[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Apr 17 21:37:23 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e76df39 by Salvatore Bonaccorso at 2019-04-17T20:36:54Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -718,19 +718,19 @@ CVE-2019-10955
 CVE-2019-10954
 	RESERVED
 CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...)
-	TODO: check
+	NOT-FOR-US: Programmable Logic Controllers of various vendors
 CVE-2019-10952
 	RESERVED
 CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2019-10950
 	RESERVED
 CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2019-10948
 	RESERVED
 CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
-	TODO: check
+	NOT-FOR-US: Delta Electronics
 CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh list of  ...)
 	NOT-FOR-US: Joomla!
 CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manager com ...)
@@ -1542,11 +1542,11 @@ CVE-2019-10645
 CVE-2019-10644 (An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vul ...)
 	NOT-FOR-US: HYBBS
 CVE-2019-10643 (Contao 4.7 allows Use of a Key Past its Expiration Date. ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2019-10642 (Contao 4.7 allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2019-10640 [DoS potential for regex in CI/CD refs]
 	RESERVED
 	- gitlab <unfixed> (bug #926482)
@@ -7551,11 +7551,11 @@ CVE-2019-8457
 CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditio ...)
 	NOT-FOR-US: Check Point
 CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...)
-	TODO: check
+	NOT-FOR-US: Check Point ZoneAlarm
 CVE-2019-8454
 	RESERVED
 CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...)
-	TODO: check
+	NOT-FOR-US: Check Point ZoneAlarm
 CVE-2019-8452
 	RESERVED
 CVE-2019-8451
@@ -24338,7 +24338,7 @@ CVE-2019-1985
 	RESERVED
 	NOT-FOR-US: Android
 CVE-2018-20028 (Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11  ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2018-20027 (The yaml_parse.load method in Pylearn2 allows code injection. ...)
 	NOT-FOR-US: Pylearn2
 CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3 products ...)
@@ -45571,7 +45571,7 @@ CVE-2018-13380
 CVE-2018-13379
 	RESERVED
 CVE-2018-13378 (An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 an ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiSIEM
 CVE-2018-13377
 	RESERVED
 CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 t ...)
@@ -71863,13 +71863,13 @@ CVE-2018-4009 (An exploitable privilege escalation vulnerability exists in the S
 CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
 	NOT-FOR-US: Shimo VPN
 CVE-2018-4007 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
-	TODO: check
+	NOT-FOR-US: Shimo VPN
 CVE-2018-4006 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
-	TODO: check
+	NOT-FOR-US: Shimo VPN
 CVE-2018-4005 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
-	TODO: check
+	NOT-FOR-US: Shimo VPN
 CVE-2018-4004 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
-	TODO: check
+	NOT-FOR-US: Shimo VPN
 CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the mdnscap binar ...)
 	NOT-FOR-US: CUJO Smart Firewall
 CVE-2018-4002



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e76df39a37d6a2b50f125672b312b0c75ee44fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e76df39a37d6a2b50f125672b312b0c75ee44fc
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190417/fe918604/attachment.html>


More information about the debian-security-tracker-commits mailing list