[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Dec 17 20:42:27 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88e1ad51 by Salvatore Bonaccorso at 2019-12-17T20:42:05Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1707,7 +1707,7 @@ CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentati
 	NOTE: https://sourceforge.net/p/mcj/tickets/57/
 	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/
 CVE-2019-19745 (Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end u ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2019-19744
 	RESERVED
 CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...)
@@ -2983,11 +2983,11 @@ CVE-2019-19716
 CVE-2019-19715
 	RESERVED
 CVE-2019-19714 (Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2019-19713
 	RESERVED
 CVE-2019-19712 (Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can  ...)
-	TODO: check
+	NOT-FOR-US: Contao
 CVE-2019-19711
 	RESERVED
 CVE-2019-19710
@@ -3112,7 +3112,7 @@ CVE-2019-19677
 CVE-2019-19676
 	RESERVED
 CVE-2019-19675 (In Ivanti Workspace Control before 10.3.180.0. a locally authenticated ...)
-	TODO: check
+	NOT-FOR-US: Ivanti Workspace Control
 CVE-2019-19674
 	RESERVED
 CVE-2019-19673
@@ -4784,7 +4784,7 @@ CVE-2019-19499
 CVE-2019-19498
 	RESERVED
 CVE-2019-19497 (MDaemon Email Server 17.5.1 allows XSS via the filename of an attachme ...)
-	TODO: check
+	NOT-FOR-US: MDaemon Email Server
 CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...)
 	NOT-FOR-US: Alfresco
 CVE-2019-19495
@@ -5589,7 +5589,7 @@ CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the col
 CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...)
 	NOT-FOR-US: Terraform
 CVE-2019-19315 (NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitr ...)
-	TODO: check
+	NOT-FOR-US: Nalpeiron Licensing Service
 CVE-2019-19314 [Tokens stored in plaintext]
 	RESERVED
 	- gitlab <not-affected> (Only affects Gitlab EE)
@@ -5752,7 +5752,7 @@ CVE-2019-19266
 CVE-2019-19265
 	RESERVED
 CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
-	TODO: check
+	NOT-FOR-US: Simplifile RecordFusion
 CVE-2019-19263 [Tags pushes from blocked users]
 	RESERVED
 	- gitlab <not-affected> (Only affects Gitlab EE)
@@ -6868,15 +6868,15 @@ CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on som
 CVE-2019-18834
 	RESERVED
 CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrec ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18829 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing  ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware versio ...)
@@ -6884,9 +6884,9 @@ CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware
 CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper ...)
 	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 device ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare Huddle devices
 CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing  ...)
-	TODO: check
+	NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
 CVE-2019-18823
 	RESERVED
 CVE-2019-18822
@@ -9448,7 +9448,7 @@ CVE-2019-18672 (Insufficient checks in the finite state machine of the ShapeShif
 CVE-2019-18671 (Insufficient checks in the USB packet handling of the ShapeShift KeepK ...)
 	NOT-FOR-US: ShapeShift
 CVE-2019-18670 (In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2 ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2019-18669
 	RESERVED
 CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.11.2 f ...)
@@ -19568,7 +19568,7 @@ CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain
 CVE-2019-15236
 	RESERVED
 CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an att ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-15234
 	RESERVED
 CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
@@ -21318,7 +21318,7 @@ CVE-2019-14784 (The "CP Contact Form with PayPal" plugin before 1.2.98 for WordP
 CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
 	NOT-FOR-US: Samsung
 CVE-2019-14782 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8 ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-14781
 	RESERVED
 CVE-2019-14780
@@ -49473,7 +49473,7 @@ CVE-2019-5261
 CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5259 (There is an information leakage vulnerability on some Huawei products( ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...)
@@ -99696,7 +99696,7 @@ CVE-2017-18109 (The login resource of CrowdId in Atlassian Crowd before version
 CVE-2017-18108 (The administration SMTP configuration resource in Atlassian Crowd befo ...)
 	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18107 (Various resources in the Crowd Demo application of Atlassian Crowd bef ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2017-18106 (The identifier_hash for a session token in Atlassian Crowd before vers ...)
 	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18105 (The console login resource in Atlassian Crowd before version 3.0.2 and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e1ad51ee5ea4e018e3238424157b9b6cf3671a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88e1ad51ee5ea4e018e3238424157b9b6cf3671a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191217/e1804813/attachment.html>

More information about the debian-security-tracker-commits mailing list