[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jul 16 22:25:19 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6fc741ad by Salvatore Bonaccorso at 2019-07-16T21:24:53Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1017,11 +1017,11 @@ CVE-2019-13607
 CVE-2019-13606
 	RESERVED
 CVE-2019-13605 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.8 ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13604 (There is a short key vulnerability in HID Global DigitalPersona (forme ...)
 	NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader
 CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona (formerly Cro ...)
-	TODO: check
+	NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver
 CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...)
 	- vlc 3.0.7.1-2 (bug #932131)
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491
@@ -1501,7 +1501,7 @@ CVE-2019-13385
 CVE-2019-13384
 	RESERVED
 CVE-2019-13383 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13382
 	RESERVED
 CVE-2019-13381
@@ -1547,9 +1547,9 @@ CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable i
 CVE-2019-13361
 	RESERVED
 CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote at ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv- ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows  ...)
 	NOT-FOR-US: OpenCats
 CVE-2019-13357
@@ -2507,21 +2507,21 @@ CVE-2019-12994
 CVE-2019-12993
 	RESERVED
 CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12991 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12990 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12989 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12988 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12987 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before  ...)
-	TODO: check
+	NOT-FOR-US: Citrix and NetScaler SD-WAN
 CVE-2019-12984 (A NULL pointer dereference vulnerability in the function nfc_genl_deac ...)
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51
@@ -2927,7 +2927,7 @@ CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an atta
 CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...)
 	NOT-FOR-US: Leanify
 CVE-2019-12834 (In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious  ...)
-	TODO: check
+	NOT-FOR-US: HT2 Labs Learning Locker
 CVE-2019-12833
 	RESERVED
 CVE-2019-12832
@@ -11134,7 +11134,7 @@ CVE-2019-1010064
 CVE-2019-1010063
 	RESERVED
 CVE-2019-1010062 (PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload ...)
-	TODO: check
+	NOT-FOR-US: PluckCMS
 CVE-2019-1010061
 	REJECTED
 CVE-2019-1010060 (NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact ...)
@@ -11945,7 +11945,7 @@ CVE-2019-9702 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be suscept
 CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site ...)
 	NOT-FOR-US: DLP (Symantec)
 CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an ...)
-	TODO: check
+	NOT-FOR-US: Norton Password Manager
 CVE-2019-9699
 	RESERVED
 CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
@@ -20864,7 +20864,7 @@ CVE-2019-6162
 CVE-2019-6161
 	RESERVED
 CVE-2019-6160 (A vulnerability in various versions of Iomega and LenovoEMC NAS produc ...)
-	TODO: check
+	NOT-FOR-US: Iomega and LenovoEMC NAS products
 CVE-2019-6159
 	RESERVED
 CVE-2019-6158 (An internal product security audit of Lenovo XClarity Administrator (L ...)
@@ -33277,9 +33277,9 @@ CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks MineMeld
 CVE-2019-1577 (Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and ear ...)
 	NOT-FOR-US: Palo Alto Networks Traps
 CVE-2019-1576 (Command injection in PAN-0S 9.0.2 and earlier may allow an authenticat ...)
-	TODO: check
+	NOT-FOR-US: PAN-0S
 CVE-2019-1575 (Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and ...)
-	TODO: check
+	NOT-FOR-US: PAN-0S
 CVE-2019-1574 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedit ...)
 	NOT-FOR-US: Palo Alto Networks Expedition Migration tool
 CVE-2019-1573 (GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fc741ada39056d85e618b3bdae54200c303a1ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fc741ada39056d85e618b3bdae54200c303a1ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190716/73a0bcfb/attachment.html>

More information about the debian-security-tracker-commits mailing list