[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Apr 4 08:46:48 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acf1baed by Salvatore Bonaccorso at 2019-04-04T07:46:27Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3012,7 +3012,7 @@ CVE-2019-9761 (An XXE issue was discovered in PHPSHE 1.7, which can be used to r
 CVE-2019-9760 (FTPGetter Standard v.5.97.0.177 allows remote code execution when a us ...)
 	NOT-FOR-US: FTPGetter
 CVE-2019-9759 (An issue was discovered in TONGDA Office Anywhere 10.18.190121. There  ...)
-	TODO: check
+	NOT-FOR-US: TONGDA Office Anywhere
 CVE-2019-9758
 	RESERVED
 CVE-2019-9757
@@ -69465,85 +69465,85 @@ CVE-2018-4358 (Multiple memory corruption issues were addressed with improved me
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4357 (A memory corruption issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple Xcode
 CVE-2018-4356 (A permissions issue existed. This issue was addressed with improved pe ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4355 (A configuration issue was addressed with additional restrictions. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4354 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4353 (A configuration issue was addressed with additional restrictions. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4352 (A consistency issue existed in the handling of application snapshots.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4351 (A memory initialization issue was addressed with improved memory handl ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4350 (A memory corruption issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4349
 	RESERVED
 CVE-2018-4348 (A validation issue was addressed with improved logic. This issue affec ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4347 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4346 (A validation issue existed which allowed local file access. This was a ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4345 (A cross-site scripting issue existed in Safari. This issue was address ...)
 	- webkit2gtk 2.22.3-1 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
 	NOTE: Not covered by security support
 CVE-2018-4344 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4343 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4342 (A configuration issue was addressed with additional restrictions. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4341 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4339
 	RESERVED
 CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4336 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4335 (A validation issue was addressed with improved input sanitization. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4334 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4333 (A validation issue was addressed with improved input sanitization. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4332 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4331 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4330 (In iOS before 11.4, a memory corruption issue exists and was addressed ...)
 	NOT-FOR-US: Apple
 CVE-2018-4329 (Clearing a history item may not clear visits with redirect chains. The ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4328 (Multiple memory corruption issues were addressed with improved memory  ...)
 	- webkit2gtk 2.22.0-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4327 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4326 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4325 (A logic issue was addressed with improved restrictions. This issue aff ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4324 (A permissions issue existed in the handling of the Apple ID. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4323 (Multiple memory corruption issues were addressed with improved memory  ...)
 	- webkit2gtk 2.22.0-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4322 (This issue was addressed with improved entitlements. This issue affect ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4321 (A validation issue existed in the entitlement verification. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4320
 	RESERVED
 CVE-2018-4319 (A cross-origin issue existed with "iframe" elements. This was addresse ...)
@@ -69571,7 +69571,7 @@ CVE-2018-4314 (A use after free issue was addressed with improved memory managem
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4313 (A consistency issue existed in the handling of application snapshots.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4312 (A use after free issue was addressed with improved memory management.  ...)
 	- webkit2gtk 2.22.0-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
@@ -69581,25 +69581,25 @@ CVE-2018-4311 (The issue was addressed by removing origin information. This issu
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4310 (An access issue was addressed with additional sandbox restrictions. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4309 (A cross-site scripting issue existed in Safari. This issue was address ...)
 	- webkit2gtk 2.22.0-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4308 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4307 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4306 (A use after free issue was addressed with improved memory management.  ...)
 	- webkit2gtk 2.22.0-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
 	NOTE: Not covered by security support
 CVE-2018-4305 (An input validation issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4304 (A denial of service issue was addressed with improved validation. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4302
 	RESERVED
 CVE-2018-4301
@@ -69618,41 +69618,41 @@ CVE-2018-4297
 CVE-2018-4296
 	RESERVED
 CVE-2018-4295 (An input validation issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4294
 	RESERVED
 CVE-2018-4293 (A cookie management issue was addressed with improved checks. This iss ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4292
 	RESERVED
 CVE-2018-4291 (Multiple memory corruption issues were addressed with improved memory  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4290 (A denial of service issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4289 (An information disclosure issue was addressed by removing the vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4288 (Multiple memory corruption issues were addressed with improved memory  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4287 (Multiple memory corruption issues were addressed with improved memory  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4286 (Multiple memory corruption issues were addressed with improved memory  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4285 (A type confusion issue was addressed with improved memory handling. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4284 (A type confusion issue was addressed with improved memory handling. Th ...)
 	- webkit2gtk 2.20.4-1 (unimportant)
 	NOTE: Not covered by security support
 	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
 CVE-2018-4283 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4282 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4281 (In SwiftNIO before 1.8.0, a buffer overflow was addressed with improve ...)
 	NOT-FOR-US: Apple
 CVE-2018-4280 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4279 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2018-4278 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...)
