[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f44cb213 by Moritz Muehlenhoff at 2019-02-27T17:47:31Z
NFUs
new podofo issue
two exiv issues n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,13 @@ CVE-2019-9203
 CVE-2019-9202
 	RESERVED
 CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ...)
-	TODO: check
+	NOT-FOR-US: Phoenix Contact ILC
 CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() located ...)
 	TODO: check
 CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in ...)
-	TODO: check
+	- libpodofo <unfixed> (low)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	NOTE: https://sourceforge.net/p/podofo/tickets/40/
 CVE-2019-9198
 	RESERVED
 CVE-2019-9197
@@ -33,7 +35,7 @@ CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in t
 CVE-2019-9193
 	RESERVED
 CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) ...)
-	TODO: check
+	NOT-FOR-US: ETSI protocol
 CVE-2019-9190
 	RESERVED
 CVE-2019-9189
@@ -159,15 +161,15 @@ CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to ob
 CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability ...)
 	NOT-FOR-US: Hsycms
 CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...)
-	- exiv2 <undetermined>
+	[experimental] - exiv2 <unfixed> (low)
+	- exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/issues/712
-	TODO: check
 CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...)
-	- exiv2 <undetermined>
+	[experimental] - exiv2 <unfixed> (low)
+	- exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/issues/711
-	TODO: check
 CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...)
-	NOT-FOR-US:  b3log Symphony (aka Sym)
+	NOT-FOR-US: b3log Symphony (aka Sym)
 CVE-2019-9141
 	RESERVED
 CVE-2019-9140
@@ -221,7 +223,7 @@ CVE-2019-9117
 CVE-2019-9116 (** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version ...)
 	NOT-FOR-US: Sublime Text Windows build
 CVE-2019-9115 (In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file ...)
-	TODO: check
+	NOT-FOR-US: IRISnet
 CVE-2019-9114 (Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/170
@@ -4116,7 +4118,7 @@ CVE-2019-7394
 CVE-2019-7393
 	RESERVED
 CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access ...)
-	TODO: check
+	NOT-FOR-US: CA Privileged Access Manager
 CVE-2019-7391
 	RESERVED
 CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...)
@@ -5096,7 +5098,7 @@ CVE-2019-7008
 CVE-2019-7007
 	RESERVED
 CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2019-7005
 	RESERVED
 CVE-2019-7004



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44cb213159a4bc88bac8271d3a4abaa19334845

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f44cb213159a4bc88bac8271d3a4abaa19334845
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190227/af1bdc39/attachment-0001.html>