[Git][security-tracker-team/security-tracker][master] new sass issue, NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Dec 18 09:47:40 GMT 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b93efb41 by Moritz Muehlenhoff at 2018-12-18T09:47:11Z
new sass issue, NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,7 +26,9 @@ CVE-2018-20192
 CVE-2018-20191
 	RESERVED
 CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
-	TODO: check
+	- libsass <unfixed> (low)
+	[stretch] - libsass <no-dsa> (Minor issue)
+	NOTE: https://github.com/sass/libsass/issues/2786
 CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has ...)
 	- graphicsmagick <unfixed>
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
@@ -87,13 +89,13 @@ CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a differen
 CVE-2018-20166
 	RESERVED
 CVE-2017-18355 (Installed packages are exposed by node_modules in Rendertron 1.0.0, ...)
-	TODO: check
+	NOT-FOR-US: Rendertron
 CVE-2017-18354 (Rendertron 1.0.0 allows for alternative protocols such as 'file://' ...)
-	TODO: check
+	NOT-FOR-US: Rendertron
 CVE-2017-18353 (Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome ...)
-	TODO: check
+	NOT-FOR-US: Rendertron
 CVE-2017-18352 (Error reporting within Rendertron 1.0.0 allows reflected Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Rendertron
 CVE-2018-20167 (Terminology before 1.3.1 allows Remote Code Execution because popmedia ...)
 	- terminology 1.3.1-1 (bug #916630)
 	NOTE: https://phab.enlightenment.org/T7504
@@ -3312,7 +3314,7 @@ CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the ...)
 	[jessie] - libav <no-dsa> (floating point exception cannot be observed on Jessie)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1141
 CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as ...)
-	TODO: check
+	NOT-FOR-US: Apereo Bedework bw-webdav
 CVE-2018-19999
 	RESERVED
 CVE-2018-19998
@@ -5097,7 +5099,7 @@ CVE-2019-1536
 CVE-2019-1535
 	RESERVED
 CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). ...)
-	TODO: check
+	NOT-FOR-US: InfoVista VistaPortal
 CVE-2018-19648
 	RESERVED
 CVE-2018-19647
@@ -8272,7 +8274,7 @@ CVE-2018-19441
 CVE-2018-19440
 	RESERVED
 CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2018-19438
 	RESERVED
 CVE-2018-19443 (The client in Tryton 5.x before 5.0.1 tries to make a connection to the ...)
@@ -8342,7 +8344,7 @@ CVE-2018-19415
 CVE-2018-19414
 	RESERVED
 CVE-2018-19413 (A vulnerability in the API of SonarSource SonarQube before 7.4 could ...)
-	TODO: check
+	NOT-FOR-US: SonarQube
 CVE-2018-19412
 	RESERVED
 CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683 allows an authenticated user ...)
@@ -9379,7 +9381,7 @@ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 a
 CVE-2018-19119
 	RESERVED
 CVE-2018-19118 (Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2018-19117
 	RESERVED
 CVE-2018-19116
@@ -9596,7 +9598,7 @@ CVE-2018-19038
 CVE-2018-19037
 	RESERVED
 CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for firmware ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2018-19035
 	RESERVED
 CVE-2018-19034
@@ -9654,7 +9656,7 @@ CVE-2018-19009
 CVE-2018-19008
 	RESERVED
 CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the ...)
-	TODO: check
+	NOT-FOR-US: Geutebrueck cameras
 CVE-2018-19006
 	RESERVED
 CVE-2018-19005
@@ -9662,7 +9664,7 @@ CVE-2018-19005
 CVE-2018-19004
 	RESERVED
 CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to ...)
-	TODO: check
+	NOT-FOR-US: GE Mark
 CVE-2018-19002
 	RESERVED
 CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software ...)
@@ -9700,7 +9702,7 @@ CVE-2018-18986
 CVE-2018-18985
 	RESERVED
 CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 ...)
-	TODO: check
+	NOT-FOR-US: Medtronic
 CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the ...)
 	NOT-FOR-US: VT-Designer
 CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows ...)
@@ -9846,9 +9848,9 @@ CVE-2018-18925 (Gogs 0.11.66 allows remote code execution because it does not pr
 CVE-2018-18924 (The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to ...)
 	NOT-FOR-US: ProjeQtOr
 CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: AbiSoft Ticketly
 CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create ...)
-	TODO: check
+	NOT-FOR-US: AbiSoft Ticketly
 CVE-2018-18921
 	RESERVED
 CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b93efb41a1ef9a6985edd362d4813c5ee3849bce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b93efb41a1ef9a6985edd362d4813c5ee3849bce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181218/862c28a7/attachment.html>


More information about the debian-security-tracker-commits mailing list