 	- webkit2gtk 2.20.4-1 (unimportant)
 	NOTE: Not covered by security support
@@ -69660,11 +69660,11 @@ CVE-2018-4278 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS befo
 CVE-2018-4277 (In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari ...)
 	NOT-FOR-US: Apple
 CVE-2018-4276 (A null pointer dereference was addressed with improved validation. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4275 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4274 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4273 (Multiple memory corruption issues were addressed with improved input v ...)
 	- webkit2gtk 2.20.4-1 (unimportant)
 	NOTE: Not covered by security support
@@ -69682,9 +69682,9 @@ CVE-2018-4270 (A memory corruption issue was addressed with improved memory hand
 	NOTE: Not covered by security support
 	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
 CVE-2018-4269 (A memory corruption issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4268 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4267 (Multiple memory corruption issues were addressed with improved memory  ...)
 	- webkit2gtk 2.20.4-1 (unimportant)
 	NOTE: Not covered by security support
@@ -69714,9 +69714,9 @@ CVE-2018-4261 (Multiple memory corruption issues were addressed with improved me
 	NOTE: Not covered by security support
 	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
 CVE-2018-4260 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4259 (Multiple memory corruption issues were addressed with improved memory  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4258 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed w ...)
 	NOT-FOR-US: Apple
 CVE-2018-4257 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed w ...)
@@ -69738,7 +69738,7 @@ CVE-2018-4250 (An issue was discovered in certain Apple products. iOS before 11.
 CVE-2018-4249 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
 	NOT-FOR-US: Apple
 CVE-2018-4248 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4247 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
 	NOT-FOR-US: Apple
 CVE-2018-4246 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
@@ -69812,7 +69812,7 @@ CVE-2018-4218 (An issue was discovered in certain Apple products. iOS before 11.
 CVE-2018-4217 (In macOS High Sierra before 10.13.5, a privacy issue in the handling o ...)
 	NOT-FOR-US: Apple
 CVE-2018-4216 (A logic issue existed in the handling of call URLs. This issue was add ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4215 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
 	NOT-FOR-US: Apple
 CVE-2018-4214 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
@@ -69854,7 +69854,7 @@ CVE-2018-4204 (An issue was discovered in certain Apple products. iOS before 11.
 	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
 	NOTE: Not covered by security support
 CVE-2018-4203 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4202 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
 	NOT-FOR-US: Apple (iBooks component)
 CVE-2018-4201 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
@@ -69878,7 +69878,7 @@ CVE-2018-4197 (A use after free issue was addressed with improved memory managem
 CVE-2018-4196 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
 	NOT-FOR-US: Apple (Accessibility Framework component)
 CVE-2018-4195 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4194 (In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3. ...)
 	NOT-FOR-US: Apple
 CVE-2018-4193 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -69924,7 +69924,7 @@ CVE-2018-4180 (In macOS High Sierra before 10.13.5, an issue existed in CUPS. Th
 CVE-2018-4179 (In macOS High Sierra before 10.13.4, there was an issue with the handl ...)
 	NOT-FOR-US: Apple
 CVE-2018-4178 (A permissions issue existed in which execute permission was incorrectl ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4177
 	RESERVED
 CVE-2018-4176 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -69982,7 +69982,7 @@ CVE-2018-4155 (An issue was discovered in certain Apple products. iOS before 11.
 CVE-2018-4154 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
 	NOT-FOR-US: Apple
 CVE-2018-4153 (An injection issue was addressed with improved validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4152 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
 	NOT-FOR-US: Apple
 CVE-2018-4151 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
@@ -70000,7 +70000,7 @@ CVE-2018-4146 (An issue was discovered in certain Apple products. iOS before 11.
 	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
 	NOTE: Not covered by security support
 CVE-2018-4145 (Multiple memory corruption issues were addressed with improved memory  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4144 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
 	NOT-FOR-US: Apple
 CVE-2018-4143 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
@@ -70046,7 +70046,7 @@ CVE-2018-4127 (An issue was discovered in certain Apple products. iOS before 11.
 	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
 	NOTE: Not covered by security support
 CVE-2018-4126 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2018-4125 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
 	- webkit2gtk 2.20.0-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
@@ -92264,7 +92264,7 @@ CVE-2017-13913
 CVE-2017-13912
 	RESERVED
 CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13910
 	RESERVED
 CVE-2017-13909
@@ -113407,7 +113407,7 @@ CVE-2017-7153 (An issue was discovered in certain Apple products. iOS before 11.
 CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is  ...)
 	NOT-FOR-US: Apple
 CVE-2017-7151 (A race condition was addressed with additional validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13  ...)
 	NOT-FOR-US: Apple
 CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before 10.13  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acf1baed04afcac76626ece02c95efaefc31a520

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acf1baed04afcac76626ece02c95efaefc31a520
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190404/376cc27c/attachment.html>


More information about the debian-security-tracker-commits mailing list