[Git][security-tracker-team/security-tracker][master] 2 commits: Update todo note for CVE-2018-20871

Salvatore Bonaccorso carnil at debian.org
Sat Aug 10 14:15:37 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f852a6e by Salvatore Bonaccorso at 2019-08-10T13:15:21Z
Update todo note for CVE-2018-20871

- - - - -
c6055dbd by Salvatore Bonaccorso at 2019-08-10T13:15:22Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2019-14808
 	RESERVED
 CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...)
-	TODO: check
+	NOT-FOR-US: MobileFrontend extension for MediaWiki
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
 	- python-werkzeug <unfixed> (low)
 	[buster] - python-werkzeug <no-dsa> (Minor issue)
@@ -1458,7 +1458,7 @@ CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2389
 	NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
 CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...)
-	TODO: check
+	TODO: check, might affect src:gridengine as well
 CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ...)
 	- freetype 2.6.1-0.1
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
@@ -6538,7 +6538,7 @@ CVE-2019-12807
 CVE-2019-12806
 	RESERVED
 CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have ...)
-	TODO: check
+	NOT-FOR-US: NCSOFT Game Launcher
 CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...)
 	NOT-FOR-US: Hunesion i-oneNet
 CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...)
@@ -7945,19 +7945,19 @@ CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TC
 CVE-2019-12262
 	RESERVED
 CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP compon ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3  ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12258 (Wind River VxWorks 6.5 through 6.9 and vx7 has Session Fixation in the ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP clien ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12255 (Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in the TCP  ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12254
 	RESERVED
 CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...)
@@ -9668,9 +9668,9 @@ CVE-2018-20829
 CVE-2018-20828
 	RESERVED
 CVE-2018-20827 (The activity stream gadget in Jira before version 7.13.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2018-20826 (The inline-create rest resource in Jira before version 7.12.3 allows a ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2018-20825
 	RESERVED
 CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 allows rem ...)
@@ -9736,7 +9736,7 @@ CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 allow
 CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...)
 	NOT-FOR-US: Atlassian Sourcetree
 CVE-2019-11581 (There was a server-side template injection vulnerability in Jira Serve ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall development p ...)
 	NOT-FOR-US: Atlassian Crowd and Crowd Data Center
 CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
@@ -10547,7 +10547,7 @@ CVE-2019-11276
 CVE-2019-11275
 	RESERVED
 CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry UAA
 CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...)
 	NOT-FOR-US: Pivotal Container Services
 CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
@@ -26478,9 +26478,9 @@ CVE-2019-5400 (A remote session reuse vulnerability was discovered in HPE 3PAR S
 CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in HPE 3P ...)
 	NOT-FOR-US: HPE
 CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was discovered in  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-5397 (A remote bypass of security restrictions vulnerability was discovered  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in HPE 3PA ...)
 	NOT-FOR-US: HPE
 CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in HPE 3PA ...)
@@ -30153,11 +30153,11 @@ CVE-2019-3746
 CVE-2019-3745
 	RESERVED
 CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...)
-	TODO: check
+	NOT-FOR-US: Dell/Alienware Digital Delivery
 CVE-2019-3743
 	RESERVED
 CVE-2019-3742 (Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a p ...)
-	TODO: check
+	NOT-FOR-US: Dell/Alienware Digital Delivery
 CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a  ...)
 	NOT-FOR-US: EMC
 CVE-2019-3740



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9954bc6ec9b4a8f83838913691ff3d84f3fd6beb...c6055dbd32e11fc029accc3e6b38f4dabec176bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9954bc6ec9b4a8f83838913691ff3d84f3fd6beb...c6055dbd32e11fc029accc3e6b38f4dabec176bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190810/55773e9d/attachment.html>

More information about the debian-security-tracker-commits mailing list