[Git][security-tracker-team/security-tracker][master] libsixel non issue

Wed Apr 17 09:14:40 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4bef13f7 by Moritz Muehlenhoff at 2019-04-17T08:14:12Z
libsixel non issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -489,7 +489,9 @@ CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no esca
 	[stretch] - cacti <no-dsa> (Minor issue)
 	NOTE: https://github.com/Cacti/cacti/issues/2581
 CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...)
-	TODO: check
+	- libsixel <unfixed> (unimportant)
+	NOTE: https://github.com/saitoha/libsixel/issues/85
+	NOTE: Negligible security impact
 CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...)
 	- graphviz <unfixed> (bug #926724)
 	[jessie] - graphviz <postponed> (Minor issue; clean crash / DoS)
@@ -3880,7 +3882,7 @@ CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_ex
 CVE-2019-9846 (RockOA 1.8.7 allows remote attackers to obtain sensitive information b ...)
 	NOT-FOR-US: RockOA
 CVE-2019-9845 (madskristensen Miniblog.Core through 2019-01-16 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: madskristensen Miniblog.Core
 CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows ...)
 	NOT-FOR-US: Khan Academy simple-markdown
 CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and befo ...)
@@ -9302,7 +9304,7 @@ CVE-2019-7646 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763
 CVE-2019-7645
 	RESERVED
 CVE-2019-7644 (Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signat ...)
-	TODO: check
+	NOT-FOR-US: Auth0 Auth0-WCF-Service-JWT
 CVE-2019-7643
 	RESERVED
 CVE-2019-7642 (D-Link routers with the mydlink feature have some web interfaces witho ...)
@@ -65402,7 +65404,7 @@ CVE-2018-6271 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability i
 CVE-2018-6270
 	RESERVED
 CVE-2018-6269 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2018-6268 (NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, ...)
 	NOT-FOR-US: NVIDIA component for Android
 CVE-2018-6267 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in whi ...)
@@ -65496,7 +65498,7 @@ CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in
 CVE-2018-6240
 	RESERVED
 CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of speculative exe ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2018-6238
 	RESERVED
 CVE-2018-6237 (A vulnerability in Trend Micro Smart Protection Server (Standalone) 3. ...)
@@ -71755,9 +71757,9 @@ CVE-2018-4011 (An exploitable integer underflow vulnerability exists in the mdns
 CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect func ...)
 	NOT-FOR-US: ProtonVPN client
 CVE-2018-4009 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
-	TODO: check
+	NOT-FOR-US: Shimo VPN
 CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
-	TODO: check
+	NOT-FOR-US: Shimo VPN
 CVE-2018-4007
 	RESERVED
 CVE-2018-4006



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bef13f7654f4a0da46f0952dae151e065daac8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4bef13f7654f4a0da46f0952dae151e065daac8d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190417/5ce519c0/attachment.html>
