[Git][security-tracker-team/security-tracker][master] NFUs

Tue Aug 20 15:23:02 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51c0120f by Moritz Muehlenhoff at 2019-08-20T14:22:38Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,19 +18,19 @@ CVE-2019-15233
 CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
 	TODO: check
 CVE-2019-15231 (Webmin 1.890, in a default installation, contains a backdoor that allo ...)
-	TODO: check
+	NOT-FOR-US: Webmin
 CVE-2019-15230
 	RESERVED
 CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of ...)
-	TODO: check
+	NOT-FOR-US: FUEL CMS
 CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin conso ...)
-	TODO: check
+	NOT-FOR-US: FUEL CMS
 CVE-2019-15227 (FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and User ...)
-	TODO: check
+	NOT-FOR-US: FlightPath
 CVE-2019-15226
 	RESERVED
 CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match incoming ...)
-	TODO: check
+	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-15224 (The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, i ...)
 	TODO: check
 CVE-2019-15223 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
@@ -266,7 +266,7 @@ CVE-2019-15151 (AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
 	- adplug <unfixed>
 	NOTE: https://github.com/adplug/adplug/issues/91
 CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulner ...)
-	TODO: check
+	NOT-FOR-US: OAuth2 Client MediaWiki extension
 CVE-2019-15149 (** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops t ...)
 	TODO: check
 CVE-2018-20976 (An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel befo ...)
@@ -15643,9 +15643,9 @@ CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict
 CVE-2019-9902
 	RESERVED
 CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote att ...)
-	NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
+	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-9900 (When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not r ...)
-	NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
+	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-9899
 	RESERVED
 CVE-2019-9898 (Potential recycling of random numbers used in cryptography exists with ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51c0120f8389cda3564e90b34f84f64981cafcb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/51c0120f8389cda3564e90b34f84f64981cafcb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190820/7f01f85d/attachment.html>
