From 82dbd0f2a91de92ec35b5015ea879f2fdbd29893 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 17 Sep 2020 10:28:23 +0200 Subject: NFUs libraw no-dsa --- data/CVE/list | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index ea7ebfe29c..452169a309 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1775,9 +1775,11 @@ CVE-2020-24891 REJECTED CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...) - libraw + [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/335 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...) - libraw + [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/334 NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee CVE-2020-24888 @@ -2858,15 +2860,15 @@ CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 CVE-2020-24378 RESERVED CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in Freeb ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24375 RESERVED CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...) - luajit (unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/issues/603 @@ -10849,7 +10851,7 @@ CVE-2020-20408 CVE-2020-20407 RESERVED CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...) - TODO: check + NOT-FOR-US: Elementor Page Builder CVE-2020-20405 RESERVED CVE-2020-20404 @@ -19336,7 +19338,7 @@ CVE-2020-16235 CVE-2020-16234 RESERVED CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) - TODO: check + NOT-FOR-US: CodeMeter CVE-2020-16232 RESERVED CVE-2020-16231 -- cgit v1.2.3