From 4157e93a77d4090cccf3f1788de4e1a2a613a2a8 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 17 Sep 2020 10:28:23 +0200 Subject: NFUs libraw no-dsa --- data/CVE/2020.list | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index ccabbe9be6..f038b06347 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1743,9 +1743,11 @@ CVE-2020-24891 REJECTED CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...) - libraw + [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/335 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...) - libraw + [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/334 NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee CVE-2020-24888 @@ -2826,15 +2828,15 @@ CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 CVE-2020-24378 RESERVED CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in Freeb ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24375 RESERVED CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...) - luajit (unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/issues/603 @@ -10815,7 +10817,7 @@ CVE-2020-20408 CVE-2020-20407 RESERVED CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...) - TODO: check + NOT-FOR-US: Elementor Page Builder CVE-2020-20405 RESERVED CVE-2020-20404 @@ -19300,7 +19302,7 @@ CVE-2020-16235 CVE-2020-16234 RESERVED CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) - TODO: check + NOT-FOR-US: CodeMeter CVE-2020-16232 RESERVED CVE-2020-16231 -- cgit v1.2.3