[Git][security-tracker-team/security-tracker][master] new tcc issues

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b98f04cb by Moritz Muehlenhoff at 2019-01-08T18:28:24Z
new tcc issues
new dolibarr issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5446,11 +5446,17 @@ CVE-2018-20378
 CVE-2018-20377 (Orange Livebox 00.96.320S devices allow remote attackers to discover ...)
 	NOT-FOR-US: Orange Livebox
 CVE-2018-20376 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
-	TODO: check
+	- tcc <unfixed> (unimportant)
+	NOTE: Negligable security impact
+	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html
 CVE-2018-20375 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
-	TODO: check
+	- tcc <unfixed> (unimportant)
+	NOTE: Negligable security impact
+	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00014.html
 CVE-2018-20374 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
-	TODO: check
+	- tcc <unfixed> (unimportant)
+	NOTE: Negligable security impact
+	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00015.html
 CVE-2018-20373 (Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP ...)
 	NOT-FOR-US: Tenda ADSL modem routers
 CVE-2018-20372 (TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. ...)
@@ -5792,7 +5798,7 @@ CVE-2018-1000825 (FreeCol version <= nightly-2018-08-22 contains a XML Extern
 CVE-2018-1000824 (MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in ...)
 	NOT-FOR-US: MegaMek
 CVE-2018-1000823 (exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) ...)
-	TODO: check
+	NOT-FOR-US: eXist DB
 CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML External ...)
 	NOT-FOR-US: codelibs fess
 CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a XML External ...)
@@ -9489,7 +9495,7 @@ CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as ..
 CVE-2018-19999
 	RESERVED
 CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2018-19997
 	RESERVED
 CVE-2018-19996
@@ -10722,9 +10728,9 @@ CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allo
 CVE-2018-19863 (An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on ...)
 	NOT-FOR-US: 1Password
 CVE-2018-19862 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: MiniShare
 CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: MiniShare
 CVE-2018-19860
 	RESERVED
 CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b98f04cb78444f044d14ec4d31f91648f553dae0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b98f04cb78444f044d14ec4d31f91648f553dae0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190108/b583aa6d/attachment.html>