[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Aug 17 09:22:32 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f9edb12 by Salvatore Bonaccorso at 2019-08-17T08:21:57Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
 CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS  ...)
-	TODO: check
+	NOT-FOR-US: easy-digital-downloads plugin for WordPress
 CVE-2019-15115 (The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: peters-login-redirect plugin for WordPress
 CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: formcraft-form-builder plugin for WordPress
 CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for WordPress has  ...)
-	TODO: check
+	NOT-FOR-US: companion-sitemap-generator plugin for WordPress
 CVE-2019-15112
 	RESERVED
 CVE-2019-15111
@@ -79,13 +79,13 @@ CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops,
 CVE-2019-15083
 	RESERVED
 CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: js-jobs plugin for WordPress
 CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress has local  ...)
-	TODO: check
+	NOT-FOR-US: companion-auto-update plugin for WordPress
 CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: companion-auto-update plugin for WordPress
 CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF affecting ...)
-	TODO: check
+	NOT-FOR-US: church-admin plugin for WordPress
 CVE-2018-20970
 	RESERVED
 CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
@@ -95,19 +95,19 @@ CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block
 CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL injection. ...)
 	NOT-FOR-US: note-press plugin for WordPress
 CVE-2017-18547 (The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in exp ...)
-	TODO: check
+	NOT-FOR-US: nelio-ab-testing plugin for WordPress
 CVE-2017-18546 (The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: jayj-quicktag plugin for WordPress
 CVE-2017-18545 (The invite-anyone plugin before 1.3.16 for WordPress has incorrect esc ...)
-	TODO: check
+	NOT-FOR-US: invite-anyone plugin for WordPress
 CVE-2017-18544 (The invite-anyone plugin before 1.3.16 for WordPress has admin-panel C ...)
-	TODO: check
+	NOT-FOR-US: invite-anyone plugin for WordPress
 CVE-2017-18543 (The invite-anyone plugin before 1.3.16 for WordPress has incorrect acc ...)
-	TODO: check
+	NOT-FOR-US: invite-anyone plugin for WordPress
 CVE-2017-18542 (The zendesk-help-center plugin before 1.0.5 for WordPress has multiple ...)
-	TODO: check
+	NOT-FOR-US: zendesk-help-center plugin for WordPress
 CVE-2017-18541 (The xo-security plugin before 1.5.3 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: xo-security plugin for WordPress
 CVE-2017-18540
 	RESERVED
 CVE-2017-18539
@@ -163,17 +163,17 @@ CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPre
 CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
 	NOT-FOR-US: visitors-online plugin for WordPress
 CVE-2015-9324 (The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL i ...)
-	TODO: check
+	NOT-FOR-US: easy-digital-downloads plugin for WordPress
 CVE-2015-9323 (The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: 404-to-301 plugin for WordPress
 CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for WordPress ...)
-	TODO: check
+	NOT-FOR-US: erident-custom-login-and-dashboard plugin for WordPress
 CVE-2015-9321
 	RESERVED
 CVE-2015-9320
 	RESERVED
 CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: i-recommend-this plugin for WordPress
 CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f9edb125e09c9cea573d0597c633a1adf938e52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f9edb125e09c9cea573d0597c633a1adf938e52
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190817/4abb06ff/attachment.html>

More information about the debian-security-tracker-commits mailing list