[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Apr 30 21:57:47 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8403353a by Salvatore Bonaccorso at 2019-04-30T20:47:19Z
Process NFUs

- - - - -
5d980900 by Salvatore Bonaccorso at 2019-04-30T20:57:23Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2018-20825
 CVE-2018-20824
 	RESERVED
 CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 ha ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2019-XXXX [gpg-key2ps: Shell injection vulnerability in UIDs rendering]
 	- signing-party <unfixed> (bug #928256)
 	[stretch] - signing-party <no-dsa> (Will be fixed via point release)
@@ -60,11 +60,11 @@ CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found
 CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...)
 	TODO: check
 CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...)
-	TODO: check
+	NOT-FOR-US: AdBlock
 CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...)
-	TODO: check
+	NOT-FOR-US: AdBlock Plus
 CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews ...)
-	TODO: check
+	NOT-FOR-US: WeBid Auction Script
 CVE-2019-11589
 	RESERVED
 CVE-2019-11588
@@ -1587,11 +1587,11 @@ CVE-2019-10952
 CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
-	TODO: check
+	NOT-FOR-US: Fujifilm
 CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2019-10948 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...)
-	TODO: check
+	NOT-FOR-US: Fujifilm
 CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh list of  ...)
@@ -3087,29 +3087,29 @@ CVE-2019-10320
 CVE-2019-10319
 	RESERVED
 CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Azure AD Plugin
 CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostna ...)
-	TODO: check
+	NOT-FOR-US: Jenkins SiteMonitor Plugin
 CVE-2019-10316 (Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Aqua MicroScanner Plugin
 CVE-2019-10315 (Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins GitHub Authentication Plugin
 CVE-2019-10314 (Jenkins Koji Plugin disables SSL/TLS and hostname verification globall ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Koji Plugin
 CVE-2019-10313 (Jenkins Twitter Plugin stores credentials unencrypted in its global co ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Twitter Plugin
 CVE-2019-10312 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Ansible Tower Plugin
 CVE-2019-10311 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Ansible Tower Plugin
 CVE-2019-10310 (A cross-site request forgery vulnerability in Jenkins Ansible Tower Pl ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Ansible Tower Plugin
 CVE-2019-10309 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients
 CVE-2019-10308 (A missing permission check in Jenkins Static Analysis Utilities Plugin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Static Analysis Utilities Plugin
 CVE-2019-10307 (A cross-site request forgery vulnerability in Jenkins Static Analysis  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Static Analysis Utilities Plugin
 CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...)
@@ -5946,7 +5946,7 @@ CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes blo
 CVE-2019-9487
 	RESERVED
 CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTE ...)
-	TODO: check
+	NOT-FOR-US: STRATO HiDrive Desktop Client
 CVE-2019-9485 [Privilege escalation impersonate user]
 	RESERVED
 	[experimental] - gitlab 11.8.2-1
@@ -8458,7 +8458,7 @@ CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common con
 CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...)
 	NOT-FOR-US: Check Point ZoneAlarm
 CVE-2019-8454 (A local attacker can create a hard-link between a file to which the Ch ...)
-	TODO: check
+	NOT-FOR-US: Check Point Endpoint Security client for Windows
 CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...)
 	NOT-FOR-US: Check Point ZoneAlarm
 CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up  ...)
@@ -18485,7 +18485,7 @@ CVE-2019-4168
 CVE-2019-4167
 	RESERVED
 CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4165
 	RESERVED
 CVE-2019-4164



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad63451cf390299c246edb41f9fccae582597f67...5d9809007433f2bb20b67e38c4e5ceb546067c7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad63451cf390299c246edb41f9fccae582597f67...5d9809007433f2bb20b67e38c4e5ceb546067c7e
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190430/e2bdbc8e/attachment.html>

More information about the debian-security-tracker-commits mailing list