[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Mar 9 08:29:01 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6218da0c by Salvatore Bonaccorso at 2019-03-09T08:27:54Z
Process NFUs

- - - - -
2d146e41 by Salvatore Bonaccorso at 2019-03-09T08:28:26Z
Try to unify used NFU formulations for Sourcetree items

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,27 +3,27 @@ CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by:
 CVE-2019-9635
 	RESERVED
 CVE-2019-1003039 (An insufficiently protected credentials vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003038 (An insufficiently protected credentials vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003037 (An information exposure vulnerability exists in Jenkins Azure VM ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003036 (A data modification vulnerability exists in Jenkins Azure VM Agents ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003035 (An information exposure vulnerability exists in Jenkins Azure VM ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003034 (A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003033 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003032 (A sandbox bypass vulnerability exists in Jenkins Email Extension ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003031 (A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003030 (A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-1003029 (A sandbox bypass vulnerability exists in Jenkins Script Security ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary functionality, ...)
 	TODO: check
 CVE-2019-9637 [rename() across the device may allow unwanted access during processing]
@@ -69,7 +69,7 @@ CVE-2019-9629
 CVE-2019-9628
 	RESERVED
 CVE-2019-9627 (A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager
 CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to ...)
 	NOT-FOR-US: PHPSHE
 CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to ...)
@@ -167,7 +167,7 @@ CVE-2019-9582
 CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via ...)
 	NOT-FOR-US: phpscheduleit Booked Scheduler
 CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, ...)
-	TODO: check
+	NOT-FOR-US: StackStorm
 CVE-2019-9579
 	RESERVED
 CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to init is ...)
@@ -3163,39 +3163,39 @@ CVE-2019-8282
 CVE-2019-8281
 	RESERVED
 CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8279 (Multiple stored XSS in Vanilla Forums before 2.5 allow remote ...)
 	NOT-FOR-US: Vanilla Forums
 CVE-2019-8278 (Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-655) in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8276 (UltraVNC revision 1211 has a stack buffer overflow vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8275 (UltraVNC revision 1211 has multiple improper null termination ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8274 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8273 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8272 (UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8271 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8270 (UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8269 (UltraVNC revision 1206 has stack-based Buffer overflow vulnerability ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8268 (UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8267 (UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8266 (UltraVNC revision 1207 has multiple out-of-bounds access ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8265 (UltraVNC revision 1207 has multiple out-of-bounds access ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8264 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC ...)
-	TODO: check
+	NOT-FOR-US: UltraVNC
 CVE-2019-8263 (UltraVNC revision 1205 has stack-based buffer overflow vulnerability ...)
 	NOT-FOR-US: UltraVNC
 CVE-2019-8262 (UltraVNC revision 1203 has multiple heap buffer overflow ...)
@@ -15651,11 +15651,11 @@ CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 a
 CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-20236 (There was an command injection vulnerability in Sourcetree for Windows ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-20235 (There was an argument injection vulnerability in Atlassian Sourcetree ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-20234 (There was an argument injection vulnerability in Atlassian Sourcetree ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version 7.6.11 and ...)
@@ -20193,23 +20193,23 @@ CVE-2019-1611
 CVE-2019-1610
 	RESERVED
 CVE-2019-1609 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1608 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1607 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1606 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1605 (A vulnerability in the NX-API feature of Cisco NX-OS Software could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1604 (A vulnerability in the user account management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1603 (A vulnerability in the CLI of Cisco NX-OS Software could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1602 (A vulnerability in the filesystem permissions of Cisco NX-OS Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1601 (A vulnerability in the filesystem permissions of Cisco NX-OS Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-1600 (A vulnerability in the file system permissions of Cisco FXOS Software ...)
 	NOT-FOR-US: Cisco
 CVE-2019-1599 (A vulnerability in the network stack of Cisco NX-OS Software could ...)
@@ -40193,9 +40193,9 @@ CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucib
 CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for ...)
-	NOT-FOR-US: Sourcetree for Windows
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS ...)
-	NOT-FOR-US: Sourcetree for macOS
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ...)
@@ -40215,9 +40215,9 @@ CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible
 CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server before ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree for ...)
-	NOT-FOR-US: Sourcetree
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for macOS ...)
-	NOT-FOR-US: Sourcetree
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2018-13384
 	RESERVED
 CVE-2018-13383
@@ -86448,9 +86448,9 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead t
 CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...)
-	NOT-FOR-US: Sourcetree
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs ...)
-	NOT-FOR-US: Sourcetree
+	NOT-FOR-US: Atlassian Sourcetree
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8c7af00247d8bed21383ebf5b94b2176738198b0...2d146e4117aa780cc4a08e7c545f643e0edf5c4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8c7af00247d8bed21383ebf5b94b2176738198b0...2d146e4117aa780cc4a08e7c545f643e0edf5c4b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190309/51adb124/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list