[Git][security-tracker-team/security-tracker][master] NFUs

Tue Jul 9 08:43:43 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8567e9b3 by Moritz Muehlenhoff at 2019-07-09T07:43:22Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,9 +59,9 @@ CVE-2019-13416
 CVE-2019-13415
 	RESERVED
 CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-13412
 	RESERVED
 CVE-2019-13411
@@ -183,7 +183,7 @@ CVE-2019-13356
 CVE-2019-13355
 	RESERVED
 CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...)
-	TODO: check
+	NOT-FOR-US: strong_password gem
 CVE-2019-13353
 	RESERVED
 CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic  ...)
@@ -3234,13 +3234,13 @@ CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and "ViveportD
 CVE-2019-12175
 	RESERVED
 CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege escalation vuln ...)
-	TODO: check
+	NOT-FOR-US: hide.me
 CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, w ...)
 	NOT-FOR-US: MacDown
 CVE-2019-12172 (Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modifie ...)
 	NOT-FOR-US: Typora
 CVE-2019-12171 (Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Drop ...)
-	TODO: check
+	NOT-FOR-US: Dropbox desktop application
 CVE-2019-12170 (ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the m ...)
 	NOT-FOR-US: ATutor
 CVE-2019-12169 (ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, res ...)
@@ -6264,7 +6264,7 @@ CVE-2019-10975 (An out-of-bounds read vulnerability has been identified in Fuji
 CVE-2019-10974
 	RESERVED
 CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, all ...)
-	TODO: check
+	NOT-FOR-US: Quest KACE
 CVE-2019-10972
 	RESERVED
 CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41 and pr ...)
@@ -10568,9 +10568,9 @@ CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoResc
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
 CVE-2019-9630 (Sonatype Nexus Repository Manager before 3.17.0 has a weak default of  ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2019-9629 (Sonatype Nexus Repository Manager before 3.17.0 establishes a default  ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2019-9628 (The XMLTooling library all versions prior to V3.0.4, provided with the ...)
 	{DSA-4407-1 DLA-1710-1}
 	- xmltooling 3.0.4-1 (bug #924346)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8567e9b31a57a68818ae4e177581caa41964ee49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8567e9b31a57a68818ae4e177581caa41964ee49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190709/fab6431b/attachment.html>
