[Git][security-tracker-team/security-tracker][master] historic glibc issues

Moritz Muehlenhoff jmm at debian.org
Thu Apr 11 17:10:25 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eeaf65d0 by Moritz Muehlenhoff at 2019-04-11T16:09:51Z
historic glibc issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,15 +33,15 @@ CVE-2019-11069 (Sequelize before 5.3.0 does not properly ensure that standard co
 CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...)
 	TODO: check
 CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
-	TODO: check
+	- glibc 2.5-1
 CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version  ...)
-	TODO: check
+	- glibc 2.3.5-3
 CVE-2019-11067
 	RESERVED
 CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-11066
 	RESERVED
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
@@ -4021,7 +4021,7 @@ CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible
 CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
 	NOT-FOR-US: Norton Core
 CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...)
@@ -11674,7 +11674,7 @@ CVE-2019-6558
 CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
 	NOT-FOR-US: Cscape
 CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
@@ -12771,11 +12771,11 @@ CVE-2019-6158
 CVE-2019-6157
 	RESERVED
 CVE-2019-6156 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6155
 	RESERVED
 CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable Genera ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6153
 	RESERVED
 CVE-2019-6152
@@ -17570,7 +17570,7 @@ CVE-2019-3945
 CVE-2019-3944
 	RESERVED
 CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...)
-	TODO: check
+	NOT-FOR-US: MikroTik
 CVE-2019-3942
 	RESERVED
 CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
@@ -18437,7 +18437,7 @@ CVE-2019-3614
 CVE-2019-3613
 	RESERVED
 CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
-	TODO: check
+	NOT-FOR-US: McAFee
 CVE-2019-3611
 	RESERVED
 CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
@@ -27992,14 +27992,14 @@ CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempti
 CVE-2018-19590
 	RESERVED
 CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
-	TODO: check
+	NOT-FOR-US: Utimaco CryptoServer HSM
 CVE-2018-19588
 	RESERVED
 CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas
 CVE-2018-19585
 	RESERVED
 	- gitlab 11.3.11+dfsg-1
@@ -29005,7 +29005,7 @@ CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in
 CVE-2018-19454
 	RESERVED
 CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
-	TODO: check
+	NOT-FOR-US: Kentico CMS
 CVE-2018-19452
 	RESERVED
 CVE-2018-19451
@@ -30496,7 +30496,7 @@ CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05
 CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the D ...)
 	NOT-FOR-US: Geutebrueck cameras
 CVE-2018-19006 (OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI Vision
 CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation  ...)
 	NOT-FOR-US: Cscape
 CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds rea ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eeaf65d0845da8a30bd044e08225d92744ec5c49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/eeaf65d0845da8a30bd044e08225d92744ec5c49
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190411/7ee49cc4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list