[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Dec 21 08:48:22 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26944dac by Salvatore Bonaccorso at 2019-12-21T08:47:58Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13
 CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP) pkp-lib befo ...)
 	NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
 CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript inje ...)
-	TODO: check
+	NOT-FOR-US: phpMyChat
 CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core  ...)
 	- kopanocore <unfixed>
 	NOTE: https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
@@ -964,7 +964,7 @@ CVE-2019-19791
 CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a rem ...)
 	NOT-FOR-US: Telerik UI for ASP.NET AJAX
 CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Tool ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed  ...)
 	NOT-FOR-US: Opera for Android
 CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the get_signed_express ...)
@@ -2067,7 +2067,7 @@ CVE-2019-19749
 CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS. ...)
 	NOT-FOR-US: Work Time Calendar app for Jira
 CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via Active Direc ...)
-	TODO: check
+	NOT-FOR-US: NeuVector
 CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...)
 	- fig2dev <unfixed> (unimportant; bug #946628)
 	- transfig <removed> (unimportant)
@@ -6236,7 +6236,7 @@ CVE-2019-19233
 CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer  ...)
 	TODO: check
 CVE-2019-19231 (An insecure file access vulnerability exists in CA Client Automation 1 ...)
-	TODO: check
+	NOT-FOR-US: CA Client Automation
 CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release Automatio ...)
 	NOT-FOR-US: CA Release Automation (Nolio)
 CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.1 ...)
@@ -6439,7 +6439,7 @@ CVE-2019-19143
 CVE-2019-19142
 	RESERVED
 CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server
 CVE-2019-19140
 	RESERVED
 CVE-2019-19139
@@ -10964,7 +10964,7 @@ CVE-2019-18265
 CVE-2019-18264
 	RESERVED
 CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual ...)
-	TODO: check
+	NOT-FOR-US: Philips
 CVE-2019-18262
 	RESERVED
 CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all version ...)
@@ -12146,7 +12146,7 @@ CVE-2019-18183
 CVE-2019-18182
 	RESERVED
 CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...)
-	TODO: check
+	NOT-FOR-US: CloudVision Portal
 CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
 	- otrs2 <unfixed> (bug #945251)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -13696,7 +13696,7 @@ CVE-2019-17529 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based
 CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the func ...)
 	NOT-FOR-US: Bento4
 CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS JOBS FREE  ...)
-	TODO: check
+	NOT-FOR-US: JS JOBS FREE extension for Joomla!
 CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Server th ...)
 	NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in Debian)
 CVE-2019-17525
@@ -13940,7 +13940,7 @@ CVE-2019-17442
 CVE-2019-17441
 	RESERVED
 CVE-2019-17440 (Improper restriction of communications to Log Forwarding Card (LFC) on ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2019-17439
 	RESERVED
 CVE-2019-17438
@@ -15369,7 +15369,7 @@ CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
 CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
 	NOT-FOR-US: Portainer
 CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twinca ...)
-	TODO: check
+	NOT-FOR-US: Beckhoff
 CVE-2019-16870
 	RESERVED
 CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
@@ -18068,17 +18068,17 @@ CVE-2019-15916 (An issue was discovered in the Linux kernel before 5.0.1. There
 	[jessie] - linux 3.16.70-1
 	NOTE: https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab
 CVE-2019-15915 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCG ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi devices
 CVE-2019-15914 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi devices
 CVE-2019-15913 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi devices
 CVE-2019-15912 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101,  ...)
-	TODO: check
+	NOT-FOR-US: ASUS devices
 CVE-2019-15911 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101,  ...)
-	TODO: check
+	NOT-FOR-US: ASUS devices
 CVE-2019-15910 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101,  ...)
-	TODO: check
+	NOT-FOR-US: ASUS devices
 CVE-2019-15909
 	RESERVED
 CVE-2019-15908



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26944dac4d1a3f995b86e33e77aa3f684baebc2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26944dac4d1a3f995b86e33e77aa3f684baebc2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191221/0652242a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list