[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Dec 18 20:53:40 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d804cb80 by Salvatore Bonaccorso at 2019-12-18T20:53:12Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -189,13 +189,13 @@ CVE-2020-3826
 CVE-2020-3825
 	RESERVED
 CVE-2019-19890 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...)
-	TODO: check
+	NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
 CVE-2019-19889 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...)
-	TODO: check
+	NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices
 CVE-2019-19888 (jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zer ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2019-19887 (bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointe ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2019-19886
 	RESERVED
 CVE-2019-19885
@@ -745,13 +745,13 @@ CVE-2019-XXXX [several vulnerabilities fixed in WordPress 5.3.1]
 	NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
 	TODO: asked maintainer to request CVEs with more insight
 CVE-2019-19833 (In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shu ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2019-19832 (Xerox AltaLink C8035 printers allow CSRF. A request to add users is ma ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2019-19831
 	RESERVED
 CVE-2019-19829 (A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-19828
 	RESERVED
 CVE-2019-19827
@@ -1964,7 +1964,7 @@ CVE-2019-19744
 CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...)
 	NOT-FOR-US: D-Link
 CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-19741
 	RESERVED
 CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Ca ...)
@@ -6112,7 +6112,7 @@ CVE-2019-19237
 CVE-2019-19236
 	RESERVED
 CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2019-19234
 	RESERVED
 CVE-2019-19233
@@ -30611,7 +30611,7 @@ CVE-2019-11994
 CVE-2019-11993
 	RESERVED
 CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 could b ...)
-	TODO: check
+	NOT-FOR-US: HPE OneView for VMware vCenter
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP)  ...)
 	NOT-FOR-US: HPE 3PAR Service Processor
 CVE-2019-11990 (Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1,  ...)
@@ -32423,9 +32423,9 @@ CVE-2019-11402 (In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not
 CVE-2019-11401 (A issue was discovered in SiteServer CMS 6.9.0. It allows remote attac ...)
 	NOT-FOR-US: SiteServer CMS
 CVE-2019-11400 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2019-11399 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b ...)
-	TODO: check
+	NOT-FOR-US: TRENDnet
 CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 a ...)
 	NOT-FOR-US: UliCMS
 CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...)
@@ -34639,7 +34639,7 @@ CVE-2019-10602
 CVE-2019-10601 (Out of bound access can occur while processing firmware event due to l ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes out of i ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10599
 	RESERVED
 CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
@@ -34671,7 +34671,7 @@ CVE-2019-10586
 CVE-2019-10585
 	RESERVED
 CVE-2019-10584 (Possibility of out of bound access in debug queue, if packet size fiel ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10583
 	RESERVED
 CVE-2019-10582
@@ -34695,7 +34695,7 @@ CVE-2019-10574
 CVE-2019-10573
 	RESERVED
 CVE-2019-10572 (Improper check in video driver while processing data from video firmwa ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to missing check ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10570
@@ -34711,7 +34711,7 @@ CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or e
 CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while accessing memo ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10562
@@ -34751,7 +34751,7 @@ CVE-2019-10546
 CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check related  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10544 (Improper length check on source buffer to handle userspace data receiv ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10543
 	RESERVED
 CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted firmware file  ...)
@@ -34789,7 +34789,7 @@ CVE-2019-10527
 CVE-2019-10526
 	RESERVED
 CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10523
@@ -34803,17 +34803,17 @@ CVE-2019-10520 (An unprivileged application can allocate GPU memory by calling m
 CVE-2019-10519
 	RESERVED
 CVE-2019-10518 (Use after free of a pointer in iWLAN scenario during netmgr state tran ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10517 (Memory is being freed up twice when two concurrent threads are executi ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10516 (Multiple read overflows in MM while decoding service accept,service re ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10515 (DCI client which might be preemptively freed up might be accessed for  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10514
 	RESERVED
 CVE-2019-10513 (Possibility of Null pointer access if the SPDM commands are executed i ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10512 (Payload size is not checked before using it as array index in audio in ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10511 (Possibility of memory overflow while decoding GSNDCP compressed mode P ...)
@@ -34839,7 +34839,7 @@ CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is
 CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10500 (While processing MT Secondary PDP request, Buffer overflow will happen ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10499 (Improper validation of read and write index of tx and rx fifo`s before ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec reques ...)
@@ -34865,7 +34865,7 @@ CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi cl
 CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10487 (Buffer over read can happen while parsing SMS OTA messages at transpor ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10486 (Race condition due to the lack of resource lock which will be concurre ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-10485 (Infinite loop while decoding compressed data can lead to overrun condi ...)
@@ -34875,7 +34875,7 @@ CVE-2019-10484 (Use after free issue occurs when command destructors access dyna
 CVE-2019-10483
 	RESERVED
 CVE-2019-10482 (Due to the use of non-time-constant comparison functions there is issu ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10481 (Out of bound access occurs while handling the WMI FW event due to lack ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10480 (Out of bound write can happen in WMI firmware event handler due to lac ...)
@@ -40621,39 +40621,39 @@ CVE-2019-8808 (Multiple memory corruption issues were addressed with improved me
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
 	NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
 CVE-2019-8807 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8806 (A memory corruption issue was addressed with improved validation. This ...)
 	TODO: check
 CVE-2019-8805 (A validation issue existed in the entitlement verification. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8804 (An inconsistency in Wi-Fi network configuration settings was addressed ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8803 (An authentication issue was addressed with improved state management.  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8802 (A validation issue was addressed with improved logic. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was addr ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...)
 	TODO: check
 CVE-2019-8799
 	RESERVED
 CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8797 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8796
 	RESERVED
 CVE-2019-8795 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8794 (A validation issue was addressed with improved input sanitization. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8793 (A consistency issue existed in deciding when to show the screen record ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2019-8792 (An injection issue was addressed with improved validation. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Shazam Android App
 CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was address ...)
-	TODO: check
+	NOT-FOR-US: Shazam Android App
 CVE-2019-8790
 	RESERVED
 CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d804cb8051adffceedc30068c9f8c9e8af6ed713

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d804cb8051adffceedc30068c9f8c9e8af6ed713
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191218/1eac78e6/attachment.html>

More information about the debian-security-tracker-commits mailing list