[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jun 6 21:29:10 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80a11a79 by Salvatore Bonaccorso at 2019-06-06T20:28:21Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,7 @@ CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows
 	NOTE: vim patches: https://github.com/vim/vim/commit/5357552
 	NOTE: neovim pull request: https://github.com/neovim/neovim/pull/10082
 CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Chartkick Ruby gem
 CVE-2019-12731
 	RESERVED
 CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 does not ...)
@@ -1072,7 +1072,7 @@ CVE-2019-12305
 CVE-2019-12304
 	RESERVED
 CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2019-12302
 	RESERVED
 CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...)
@@ -1107,7 +1107,7 @@ CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-rea
 CVE-2019-12292
 	RESERVED
 CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Consul
 CVE-2019-12290
 	RESERVED
 CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...)
@@ -1143,7 +1143,7 @@ CVE-2019-12275
 CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerable to  ...)
 	- hazelcast <itp> (bug #745640)
 CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2019-12273
 	RESERVED
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
@@ -1499,7 +1499,7 @@ CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows directory traversal, for execu
 CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, a ...)
 	NOT-FOR-US: Boostnote
 CVE-2019-12135 (An unspecified vulnerability in the application server in PaperCut MF  ...)
-	TODO: check
+	NOT-FOR-US: PaperCut
 CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
 	TODO: check
 CVE-2019-12133
@@ -4042,7 +4042,7 @@ CVE-2019-11082 (core/api/datasets/internal/actions/Explode.java in the Dataset A
 CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.2 and pos ...)
 	NOT-FOR-US: Dentsply Sirona Sidexis
 CVE-2019-11080 (Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remo ...)
-	TODO: check
+	NOT-FOR-US: Sitecore Experience Platform
 CVE-2019-11079
 	RESERVED
 CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...)
@@ -9691,11 +9691,11 @@ CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and ea
 CVE-2019-9159
 	RESERVED
 CVE-2019-9158 (Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control ...)
-	TODO: check
+	NOT-FOR-US: Gemalto DS3 Authentication Server
 CVE-2019-9157 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclos ...)
-	TODO: check
+	NOT-FOR-US: Gemalto DS3 Authentication Server
 CVE-2019-9156 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injecti ...)
-	TODO: check
+	NOT-FOR-US: Gemalto DS3 Authentication Server
 CVE-2019-9192 (** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ...)
 	- glibc <unfixed> (unimportant)
 	- eglibc <removed> (unimportant)
@@ -11687,7 +11687,7 @@ CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Executi
 CVE-2019-8386
 	RESERVED
 CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.35 ...)
-	TODO: check
+	NOT-FOR-US: Thomson Reuters Desktop Extensions
 CVE-2019-8384
 	RESERVED
 CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory  ...)
@@ -13274,7 +13274,7 @@ CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Admi
 CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...)
 	TODO: check
 CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: Prima Systems FlexAir devices
 CVE-2019-7670
 	RESERVED
 CVE-2019-7669
@@ -13629,11 +13629,11 @@ CVE-2019-7556
 CVE-2019-7555
 	RESERVED
 CVE-2019-7554 (An issue was discovered in PHP Scripts Mall API Based Travel Booking 3 ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall API Based Travel Booking
 CVE-2019-7553 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stor ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
 CVE-2019-7552 (An issue was discovered in PHP Scripts Mall Investment MLM Software 2. ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Investment MLM Software
 CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4 ...)
 	NOT-FOR-US: Cantemo Portal
 CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whe ...)
@@ -14358,7 +14358,7 @@ CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection in
 CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for Window ...)
 	NOT-FOR-US: PRIMX Zed Enterprise
 CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A  ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...)
 	{DLA-1706-1}
 	- poppler 0.71.0-4 (bug #921215)
@@ -15131,7 +15131,7 @@ CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: Improper Neutralization
 	- rssh 2.3.4-9 (bug #919623)
 	NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/
 CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caus ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers  ...)
 	- openjpeg2 <unfixed> (low; bug #922648)
 	[buster] - openjpeg2 <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80a11a797d59f7e37231506f3bd7b85d45ab192a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80a11a797d59f7e37231506f3bd7b85d45ab192a
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190606/d74823f5/attachment.html>

More information about the debian-security-tracker-commits mailing list