[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Apr 8 21:50:57 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9773102f by Salvatore Bonaccorso at 2019-04-08T20:50:34Z
Process NFUs

- - - - -
31a14077 by Salvatore Bonaccorso at 2019-04-08T20:50:35Z
Add CVE-2019-10914/matrixssl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,7 +32,7 @@ CVE-2019-11003 (In Materialize through 1.0.0, XSS is possible via the Autocomple
 CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip feature. ...)
 	TODO: check
 CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...)
-	TODO: check
+	NOT-FOR-US: Reolink devices
 CVE-2019-11000
 	RESERVED
 CVE-2019-10999
@@ -206,7 +206,9 @@ CVE-2019-10916
 CVE-2019-10915
 	RESERVED
 CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Secure T ...)
-	TODO: check
+	- matrixssl <removed>
+	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
+	NOTE: https://github.com/matrixssl/matrixssl/issues/26
 CVE-2019-10913
 	RESERVED
 CVE-2019-10912
@@ -375,7 +377,7 @@ CVE-2019-10847
 CVE-2019-10846
 	RESERVED
 CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...)
-	TODO: check
+	NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
 	NOT-FOR-US: Sony
 CVE-2019-10843
@@ -826,7 +828,7 @@ CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as inse
 CVE-2019-10677
 	RESERVED
 CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...)
-	TODO: check
+	NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10675
 	REJECTED
 CVE-2019-10674
@@ -16725,7 +16727,7 @@ CVE-2019-4212
 CVE-2019-4211
 	RESERVED
 CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4209
 	RESERVED
 CVE-2019-4208
@@ -16835,7 +16837,7 @@ CVE-2019-4157
 CVE-2019-4156
 	RESERVED
 CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4154
 	RESERVED
 CVE-2019-4153
@@ -16859,7 +16861,7 @@ CVE-2019-4145
 CVE-2019-4144
 	RESERVED
 CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4142
 	RESERVED
 CVE-2019-4141
@@ -17043,7 +17045,7 @@ CVE-2019-4053
 CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthe ...)
 	NOT-FOR-US: IBM
 CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system spe ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4050
 	RESERVED
 CVE-2019-4049
@@ -17055,7 +17057,7 @@ CVE-2019-4047
 CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4044
 	RESERVED
 CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vuln ...)
@@ -19541,7 +19543,7 @@ CVE-2018-20343
 CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
 	NOT-FOR-US: Floureon IP Camera SP012
 CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted Search P ...)
-	TODO: check
+	NOT-FOR-US: WINMAGIC SecureDoc Disk Encryption
 CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...)
 	{DSA-4389-1}
 	- libu2f-host 1.1.7-1 (bug #921726)
@@ -110880,7 +110882,7 @@ CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automati
 CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell  ...)
 	NOT-FOR-US: Moxa
 CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v ...)
-	TODO: check
+	NOT-FOR-US: Hanwha Techwin firmware
 CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...)
 	NOT-FOR-US: CyberVision Kaa IoT Platform
 CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal St ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0de708c7add105a8b6c7494113d1bfad170d2673...31a1407736f4f3a6e9c01248915f5cc36b79de39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/0de708c7add105a8b6c7494113d1bfad170d2673...31a1407736f4f3a6e9c01248915f5cc36b79de39
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190408/f15bd1ab/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list