[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 11 20:35:25 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9a8c5c5 by Salvatore Bonaccorso at 2019-06-11T19:34:53Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,7 +32,7 @@ CVE-2019-12782
 CVE-2019-12781
 	RESERVED
 CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo ...)
-	TODO: check
+	NOT-FOR-US: Belkin Wemo Enabled Crock-Pot
 CVE-2019-XXXX [security issues fixed in vlc 3.0.7]
 	- vlc 3.0.7-1 (bug #930276)
 	NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
@@ -581,7 +581,7 @@ CVE-2019-12520
 CVE-2019-12519
 	RESERVED
 CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...)
-	TODO: check
+	NOT-FOR-US: User API in TheHive Project
 CVE-2019-12518
 	RESERVED
 CVE-2019-12517
@@ -764,7 +764,7 @@ CVE-2019-12454 (An issue was discovered in wcd9335_codec_enable_dec in sound/soc
 CVE-2019-12453
 	RESERVED
 CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...)
-	TODO: check
+	NOT-FOR-US: Containous Traefik
 CVE-2019-12451
 	RESERVED
 CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1  ...)
@@ -1220,7 +1220,7 @@ CVE-2019-12278
 CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...)
 	NOT-FOR-US: Blogifier
 CVE-2019-12276 (A Path Traversal vulnerability in Controllers/LetsEncryptController.cs ...)
-	TODO: check
+	NOT-FOR-US: GrandNode
 CVE-2019-12275
 	RESERVED
 CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerable to  ...)
@@ -2141,7 +2141,7 @@ CVE-2019-11883
 CVE-2019-11882
 	RESERVED
 CVE-2019-11881 (A vulnerability exists in Rancher 2.1.4 in the login component, where  ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is  ...)
 	NOT-FOR-US: CommSy
 CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...)
@@ -3058,7 +3058,7 @@ CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in no
 CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] ...)
 	NOT-FOR-US: SEMCMS
 CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...)
-	TODO: check
+	NOT-FOR-US: WampServer
 CVE-2019-11516
 	RESERVED
 CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
@@ -6292,7 +6292,7 @@ CVE-2019-10228
 CVE-2019-10227
 	RESERVED
 CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...)
-	TODO: check
+	NOT-FOR-US: Fat Free CRM
 CVE-2019-10225
 	RESERVED
 CVE-2019-10224
@@ -9967,9 +9967,9 @@ CVE-2019-9108 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&
 CVE-2019-9107 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecu ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
-	TODO: check
+	NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
 CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
-	TODO: check
+	NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
 CVE-2019-9104
 	RESERVED
 CVE-2019-9103
@@ -15704,7 +15704,7 @@ CVE-2019-6802 (CRLF Injection in pypiserver 1.2.5 and below allows attackers to
 CVE-2019-6801
 	RESERVED
 CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam  ...)
-	TODO: check
+	NOT-FOR-US: TitanHQ SpamTitan
 CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...)
 	{DLA-1692-1}
 	- phpmyadmin <unfixed> (bug #920823)
@@ -19592,7 +19592,7 @@ CVE-2019-5245
 CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. An att ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5242 (There is a code execution vulnerability in Huawei PCManager versions e ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei PCManager vers ...)
@@ -98833,9 +98833,9 @@ CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont t
 CVE-2017-13719
 	RESERVED
 CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) allows br ...)
-	TODO: check
+	NOT-FOR-US: Starry Station
 CVE-2017-13717 (Starry Station (aka Starry Router) sets the Access-Control-Allow-Origi ...)
-	TODO: check
+	NOT-FOR-US: Starry Station
 CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a8c5c53fcecbfef0fd0a32758dbd584d68ace6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9a8c5c53fcecbfef0fd0a32758dbd584d68ace6
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190611/47aa924f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list