From 806851d91dbdf367b57e859a129d29dc6b19a3f2 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 30 Jan 2020 11:52:23 -0800 Subject: NFUs stb code copy bugs --- data/CVE/2019.list | 18 +++++++++--------- data/CVE/2020.list | 12 ++++++------ data/embedded-code-copies | 3 +++ 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 1cb0a835f8..85b2c7ed11 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -302,7 +302,7 @@ CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the O CVE-2019-20328 RESERVED CVE-2019-20327 (Insecure permissions in cwrapper_perl in Centreon Infrastructure Monit ...) - TODO: check + NOT-FOR-US: Centreon Infrastructure Monitoring CVE-2019-20325 REJECTED CVE-2019-20324 @@ -1625,9 +1625,9 @@ CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...) NOT-FOR-US: TOTOLINK Realtek SDK based routers CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...) - TODO: check + NOT-FOR-US: Realtek CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...) - TODO: check + NOT-FOR-US: Realtek CVE-2019-19821 RESERVED CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...) @@ -7631,7 +7631,7 @@ CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is CVE-2019-17339 RESERVED CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...) @@ -14475,7 +14475,7 @@ CVE-2019-14631 CVE-2019-14630 RESERVED CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14628 RESERVED CVE-2019-14627 @@ -14509,7 +14509,7 @@ CVE-2019-14615 (Insufficient control flow in certain data structures for some In CVE-2019-14614 RESERVED CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...) NOT-FOR-US: Intel CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...) @@ -14535,9 +14535,9 @@ CVE-2019-14603 (Improper permissions in the installer for the License Server sof CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...) NOT-FOR-US: Nuvoton* CIR Driver CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...) - TODO: check + NOT-FOR-US: Intel CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...) NOT-FOR-US: Intel CVE-2019-14598 @@ -23407,7 +23407,7 @@ CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all q CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly ...) NOT-FOR-US: Cloud Foundry Routing CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...) - rabbitmq-server (bug #945600) [buster] - rabbitmq-server (Minor issue) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index dd0b1c45c9..41435c8574 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1313,7 +1313,7 @@ CVE-2020-7801 CVE-2020-7800 RESERVED CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) - TODO: check + NOT-FOR-US: FusionAuth CVE-2020-7798 RESERVED CVE-2020-7797 @@ -5992,7 +5992,7 @@ CVE-2020-5525 CVE-2020-5524 RESERVED CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) - TODO: check + NOT-FOR-US: MyPallete CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) @@ -6628,11 +6628,11 @@ CVE-2020-5222 CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) - TODO: check + NOT-FOR-US: Sylius CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) - TODO: check + NOT-FOR-US: Angular Expressions CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) - TODO: check + NOT-FOR-US: Sylius CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers (bug #949999) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c @@ -10800,7 +10800,7 @@ CVE-2020-3149 CVE-2020-3148 RESERVED CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3146 RESERVED CVE-2020-3145 diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 6e1dc6537e..fce42b6c5a 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -3469,3 +3469,6 @@ libstb - libsixel (embed; bug #949707) - retroarch (embed; bug #949708) - libsfml (embed; bug #949709) + - sumo (embed; bug #950251) + - yquake2 (embed; bug #950252) + - dart (modified-embed) -- cgit v1.2.3