[Git][security-tracker-team/security-tracker][master] 2 commits: Update CVE-2018-19211 information

Mon Apr 15 16:03:05 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
64a4e1e9 by Salvatore Bonaccorso at 2019-04-15T15:01:35Z
Update CVE-2018-19211 information

As MITRE will not go to reject the CVE entry as clarified on a request
done by Sylvain Beucler, track explicitly the source package and use the
same fixed versions as for CVE-2018-10754.

The duplication was earlier already confirmed by Sven Joachim back in
2018 and lead us to mark it as a duplicate. As MITRE won't reject the
CVE, let's track the source package explicitly.

Thanks: Sylvain Beucler for prodding again MITRE CNA on clarification
for possible rejection.

- - - - -
a492beda by Salvatore Bonaccorso at 2019-04-15T15:02:52Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30321,8 +30321,13 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
 	NOT-FOR-US: libwebm
 	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
 CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
-	NOTE: Duplicate of CVE-2018-10754
-	NOTE: Mitre request 673089 - for now they "are required to maintain these as separate CVEs according to the CNA Rules"
+	- ncurses 6.1+20180210-3 (low)
+	[stretch] - ncurses <no-dsa> (Minor issue)
+	[jessie] - ncurses <no-dsa> (Minor issue)
+	[wheezy] - ncurses <ignored> (Minor issue)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
+	NOTE: Technically a duplicate of CVE-2018-10754, but kept separate by MITRE as per
+	NOTE: MITRE request 673089.
 CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
 	{DLA-1680-1}
 	- tiff 4.0.10-4 (bug #913675)
@@ -32775,7 +32780,7 @@ CVE-2018-18263
 CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
 	NOT-FOR-US: Zoho
 CVE-2018-18261 (In waimai Super Cms 20150505, there is an XSS vulnerability via the /a ...)
-	TODO: check
+	NOT-FOR-US: waimai Super Cms
 CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Th ...)
 	NOT-FOR-US: Camaleon CMS
 CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS softw ...)
@@ -82970,7 +82975,7 @@ CVE-2017-17025
 CVE-2017-17024
 	RESERVED
 CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...)
-	TODO: check
+	NOT-FOR-US: Sophos IPSec Client and NCP "Secure Entry Client"
 CVE-2017-17022
 	RESERVED
 CVE-2017-17021
@@ -92787,7 +92792,7 @@ CVE-2017-14201
 CVE-2017-14200
 	RESERVED
 CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)
-	TODO: check
+	NOT-FOR-US: Zephyr OS
 CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)
 	NOT-FOR-US: Squiz Matrix
 CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/af80edf39153c8fb44be591f7fae77d019daf371...a492beda59701e531c546bb9d2d16fd2869c4f33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/af80edf39153c8fb44be591f7fae77d019daf371...a492beda59701e531c546bb9d2d16fd2869c4f33
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190415/0b3d2051/attachment.html>
