[Git][security-tracker-team/security-tracker][master] new mediawiki issue

Moritz Muehlenhoff jmm at debian.org
Thu Dec 12 11:19:30 GMT 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
393a649c by Moritz Muehlenhoff at 2019-12-12T11:19:05Z
new mediawiki issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,7 +40,7 @@ CVE-2019-19731
 CVE-2019-19730
 	RESERVED
 CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
-	TODO: check
+	NOT-FOR-US: bsjon-objectid node module
 CVE-2019-19728
 	RESERVED
 CVE-2019-19727
@@ -1286,7 +1286,9 @@ CVE-2019-19711
 CVE-2019-19710
 	RESERVED
 CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklis ...)
-	TODO: check
+	- mediawiki <unfixed>
+	NOTE: https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
+	NOTE: https://phabricator.wikimedia.org/T239466
 CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows XSS via p ...)
 	NOT-FOR-US: VisualEditor MediaWiki extension
 CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware thr ...)
@@ -36818,7 +36820,7 @@ CVE-2019-9466
 CVE-2019-9465
 	RESERVED
 CVE-2019-9464 (In various functions of RecentLocationApps.java, DevicePolicyManagerSe ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...)
 	NOT-FOR-US: Android
 CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
@@ -48074,11 +48076,11 @@ CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flatt
 	NOTE: https://github.com/j-jorge/xcftools/issues/12
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
 CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)
-	TODO: check
+	NOT-FOR-US: LEADTOOLS
 CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
 	NOT-FOR-US: LEADTOOLS
 CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2019-5082
 	RESERVED
 CVE-2019-5081
@@ -48092,7 +48094,7 @@ CVE-2019-5078
 CVE-2019-5077
 	RESERVED
 CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2019-5075
 	RESERVED
 CVE-2019-5074
@@ -50365,19 +50367,19 @@ CVE-2019-3991
 CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the  ...)
 	NOT-FOR-US: Harbor
 CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2
 CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2
 CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2
 CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2
 CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2
 CVE-2019-3984
 	RESERVED
 CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
-	TODO: check
+	NOT-FOR-US: Blink XT2
 CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
 	NOT-FOR-US: Nessus
 CVE-2019-3981



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/393a649ccea17e2b610939f4e746a56df825e66d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/393a649ccea17e2b610939f4e746a56df825e66d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191212/57ec08f1/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list