[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Nov 14 17:08:22 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4df869ab by Moritz Muehlenhoff at 2018-11-14T17:07:52Z
NFUs
nasm non-issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -249,11 +249,11 @@ CVE-2018-19248
CVE-2018-19247
RESERVED
CVE-2018-19246 (PHP-Proxy 5.1.0 allows remote attackers to read local files if the ...)
- TODO: check
+ NOT-FOR-US: PHP-Proxy
CVE-2018-19245
RESERVED
CVE-2018-19244 (An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 ...)
- TODO: check
+ NOT-FOR-US: Charles
CVE-2018-19243
RESERVED
CVE-2018-19242
@@ -317,22 +317,19 @@ CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in
NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
TODO: Something is not correct about this CVE, the upstream bug is 3392425, but commit references 3392525, and the former is really fixed in 2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03.
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
- - nasm <unfixed>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
- TODO: check
+ NOTE: No security impact, crash in CLI tool
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
- - nasm <unfixed>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392521
NOTE: https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
- TODO: check
+ NOTE: No security impact, crash in CLI tool
CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may ...)
- - nasm <unfixed>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392524
- TODO: check
+ NOTE: No security impact, crash in CLI tool
CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
TODO: check
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function ...)
@@ -4254,7 +4251,7 @@ CVE-2018-17616 (This vulnerability allows remote attackers to execute arbitrary
CVE-2018-17615 (This vulnerability allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-17614 (This vulnerability allows remote attackers to execute arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Losant Arduino MQTT Client
CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is ...)
- telegram-desktop <unfixed>
NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html
@@ -8824,7 +8821,7 @@ CVE-2018-15797
CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2018-15794
RESERVED
CVE-2018-15793
@@ -17342,7 +17339,7 @@ CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika and
CVE-2018-12417
RESERVED
CVE-2018-12416 (The GridServer Broker and GridServer Director components of TIBCO ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO Software ...)
NOT-FOR-US: TIBCO
CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
@@ -27550,25 +27547,25 @@ CVE-2018-8611
CVE-2018-8610
RESERVED
CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8608 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8607 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8606 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8604
RESERVED
CVE-2018-8603
RESERVED
CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8601
RESERVED
CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure App ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8599
RESERVED
CVE-2018-8598
@@ -27584,15 +27581,15 @@ CVE-2018-8594
CVE-2018-8593
RESERVED
CVE-2018-8592 (An elevation of privilege vulnerability exists in Windows 10 version ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8591
RESERVED
CVE-2018-8590
RESERVED
CVE-2018-8589 (An elevation of privilege vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8588 (A remote code execution vulnerability exists in the way that the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8587
RESERVED
CVE-2018-8586
@@ -27600,59 +27597,59 @@ CVE-2018-8586
CVE-2018-8585
RESERVED
CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8583
RESERVED
CVE-2018-8582 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8580
RESERVED
CVE-2018-8579 (An information disclosure vulnerability exists when attaching files to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8577 (A remote code execution vulnerability exists in Microsoft Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8576 (A remote code execution vulnerability exists in Microsoft Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8575 (A remote code execution vulnerability exists in Microsoft Project ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8574 (A remote code execution vulnerability exists in Microsoft Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8573 (A remote code execution vulnerability exists in Microsoft Word ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8572 (An elevation of privilege vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8571
RESERVED
CVE-2018-8570 (A remote code execution vulnerability exists when Internet Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8569 (A remote code execution vulnerability exists in the Yammer desktop ...)
NOT-FOR-US: Yammer
CVE-2018-8568 (An elevation of privilege vulnerability exists when Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8567 (An elevation of privilege vulnerability exists when Microsoft Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8566 (A security feature bypass vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8565 (An information disclosure vulnerability exists when the win32k ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8564 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8563 (An information disclosure vulnerability exists when DirectX improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8562 (An elevation of privilege vulnerability exists in Windows when the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8561 (An elevation of privilege vulnerability exists when DirectX improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8560
RESERVED
CVE-2018-8559
RESERVED
CVE-2018-8558 (An information disclosure vulnerability exists when Microsoft Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8557 (A remote code execution vulnerability exists in the way that the ...)
TODO: check
CVE-2018-8556 (A remote code execution vulnerability exists in the way that the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4df869ab639cc114991559bd5ef513345fd12d89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4df869ab639cc114991559bd5ef513345fd12d89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181114/84318bf5/attachment.html>
More information about the debian-security-tracker-commits
mailing list