[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jul 23 21:28:56 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
038f165c by Salvatore Bonaccorso at 2019-07-23T20:27:45Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,7 +2,7 @@ CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of serv
 	- haproxy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/haproxy/haproxy/issues/181
 CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory travers ...)
-	TODO: check
+	NOT-FOR-US: WCMS
 CVE-2019-14239
 	RESERVED
 CVE-2019-14238
@@ -12137,7 +12137,7 @@ CVE-2019-1010222 (aubio 0.4.8 and earlier is affected by: null pointer. The impa
 	- aubio 0.4.9-1
 	NOTE: https://github.com/aubio/aubio/commit/eda95c9c22b4f0b466ae94c4708765eaae6e709e (0.4.9)
 CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access Control. T ...)
-	TODO: check
+	NOT-FOR-US: LineageOS
 CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...)
 	TODO: check
 CVE-2019-1010219
@@ -12161,7 +12161,7 @@ CVE-2019-1010211
 CVE-2019-1010210
 	RESERVED
 CVE-2019-1010209 (GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE ...)
-	TODO: check
+	NOT-FOR-US: GoUrl.io GoURL Wordpress Plugin
 CVE-2019-1010208 (IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracryp ...)
 	TODO: check
 CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scrip ...)
@@ -12267,23 +12267,23 @@ CVE-2019-1010158
 CVE-2019-1010157
 	RESERVED
 CVE-2019-1010156 (D-Link DSL-2750U Firmware 1.11 is affected by: Authentication Bypass.  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-1010155 (D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impac ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-1010154
 	RESERVED
 CVE-2019-1010153 (zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sq ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-1010152 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell.  ...)
 	NOT-FOR-US: zzcms
 CVE-2019-1010150 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-1010149 (zzcms version 8.3 and earlier is affected by: File Delete to Code Exec ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. The impac ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2019-1010147
 	RESERVED
 CVE-2019-1010146
@@ -12334,9 +12334,9 @@ CVE-2019-1010126
 CVE-2019-1010125
 	RESERVED
 CVE-2019-1010124 (WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by:  ...)
-	TODO: check
+	NOT-FOR-US: WebAppick WooCommerce Product Feed
 CVE-2019-1010123 (MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Up ...)
-	TODO: check
+	NOT-FOR-US: MODX Revolution Gallery
 CVE-2019-1010122
 	RESERVED
 CVE-2019-1010121
@@ -41049,21 +41049,21 @@ CVE-2018-18678
 CVE-2018-18677
 	RESERVED
 CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18674
 	RESERVED
 CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18671 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18668
 	RESERVED
 CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/038f165c83c0a121d698e9098238cec2b9bd1688

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/038f165c83c0a121d698e9098238cec2b9bd1688
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190723/9ee1a2f6/attachment.html>

More information about the debian-security-tracker-commits mailing list