[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jun 21 20:01:52 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4e37d51 by Salvatore Bonaccorso at 2019-06-21T19:01:29Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2019-12907
 CVE-2019-12906
 	RESERVED
 CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...)
-	TODO: check
+	NOT-FOR-US: FileRun
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
 	- libgcrypt20 <unfixed>
 	- libgcrypt11 <removed>
@@ -55,11 +55,11 @@ CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to
 	NOTE: https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
 	NOTE: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
 CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in an unexpe ...)
-	TODO: check
+	NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon ...)
-	TODO: check
+	NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing  ...)
-	TODO: check
+	NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo ...)
 	- bzip2 <unfixed>
 	NOTE: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
@@ -69,9 +69,9 @@ CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write A
 CVE-2019-12898 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...)
 	NOT-FOR-US: Delta Electronics DeviceNet Builder
 CVE-2019-12897 (Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer ...)
-	TODO: check
+	NOT-FOR-US: Edraw Max
 CVE-2019-12896 (Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTempor ...)
-	TODO: check
+	NOT-FOR-US: Edraw Max
 CVE-2019-12895 (In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted  ...)
 	NOT-FOR-US: Alternate Pic View
 CVE-2019-12894 (Alternate Pic View 2.600 has a Read Access Violation at the Instructio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4e37d51d3a63be723baa7900a1f4c45942af22c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4e37d51d3a63be723baa7900a1f4c45942af22c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190621/67dc0e42/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list