[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Apr 9 21:26:37 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffbb8e38 by Salvatore Bonaccorso at 2019-04-09T20:26:22Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5366,9 +5366,9 @@ CVE-2019-9136
 CVE-2019-9135
 	RESERVED
 CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...)
-	TODO: check
+	NOT-FOR-US: Architectural Information System
 CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...)
-	TODO: check
+	NOT-FOR-US: KMPlayer (different from src:kmplayer)
 CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC messenger w ...)
 	NOT-FOR-US: KaKaoTalk PC messenger
 CVE-2019-9131
@@ -12720,7 +12720,7 @@ CVE-2019-6119
 CVE-2019-6118
 	RESERVED
 CVE-2019-6117 (The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via t ...)
-	TODO: check
+	NOT-FOR-US: wpape APE GALLERY plugin for WordPress
 CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...)
 	{DSA-4372-1 DLA-1670-1}
 	- ghostscript 9.26a~dfsg-1
@@ -12762,7 +12762,7 @@ CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing character
 	NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
 	NOTE: possibly additionally needed: https://github.com/openssh/openssh-portable/commit/bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb
 CVE-2018-20698 (The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL  ...)
-	TODO: check
+	NOT-FOR-US: floragunn Search Guard plugin for Kibana
 CVE-2018-20697
 	RESERVED
 CVE-2018-20696
@@ -14034,7 +14034,7 @@ CVE-2019-5617
 CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical  ...)
 	NOT-FOR-US: CircuitWerkes Sicon-8
 CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...)
-	TODO: check
+	NOT-FOR-US: Rapid7 InsightVM
 CVE-2019-5614
 	RESERVED
 CVE-2019-5613
@@ -17424,9 +17424,9 @@ CVE-2019-3943
 CVE-2019-3942
 	RESERVED
 CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2019-3939
 	RESERVED
 CVE-2019-3938
@@ -27507,7 +27507,7 @@ CVE-2019-0680 (A remote code execution vulnerability exists in the way that the
 CVE-2019-0679
 	RESERVED
 CVE-2019-0678 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0677
 	RESERVED
 CVE-2019-0676 (An information disclosure vulnerability exists when Internet Explorer  ...)
@@ -27639,13 +27639,13 @@ CVE-2019-0614 (An information disclosure vulnerability exists when the Windows G
 CVE-2019-0613 (A remote code execution vulnerability exists in .NET Framework and Vis ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0612 (A security feature bypass vulnerability exists when Click2Play protect ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0611 (A remote code execution vulnerability exists in the way that the Chakr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0610 (A remote code execution vulnerability exists in the way that the scrip ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0609 (A remote code execution vulnerability exists in the way the scripting  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0608
 	RESERVED
 CVE-2019-0607 (A remote code execution vulnerability exists in the way that the scrip ...)
@@ -27657,7 +27657,7 @@ CVE-2019-0605 (A remote code execution vulnerability exists in the way that the
 CVE-2019-0604 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0603 (A remote code execution vulnerability exists in the way that Windows D ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0602 (An information disclosure vulnerability exists when the Windows GDI co ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0601 (An information disclosure vulnerability exists when the Human Interfac ...)
@@ -27679,7 +27679,7 @@ CVE-2019-0594 (A remote code execution vulnerability exists in Microsoft SharePo
 CVE-2019-0593 (A remote code execution vulnerability exists in the way that the scrip ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0592 (A remote code execution vulnerability exists in the way that the Chakr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0591 (A remote code execution vulnerability exists in the way that the scrip ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0590 (A remote code execution vulnerability exists in the way that the scrip ...)
@@ -31995,7 +31995,7 @@ CVE-2018-18367
 CVE-2018-18366
 	RESERVED
 CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
-	TODO: check
+	NOT-FOR-US: Norton Password Manager
 CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
 	NOT-FOR-US: Symantec
 CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass expl ...)
@@ -36875,7 +36875,7 @@ CVE-2018-16532
 CVE-2018-16531
 	REJECTED
 CVE-2018-16530 (A stack-based buffer overflow in Forcepoint Email Security version 8.5 ...)
-	TODO: check
+	NOT-FOR-US: Forcepoint Email Security
 CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
 	NOT-FOR-US: Forcepoint Email Security
 CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
@@ -40883,7 +40883,7 @@ CVE-2018-14896
 CVE-2018-14895
 	RESERVED
 CVE-2018-14894 (CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an a ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager
 CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
 	NOT-FOR-US: ZyXEL
 CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web appl ...)
@@ -44912,7 +44912,7 @@ CVE-2018-13368
 CVE-2018-13367
 	RESERVED
 CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2018-13365
 	RESERVED
 CVE-2018-13364
@@ -62206,9 +62206,9 @@ CVE-2018-7120
 CVE-2018-7119
 	RESERVED
 CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE  ...)
-	TODO: check
+	NOT-FOR-US: HPE Service Pack for ProLiant (SPP) Bundled Software
 CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
 	NOT-FOR-US: HPE
 CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
@@ -78749,7 +78749,7 @@ CVE-2017-17546
 CVE-2017-17545
 	RESERVED
 CVE-2017-17544 (A privilege escalation vulnerability in Fortinet FortiOS all versions  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in Fortin ...)
 	NOT-FOR-US: Fortinet FortiClient
 CVE-2017-17542



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffbb8e38c8e0948ebb9ce6dd2b4efd9810b32dc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ffbb8e38c8e0948ebb9ce6dd2b4efd9810b32dc9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/25b3a2d7/attachment.html>

More information about the debian-security-tracker-commits mailing list