[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 3 21:55:53 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4961007 by Salvatore Bonaccorso at 2019-04-03T20:54:45Z
Process some NFUs
Note to peer-reviewer: Not sure I missed any other relevant product in
those CVEs which were marked NFU for Apple. But as far I went troguh
those CVEs they seem to be Apple products specific.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1088,7 +1088,7 @@ CVE-2019-1002101 (The kubectl cp command allows copying files between containers
NOTE: Introduced by: https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20
NOTE: Upstream patch: https://github.com/kubernetes/kubernetes/pull/75037
CVE-2019-10261 (CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XS ...)
- TODO: check
+ NOT-FOR-US: CentOS Web Panel
CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html ( ...)
NOT-FOR-US: Total.js CMS
CVE-2019-10259
@@ -16486,7 +16486,7 @@ CVE-2019-4016 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4013
RESERVED
CVE-2019-4012
@@ -69145,7 +69145,7 @@ CVE-2018-4472
CVE-2018-4471
RESERVED
CVE-2018-4470 (A privacy issue in the handling of Open Directory records was addresse ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4469
RESERVED
CVE-2018-4468
@@ -69155,19 +69155,19 @@ CVE-2018-4467
CVE-2018-4466
RESERVED
CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4464 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
CVE-2018-4463 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4462 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4461 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4460 (A denial of service issue was addressed by removing the vulnerable cod ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4459
RESERVED
CVE-2018-4458
@@ -69175,7 +69175,7 @@ CVE-2018-4458
CVE-2018-4457
RESERVED
CVE-2018-4456 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4455
RESERVED
CVE-2018-4454
@@ -69187,17 +69187,17 @@ CVE-2018-4452
CVE-2018-4451
RESERVED
CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4448
RESERVED
CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4444
RESERVED
CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -69213,9 +69213,9 @@ CVE-2018-4441 (A memory corruption issue was addressed with improved memory hand
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
CVE-2018-4440 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4439 (A logic issue was addressed with improved validation. This issue affec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4438 (A logic issue existed resulting in memory corruption. This was address ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
@@ -69225,95 +69225,95 @@ CVE-2018-4437 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
NOTE: Not covered by security support
CVE-2018-4436 (A certificate validation issue existed in configuration profiles. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issue aff ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4433
RESERVED
CVE-2018-4432
RESERVED
CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4428
RESERVED
CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4425 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4424 (A buffer overflow was addressed with improved size validation. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4423 (A logic issue was addressed with improved validation. This issue affec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4422 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4421 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4420 (A memory corruption issue was addressed by removing the vulnerable cod ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4419 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4418 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4417 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4416 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
CVE-2018-4415 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4414 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4413 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4412 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4411 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4410 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4409 (A resource exhaustion issue was addressed with improved input validati ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4408 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4407 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4406 (A denial of service issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4405
RESERVED
CVE-2018-4404 (In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corr ...)
NOT-FOR-US: Apple
CVE-2018-4403 (This issue was addressed by removing additional entitlements. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4402 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4401 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4400 (A validation issue was addressed with improved logic. This issue affec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4399 (An access issue existed with privileged API calls. This issue was addr ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4398 (An issue existed in the method for determining prime numbers. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4397 (Analytics data was sent using HTTP rather than HTTPS. This was address ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4396 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4395 (This issue was addressed with improved checks. This issue affected ver ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4394 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4393 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4392 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
@@ -69323,21 +69323,21 @@ CVE-2018-4391
CVE-2018-4390
RESERVED
CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4387 (A lock screen issue allowed access to photos via Reply With Message on ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4386 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
CVE-2018-4385 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4384 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4383 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4382 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
@@ -69345,15 +69345,15 @@ CVE-2018-4382 (Multiple memory corruption issues were addressed with improved me
CVE-2018-4381
RESERVED
CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4378 (A memory corruption issue was addressed with improved validation. This ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
CVE-2018-4377 (A cross-site scripting issue existed in Safari. This issue was address ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4376 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
@@ -69363,7 +69363,7 @@ CVE-2018-4375 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
CVE-2018-4374 (A logic issue was addressed with improved validation. This issue affec ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4373 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
@@ -69373,31 +69373,31 @@ CVE-2018-4372 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
CVE-2018-4371 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4370
RESERVED
CVE-2018-4369 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4368 (A denial of service issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4367 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4366 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4365 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4364
RESERVED
CVE-2018-4363 (An input validation issue existed in the kernel. This issue was addres ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4362 (An inconsistent user interface issue was addressed with improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4361 (A memory consumption issue was addressed with improved memory handling ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
NOTE: Not covered by security support
CVE-2018-4360 (Multiple memory corruption issues were addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4359 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4961007e0ee34cf1918471a3f70259cc98fe54c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4961007e0ee34cf1918471a3f70259cc98fe54c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190403/e7f10115/attachment.html>
More information about the debian-security-tracker-commits
mailing list