[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Mar 29 20:24:17 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c00f47e0 by Salvatore Bonaccorso at 2019-03-29T20:23:39Z
Process NFUs

- - - - -
05e344fe by Salvatore Bonaccorso at 2019-03-29T20:23:53Z
Remove unneeded TODO item

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1506,15 +1506,15 @@ CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL p
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-9922 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
-	TODO: check
+	NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9921 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
-	TODO: check
+	NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9920 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
-	TODO: check
+	NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9919 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
-	TODO: check
+	NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9918 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...)
-	TODO: check
+	NOT-FOR-US: Harmis JE Messenger component for Joomla!
 CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial  ...)
 	- znc 1.7.2-2 (bug #925285)
 	[jessie] - znc <not-affected> (The vulnerable code is not present)
@@ -2823,7 +2823,7 @@ CVE-2019-9697
 CVE-2019-9696
 	RESERVED
 CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
-	TODO: check
+	NOT-FOR-US: Norton Core
 CVE-2019-9694
 	RESERVED
 CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...)
@@ -3095,9 +3095,9 @@ CVE-2019-9607 (PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal
 CVE-2019-9606 (PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS ...)
 	NOT-FOR-US: PHP Scripts Mall Personal Video Collection Script
 CVE-2019-9605 (PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflect ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Online Lottery PHP Readymade Script
 CVE-2019-9604 (PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-S ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Online Lottery PHP Readymade Script
 CVE-2019-9603 (MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF t ...)
 	NOT-FOR-US: MiniCMS
 CVE-2019-9602
@@ -10265,19 +10265,19 @@ CVE-2019-6610
 CVE-2019-6609
 	RESERVED
 CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6607 (On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6606 (On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0. ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6605 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed seq ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6604 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6603 (In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6602 (In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility l ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6601 (In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8,  ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2019-6600 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11 ...)
@@ -24391,13 +24391,13 @@ CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 1
 CVE-2018-19645 (An Authentication Bypass issue exists in Solutions Business Manager (S ...)
 	NOT-FOR-US: Solutions Business Manager (SBM)
 CVE-2018-19644 (Reflected cross site script issue in Micro Focus Solutions Business Ma ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Solutions Business Manager
 CVE-2018-19643 (Information leakage issue in Micro Focus Solutions Business Manager (S ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Solutions Business Manager
 CVE-2018-19642 (Denial of service issue in Micro Focus Solutions Business Manager (SBM ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Solutions Business Manager
 CVE-2018-19641 (Unauthenticated remote code execution issue in Micro Focus Solutions B ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Solutions Business Manager
 CVE-2018-19640 (If the attacker manages to create files in the directory used to colle ...)
 	NOT-FOR-US: SLES support scripts
 CVE-2018-19639 (If supportutils before version 3.1-5.7.1 is run with -v to perform rpm ...)
@@ -28213,7 +28213,6 @@ CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated us
 	[jessie] - edk2 <end-of-life> (non-free, not used by any sponsor)
 	NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359
 	NOTE: https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f
-	TODO: check
 CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...)
 	- edk2 0~20181115.85588389-1
 	[jessie] - edk2 <end-of-life> (non-free, not used by any sponsor)
@@ -37351,7 +37350,7 @@ CVE-2018-15842 (WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter
 CVE-2018-15841
 	RESERVED
 CVE-2018-15840 (TP-Link TL-WR840N devices allow remote attackers to cause a denial of  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2018-15839 (D-Link DIR-615 devices have a buffer overflow via a long Authorization ...)
 	NOT-FOR-US: D-Link DIR-615 devices
 CVE-2018-15838
@@ -62755,17 +62754,17 @@ CVE-2017-18112
 CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10,  ...)
 	TODO: check
 CVE-2017-18110 (The administration backup restore resource in Atlassian Crowd before v ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18109 (The login resource of CrowdId in Atlassian Crowd before version 3.0.2  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18108 (The administration SMTP configuration resource in Atlassian Crowd befo ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18107
 	RESERVED
 CVE-2017-18106 (The identifier_hash for a session token in Atlassian Crowd before vers ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18105 (The console login resource in Atlassian Crowd before version 3.0.2 and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18104 (The Webhooks component of Atlassian Jira before version 7.6.7 and from ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2017-18103 (The atlassian-http library, as used in various Atlassian products, bef ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f2fe9a59126f0b39871a3bfec1459826638b1ae5...05e344fed9cd09e909893826b900ddcb6cfad8dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f2fe9a59126f0b39871a3bfec1459826638b1ae5...05e344fed9cd09e909893826b900ddcb6cfad8dc
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190329/131b31d9/attachment.html>

More information about the debian-security-tracker-commits mailing list