +5922,15 @@ CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5,
the Guest user had access
CVE-2020-27627 (JetBrains TeamCity before 2020.1.2 was vulnerable to URL
injection. ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2020-27626 (JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-27625 (In JetBrains YouTrack before 2020.3.888, notifications might
have ment ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-27624 (JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.
...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-27623 (JetBrains IdeaVim before version 0.58 might have caused an
information ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-27622 (In JetBrains IntelliJ IDEA before 2020.2, the built-in web
server coul ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not
properl ...)
NOT-FOR-US: MediaWiki extension
CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS
because Me ...)
@@ -6254,13 +6254,13 @@ CVE-2020-27488
CVE-2020-27487
RESERVED
CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer
Overflow. The ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2020-27485 (Garmin Forerunner 235 before 8.20 is affected by: Array index
error. T ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2020-27484 (Garmin Forerunner 235 before 8.20 is affected by: Integer
Overflow. Th ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2020-27483 (Garmin Forerunner 235 before 8.20 is affected by: Array index
error. T ...)
- TODO: check
+ NOT-FOR-US: Garmin
CVE-2020-27482
RESERVED
CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers
LMS Plug ...)
@@ -8599,7 +8599,7 @@ CVE-2020-26408
CVE-2020-26407
RESERVED
CVE-2020-26406 (Certain SAST CiConfiguration information could be viewed by
unauthoriz ...)
- TODO: check
+ - gitlab <not-affected> (Specific to EE)
CVE-2020-26405
RESERVED
- gitlab 13.3.9-1
@@ -9203,7 +9203,7 @@ CVE-2020-26131 (Issues were discovered in Open DHCP
Server (Regular) 1.75 and Op
CVE-2020-26130 (Issues were discovered in Open TFTP Server multithreaded 1.66
and Open ...)
NOT-FOR-US: Open TFTP Server
CVE-2020-26129 (In JetBrains Ktor before 1.4.1, HTTP request smuggling was
possible. ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-26128
RESERVED
CVE-2020-26127
@@ -11379,13 +11379,13 @@ CVE-2020-25211 (In the Linux kernel through 5.8.7,
local attackers able to injec
- linux 5.8.14-1
NOTE:
https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could
access wor ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access
control for ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-25208
RESERVED
CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote
Code Exe ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-25206
RESERVED
CVE-2020-25205
@@ -11825,7 +11825,7 @@ CVE-2020-25015 (A specific router allows changing the
Wi-Fi password remotely. G
CVE-2020-25014
RESERVED
CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a
Denial of Ser ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-25012
RESERVED
CVE-2020-25011
@@ -13244,7 +13244,7 @@ CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4,
2.7.4 and 2.8.2 has a Di
CVE-2020-24367 (Incorrect file permissions in BlueStacks 4 through 4.230 on
Windows al ...)
NOT-FOR-US: BlueStacks
CVE-2020-24366 (Sensitive information could be disclosed in the JetBrains
YouTrack app ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and
WRTM-12 ...)
NOT-FOR-US: Gemtek devices
CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via
the note ...)
@@ -15035,9 +15035,9 @@ CVE-2020-23492
CVE-2020-23491
RESERVED
CVE-2020-23490 (There was a local file disclosure vulnerability in AVideo <
8.9 via ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2020-23489 (The import.json.php file before 8.9 for Avideo is vulnerable
to a File ...)
- TODO: check
+ NOT-FOR-US: AVideo
CVE-2020-23488
RESERVED
CVE-2020-23487
@@ -50287,7 +50287,7 @@ CVE-2020-8899 (There is a buffer overwrite
vulnerability in the Quram qmg librar
CVE-2020-8898
RESERVED
CVE-2020-8897 (A weak robustness vulnerability exists in the AWS Encryption
SDKs for ...)
- TODO: check
+ NOT-FOR-US: AWS Encryption SDKs
CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation
in Googl ...)
NOT-FOR-US: Google Earth Pro
CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of
Google ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -16,7 +16,7 @@ ansible
--
chromium
--
-firefox-esr
+firefox-esr (jmm)
--
knot-resolver
Santiago Ruano Rincón proposed a debdiff for review
@@ -33,7 +33,7 @@ netty
--
pdns-recursor
--
-thunderbird
+thunderbird (jmm)
--
xcftools
Hugo proposed to work on this update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54b0200f05171dbe25c54c26cdd9d853d691d09
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d54b0200f05171dbe25c54c26cdd9d853d691d09
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
