[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Feb 18 21:31:28 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a3b6e99 by Moritz Muehlenhoff at 2019-02-18T21:30:29Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-8917 (SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds Orion NPM
 CVE-2019-8916
 	RESERVED
 CVE-2019-8915
@@ -34,7 +34,7 @@ CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-b
 	NOTE: https://bugs.astron.com/view.php?id=62
 	NOTE: https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55
 CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. ...)
-	TODO: check
+	NOT-FOR-US: Total.js Platform
 CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-8901
@@ -1113,7 +1113,7 @@ CVE-2019-8374
 CVE-2019-8373
 	RESERVED
 CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes ...)
-	TODO: check
+	NOT-FOR-US: LG
 CVE-2019-8371
 	RESERVED
 CVE-2019-8370
@@ -2685,9 +2685,10 @@ CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
 	[stretch] - libsdl2 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498
 CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for ...)
+	NOT-FOR-US: BoKS
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
 	NOTE: https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
-	TODO: check, if it affects src:tcpcrypt, as it is about tcpcrypt as used in BoKS
+	NOTE: No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid
 CVE-2019-7634
 	RESERVED
 CVE-2019-7633
@@ -5598,7 +5599,7 @@ CVE-2019-6454 [systemd (PID1) crash with specially crafted D-Bus message]
 	- systemd 240-6
 	NOTE: https://www.openwall.com/lists/oss-security/2019/02/18/3
 CVE-2019-6453 (mIRC before 7.55 allows remote command execution by using argument ...)
-	TODO: check
+	NOT-FOR-US: mIRC
 CVE-2019-6452
 	RESERVED
 CVE-2019-6451
@@ -22989,7 +22990,7 @@ CVE-2019-0129
 CVE-2019-0128
 	RESERVED
 CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0126
 	RESERVED
 CVE-2019-0125
@@ -23019,29 +23020,29 @@ CVE-2019-0114
 CVE-2019-0113
 	RESERVED
 CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data Center ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0110 (Insufficient key management for Intel(R) Data Center Manager SDK ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0109 (Improper folder permissions in Intel(R) Data Center Manager SDK before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0108 (Improper file permissions for Intel(R) Data Center Manager SDK before ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0107 (Insufficient user prompt in install routine for Intel(R) Data Center ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0106 (Insufficient run protection in install routine for Intel(R) Data ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0105 (Insufficient file permissions checking in install routine for Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0104 (Insufficient file protection in uninstall routine for Intel(R) Data ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0103 (Insufficient file protection in install routine for Intel(R) Data ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0102 (Insufficient session authentication in web server for Intel(R) Data ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0101 (Authentication bypass in the Intel Unite(R) solution versions 3.2 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-0100
 	RESERVED
 CVE-2019-0099
@@ -41554,7 +41555,7 @@ CVE-2018-12161 (Insufficient session validation in the webserver component of th
 CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data ...)
 	NOT-FOR-US: Intel
 CVE-2018-12159 (Buffer overflow in the command-line interface for Intel(R) PROSet ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-12158 (Insufficient input validation in BIOS update utility in Intel NUC FW ...)
 	NOT-FOR-US: Intel
 CVE-2018-12157
@@ -65423,7 +65424,7 @@ CVE-2018-3702
 CVE-2018-3701
 	RESERVED
 CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for Windows may ...)
 	NOT-FOR-US: Intel RAID Web Console
 CVE-2018-3698 (Improper file permissions in the installer for the Intel Ready Mode ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a3b6e9964774b3fc82c8ecc107c5d77a404bd33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a3b6e9964774b3fc82c8ecc107c5d77a404bd33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190218/ad2538c0/attachment.html>

More information about the debian-security-tracker-commits mailing list