[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de34d354 by Moritz Muehlenhoff at 2018-11-30T16:34:12Z
NFUs
new confuse issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,7 +40,8 @@ CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function:
 CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: ...)
 	TODO: check
 CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
-	TODO: check
+	- confuse <unfixed> (low)
+	[stretch] - confuse <no-dsa> (Minor issue)
 CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
 	TODO: check
 CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
@@ -5762,7 +5763,7 @@ CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pron
 CVE-2018-18620
 	RESERVED
 CVE-2018-18619 (internal/advanced_comment_system/admin.php in Advanced Comment System ...)
-	TODO: check
+	NOT-FOR-US: Advanced Comment System
 CVE-2018-18618
 	RESERVED
 CVE-2018-18617
@@ -12405,9 +12406,9 @@ CVE-2018-15982
 CVE-2018-15981 (Flash Player versions 31.0.0.148 and earlier have a type confusion ...)
 	NOT-FOR-US: Adobe
 CVE-2018-15980 (Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2018-15979 (Adobe Acrobat and Reader versions 2019.008.20080 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2018-15978 (Flash Player versions 31.0.0.122 and earlier have an out-of-bounds ...)
 	NOT-FOR-US: Adobe
 CVE-2018-15977
@@ -25308,7 +25309,7 @@ CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forger
 CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery ...)
 	NOT-FOR-US: YXcms
 CVE-2018-11002 (Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Desktop Client
 CVE-2018-11001
 	RESERVED
 CVE-2018-11000
@@ -40007,7 +40008,7 @@ CVE-2018-5921 (A potential security vulnerability has been identified with certa
 CVE-2018-5920
 	RESERVED
 CVE-2018-5919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2018-5918 (Possible buffer overflow in DRM Trusted application due to lack of ...)
 	NOT-FOR-US: Snapdragon
 CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper input ...)
@@ -40025,19 +40026,19 @@ CVE-2018-5912 (Potential buffer overflow in Video due to lack of input validatio
 CVE-2018-5911
 	RESERVED
 CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5907 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5905 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5903
 	RESERVED
 CVE-2018-5902
@@ -40126,7 +40127,7 @@ CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...)
 CVE-2018-5862 (In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5861 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5859 (Due to a race condition in the MDSS MDP driver in all Android releases ...)
@@ -40136,7 +40137,7 @@ CVE-2018-5858 (In the audio debugfs in all Android releases from CAF using the L
 CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5856 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5855 (While padding or shrinking a nested wmi packet in all Android releases ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android ...)
@@ -75675,7 +75676,7 @@ CVE-2017-11080 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
 CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11077
 	RESERVED
 CVE-2017-11076



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de34d3548e7d0318f0f18a11005191b26487ae04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/de34d3548e7d0318f0f18a11005191b26487ae04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181130/46c7d15b/attachment-0001.html>