[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73292fb8 by Moritz Muehlenhoff at 2019-02-20T22:52:56Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2019-8955
 	RESERVED
 CVE-2019-8954 (In Indexhibit 2.1.5, remote attackers can execute arbitrary code via ...)
-	TODO: check
+	NOT-FOR-US: Indexhibit 
 CVE-2019-8953 (The HAProxy package before 0.59_16 for pfSense has XSS via the desc ...)
-	TODO: check
+	NOT-FOR-US: HAProxy package for pfSense
 CVE-2019-8952
 	RESERVED
 CVE-2019-8951
@@ -19,11 +19,11 @@ CVE-2019-1003025
 CVE-2019-1003024
 	RESERVED
 CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices ...)
-	TODO: check
+	NOT-FOR-US: DASAN
 CVE-2019-8949
 	RESERVED
 CVE-2019-8948 (PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script ...)
-	TODO: check
+	NOT-FOR-US: PaperCut MF
 CVE-2019-8947
 	RESERVED
 CVE-2019-8946
@@ -31,7 +31,7 @@ CVE-2019-8946
 CVE-2019-8945
 	RESERVED
 CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in ...)
-	TODO: check
+	NOT-FOR-US: Terraform
 CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An ...)
 	- wordpress <unfixed>
 	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
@@ -44,7 +44,7 @@ CVE-2019-8941
 CVE-2019-8940
 	RESERVED
 CVE-2019-8939 (data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2019-8938
 	RESERVED
 CVE-2019-8937
@@ -13808,9 +13808,9 @@ CVE-2018-20243
 CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache ...)
 	- jspwiki <removed>
 CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20239
 	RESERVED
 CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and ...)
@@ -23618,7 +23618,7 @@ CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called fro
 	NOTE: https://github.com/Exiv2/exiv2/issues/427
 	NOTE: https://github.com/Exiv2/exiv2/pull/518
 CVE-2018-19106 (Avi Vantage before 17.2.13 uses an invalid URL encoding during a ...)
-	TODO: check
+	NOT-FOR-US: Avi Vantage
 CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of service ...)
 	- librecad <undetermined>
 	NOTE: https://code610.blogspot.com/2018/11/crashing-librecad-213.html
@@ -47975,7 +47975,7 @@ CVE-2018-9869
 CVE-2018-9868
 	RESERVED
 CVE-2018-9867 (In SonicWall SonicOS, administrators without full permissions can ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2018-9866 (A vulnerability in lack of validation of user-supplied parameters pass ...)
 	NOT-FOR-US: SonicWall
 CVE-2018-9865



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73292fb83963fbe83a3fff9a0123a82d1ecc1b12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/73292fb83963fbe83a3fff9a0123a82d1ecc1b12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190220/d7458d58/attachment.html>