[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Feb 17 12:46:52 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c39faa58 by Salvatore Bonaccorso at 2019-02-17T12:45:15Z
Process some NFUs

- - - - -
18bce7a8 by Salvatore Bonaccorso at 2019-02-17T12:46:07Z
Associate source package name for CVE-2019-839{6,7,8} to hdf5

Keep the undertermined status as no further research if they were
reported upstream was done (so far).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,19 +5,25 @@ CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the ..
 CVE-2019-8399
 	RESERVED
 CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an out ...)
+	- hdf5 <undetermined>
+	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
 	TODO: check
 CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an out ...)
+	- hdf5 <undetermined>
+	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5
 	TODO: check
 CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
+	- hdf5 <undetermined>
+	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
 	TODO: check
 CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2019-8393
 	RESERVED
 CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with firmware ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-8391
 	RESERVED
 CVE-2019-8390
@@ -37,15 +43,15 @@ CVE-2019-8384
 CVE-2019-8383 (An issue was discovered in AdvanceCOMP before 2.1. An invalid memory ...)
 	TODO: check
 CVE-2019-8382 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory access ...)
 	TODO: check
 CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereference ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-8379 (An issue was discovered in AdvanceCOMP before 2.1. A NULL pointer ...)
 	TODO: check
 CVE-2019-8378 (An issue was discovered in Bento4 1.5.1-628. A heap-based buffer ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-8377 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...)
 	TODO: check
 CVE-2019-8376 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...)
@@ -77,9 +83,9 @@ CVE-2019-8364
 CVE-2019-8363 (Verydows 2.0 has XSS via the index.php?c=main a parameter, as ...)
 	TODO: check
 CVE-2019-8362 (DedeCMS through V5.7SP2 allows arbitrary file upload in ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Search ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
 CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the ...)
 	TODO: check
 CVE-2019-8359
@@ -111,7 +117,7 @@ CVE-2019-8349
 CVE-2019-8348
 	RESERVED
 CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via ...)
-	TODO: check
+	NOT-FOR-US: BEESCMS
 CVE-2019-8346
 	RESERVED
 CVE-2019-8345 (The Help feature in the ES File Explorer File Manager application ...)
@@ -2215,7 +2221,7 @@ CVE-2014-1000000
 CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
 	NOT-FOR-US: Rukovoditel
 CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against ...)
-	TODO: check
+	NOT-FOR-US: Amazon Fire OS
 CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
 	- imagemagick <unfixed> (unimportant)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/034d65d244801cb369d34eb991fff3748430a491...18bce7a83f1ac826ed4972a0e17041e83814fd28

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/034d65d244801cb369d34eb991fff3748430a491...18bce7a83f1ac826ed4972a0e17041e83814fd28
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190217/cf2f09ad/attachment.html>

More information about the debian-security-tracker-commits mailing list