[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jun 6 11:00:31 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad1026ee by Salvatore Bonaccorso at 2019-06-06T10:00:05Z
Process some NFUs

- - - - -
2800ddfb by Salvatore Bonaccorso at 2019-06-06T10:00:06Z
Add CVE-2019-12739/nextcloud

Actually this might not be in the target for src:nextcloud but in an
external addon and as such marked differently.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2019-12743
 CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change the passw ...)
 	NOT-FOR-US: bludit
 CVE-2019-12741 (XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR l ...)
-	TODO: check
+	NOT-FOR-US: HAPI FHIR library
 CVE-2019-12740
 	RESERVED
 CVE-2019-12739 (lib/Controller/ExtractionController.php in the Extract add-on before 1 ...)
-	TODO: check
+	- nextcloud <itp> (bug #835086)
 CVE-2019-12738
 	RESERVED
 CVE-2019-12737
@@ -313,7 +313,7 @@ CVE-2019-12595
 CVE-2019-12594
 	RESERVED
 CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion  ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Mail Server
 CVE-2019-12592
 	RESERVED
 CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...)
@@ -387,11 +387,11 @@ CVE-2019-12557
 CVE-2019-12556
 	RESERVED
 CVE-2019-12555 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
-	TODO: check
+	NOT-FOR-US: SweetScape 010 Editor
 CVE-2019-12554 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
-	TODO: check
+	NOT-FOR-US: SweetScape 010 Editor
 CVE-2019-12553 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...)
-	TODO: check
+	NOT-FOR-US: SweetScape 010 Editor
 CVE-2019-12552
 	RESERVED
 CVE-2019-12551
@@ -987,7 +987,7 @@ CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal vi
 CVE-2019-12311
 	RESERVED
 CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monit ...)
-	TODO: check
+	NOT-FOR-US: ExaGrid appliances
 CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by  ...)
 	NOT-FOR-US: dotCMS
 CVE-2019-12308 (An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ...)
@@ -1150,7 +1150,7 @@ CVE-2019-12245
 CVE-2019-12244
 	RESERVED
 CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2019-12242
 	RESERVED
 CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserializat ...)
@@ -1527,7 +1527,7 @@ CVE-2019-12098 (In the client side of Heimdal before 7.6.0, failure to verify an
 	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf (7.6.0)
 	NOTE: Introduced by: https://github.com/heimdal/heimdal/commit/a1ef548600c5bb51cf52a9a9ea12676506ede19f (1.4.0)
 CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoop ...)
-	TODO: check
+	NOT-FOR-US: Telerik Fiddler
 CVE-2019-12096
 	RESERVED
 CVE-2019-12095
@@ -2904,7 +2904,7 @@ CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS v
 CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
 	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11509 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
 	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9. ...)
@@ -3308,13 +3308,13 @@ CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overf
 	NOTE: https://github.com/lh3/bwa/issues/239
 	NOTE: Neutralised by toolchain hardening
 CVE-2019-11370 (Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstr ...)
-	TODO: check
+	NOT-FOR-US: Carel pCOWeb
 CVE-2019-11369 (An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw ...)
-	TODO: check
+	NOT-FOR-US: Carel pCOWeb
 CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via  ...)
-	TODO: check
+	NOT-FOR-US: AUO Solar Data Recorder
 CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...)
-	TODO: check
+	NOT-FOR-US: AUO Solar Data Recorder
 CVE-2019-11364
 	RESERVED
 CVE-2019-11363



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee0bd3c8095913905b734290a7c52c090fd2fff7...2800ddfb34be8cb08294855f6c82070e8ed3945c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee0bd3c8095913905b734290a7c52c090fd2fff7...2800ddfb34be8cb08294855f6c82070e8ed3945c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190606/e800d23d/attachment.html>

More information about the debian-security-tracker-commits mailing list