[Git][security-tracker-team/security-tracker][master] Process some Drupal 8 / module NFUs

Mon, 14 Feb 2022 00:49:32 -0800 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ca5019d1 by Neil Williams at 2022-02-14T08:49:08+00:00
Process some Drupal 8 / module NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124841,26 +124841,26 @@ CVE-2020-13679
 CVE-2020-13678
        RESERVED
 CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does 
not pro ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13676 (The QuickEdit module does not properly check access to fields 
in some  ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads 
through the ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13674 (The QuickEdit module does not properly validate access to 
routes, whic ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding 
entities  ...)
-       TODO: check
+       NOT-FOR-US: Drupal Entity Embed module
 CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on 
uploaded f ...)
        {DLA-2458-1}
        - drupal7 <removed>
        NOTE: https://www.drupal.org/sa-core-2020-012
        NOTE: 
https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84
 CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal 
Core all ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal 
Core al ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an 
attacker to l ...)
-       TODO: check
+       NOT-FOR-US: Drupal 8.x
 CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces 
allows an att ...)
        NOT-FOR-US: Drupal 8.x
 CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX 
API doe ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca5019d1abbd008d49a81ad469ecbbfe1302377a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca5019d1abbd008d49a81ad469ecbbfe1302377a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to