[Git][security-tracker-team/security-tracker][master] new excon issue

Tue Dec 17 13:45:35 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ff3a87d8 by Moritz Muehlenhoff at 2019-12-17T13:45:10Z
new excon issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14762,9 +14762,11 @@ CVE-2019-16781
 CVE-2019-16780
 	RESERVED
 CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...)
-	TODO: check
+	- ruby-excon <unfixed>
+	NOTE: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9
+	NOTE: https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29
 CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSu ...)
-	TODO: check
+	- tensorflow <itp> (bug #804612)
 CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...)
 	- npm <unfixed>
 	NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
@@ -19979,7 +19981,7 @@ CVE-2019-15013
 CVE-2019-15012
 	RESERVED
 CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...)
-	TODO: check
+	NOT-FOR-US: Application Links
 CVE-2019-15010
 	RESERVED
 CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and  ...)
@@ -21270,26 +21272,26 @@ CVE-2019-14614
 CVE-2019-14613
 	RESERVED
 CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may allow an a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may allow a  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html
 	TODO: check, this is likely the issue addressed with intel-microcode/3.20191115
 CVE-2019-14606
 	RESERVED
 CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS Platform Di ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for Intel(R) Quartu ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14603 (Improper permissions in the installer for the License Server software  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...)
 	NOT-FOR-US: Nuvoton* CIR Driver
 CVE-2019-14601
@@ -25652,7 +25654,7 @@ CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version
 CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
 	NOT-FOR-US: Philips
 CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
 	NOT-FOR-US: CODESYS
 CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff3a87d84d33d108251a1091b7a508f236aabf32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ff3a87d84d33d108251a1091b7a508f236aabf32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191217/dbc4c039/attachment.html>
