[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Jul 17 11:17:38 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8ba97cc by Moritz Muehlenhoff at 2019-07-17T10:17:13Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,10 @@
 CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or restore ...)
+	- ghidra <itp> (bug #923851)
 	TODO: check
 CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2019-13623 (In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.j ...)
-	TODO: check
+	- ghidra <itp> (bug #923851)
 CVE-2019-13622
 	RESERVED
 CVE-2019-13621
@@ -30,7 +31,7 @@ CVE-2019-13614
 CVE-2019-13613
 	RESERVED
 CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default for e-mai ...)
-	TODO: check
+	NOT-FOR-US: MDaemon Email Server
 CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...)
 	- python-engineio <unfixed>
 	NOTE: https://github.com/miguelgrinberg/python-engineio/issues/128
@@ -10683,23 +10684,23 @@ CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and late
 	NOTE: https://github.com/rust-lang/rust/issues/53566
 	NOTE: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d
 CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010297 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010296 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010295 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010294 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010293 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossi ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010292 (Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary  ...)
-	TODO: check
+	NOT-FOR-US: Linaro/OP-TEE OP-TEE
 CVE-2019-1010291
 	RESERVED
 CVE-2019-1010290 (Babel: Multilingual site Babel All is affected by: Open Redirection. T ...)
-	TODO: check
+	NOT-FOR-US: Babel: Multilingual
 CVE-2019-1010289
 	RESERVED
 CVE-2019-1010288
@@ -11199,7 +11200,7 @@ CVE-2019-1010046
 CVE-2019-1010045
 	RESERVED
 CVE-2019-1010044 (borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: P ...)
-	TODO: check
+	NOT-FOR-US: borg-reducer
 CVE-2019-1010043 (Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: P ...)
 	TODO: check
 CVE-2019-1010042
@@ -11212,7 +11213,7 @@ CVE-2019-1010040
 CVE-2019-1010039 (uLaunchELF < commit 170827a is affected by: Buffer Overflow. The im ...)
 	NOT-FOR-US: uLaunchELF
 CVE-2019-1010038 (OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is ...)
-	TODO: check
+	NOT-FOR-US: OpenModelica OMCompiler
 CVE-2019-1010037
 	RESERVED
 CVE-2019-1010036
@@ -26780,7 +26781,7 @@ CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based b
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/169
 CVE-2019-3571 (An input validation issue affected WhatsApp Desktop versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp Desktop
 CVE-2019-3570
 	RESERVED
 	- hhvm <removed>
@@ -34200,7 +34201,7 @@ CVE-2018-19631
 CVE-2018-19630 (cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE throu ...)
 	NOT-FOR-US: uhttpd (in OpenWRT and LEDE)
 CVE-2018-19629 (A Denial of Service vulnerability in the ImageNow Server service in Hy ...)
-	TODO: check
+	NOT-FOR-US: Hyland Perceptive Content Server 
 CVE-2018-19628 (In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. Thi ...)
 	{DSA-4359-1}
 	- wireshark 2.6.5-1
@@ -35204,7 +35205,7 @@ CVE-2019-1074 (An elevation of privilege vulnerability exists in Microsoft Windo
 CVE-2019-1073 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1072 (A remote code execution vulnerability exists when Azure DevOps Server  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1071 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1070
@@ -35427,7 +35428,7 @@ CVE-2019-0964
 CVE-2019-0963 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0962 (An elevation of privilege vulnerability exists in Azure Automation "Ru ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0961 (An information disclosure vulnerability exists when the Windows GDI co ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0960 (An elevation of privilege vulnerability exists in Windows when the Win ...)
@@ -35621,7 +35622,7 @@ CVE-2019-0867 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevO
 CVE-2019-0866 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-0865 (A denial of service vulnerability exists when SymCrypt improperly hand ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-0864 (A denial of service vulnerability exists when .NET Framework improperl ...)
 	NOT-FOR-US: .NET Framework
 CVE-2019-0863 (An elevation of privilege vulnerability exists in the way Windows Erro ...)
@@ -53317,7 +53318,7 @@ CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerab
 CVE-2018-13443 (EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted was ...)
 	NOT-FOR-US: EOS.IO jit-wasm
 CVE-2018-13442 (SolarWinds Network Performance Monitor 12.3 allows SQL Injection via t ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds Network Performance Monitor
 CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL po ...)
 	- nagios4 4.3.4-3 (low; bug #917160)
 	NOTE: https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ba97cc426fbfe7b6633a2e7e321666cec8d999

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8ba97cc426fbfe7b6633a2e7e321666cec8d999
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190717/b877c4b0/attachment.html>


More information about the debian-security-tracker-commits mailing list