[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Dec 18 07:43:14 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb3f8a3c by Salvatore Bonaccorso at 2019-12-18T07:42:46Z
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -457,11 +457,11 @@ CVE-2019-19852
 CVE-2019-19851
 	RESERVED
 CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2019-19848 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
-	TODO: check
+	NOT-FOR-US: TYPO3
 CVE-2019-19847 (Libspiro through 20190731 has a stack-based buffer overflow in the spi ...)
 	- libspiro <unfixed>
 	NOTE: https://github.com/fontforge/libspiro/issues/21
@@ -3217,7 +3217,7 @@ CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based
 	[jessie] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/103
 CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x throu ...)
-	TODO: check
+	NOT-FOR-US: K2 extension for Joomla!
 CVE-2019-19633
 	RESERVED
 CVE-2019-19632
@@ -15778,7 +15778,7 @@ CVE-2019-16557 (Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier s
 CVE-2019-16556 (Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypte ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-16555 (A user-supplied regular expression in Jenkins Build Failure Analyzer P ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Build Failure Analyzer Plugin
 CVE-2019-16554 (A missing permission check in Jenkins Build Failure Analyzer Plugin 1. ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-16553 (A cross-site request forgery vulnerability in Jenkins Build Failure An ...)
@@ -21805,7 +21805,7 @@ CVE-2019-14601
 CVE-2019-14600
 	RESERVED
 CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14598
 	RESERVED
 CVE-2019-14597
@@ -27100,9 +27100,9 @@ CVE-2019-13184
 CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as  ...)
 	NOT-FOR-US: Flarum
 CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in the web UI ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of SolarWinds Serv- ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-13180
 	RESERVED
 CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...)
@@ -64865,7 +64865,7 @@ CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthent
 	NOTE: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
 	NOTE: https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
 CVE-2019-0159 (Insufficient memory protection in the Linux Administrative Tools for I ...)
-	TODO: check
+	NOT-FOR-US: Linux Administrative Tools for Intel Network Adapters
 CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...)
 	NOT-FOR-US: Intel
 CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...)
@@ -64923,7 +64923,7 @@ CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi
 CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...)
 	NOT-FOR-US: Intel
 CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and Thermal Fram ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0133
 	RESERVED
 CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb3f8a3c020d83541de60f3bd1c32cedefc35a55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb3f8a3c020d83541de60f3bd1c32cedefc35a55
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191218/284264a9/attachment.html>

More information about the debian-security-tracker-commits mailing list