[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Mar 31 07:59:10 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88ea83a9 by Salvatore Bonaccorso at 2019-03-31T06:58:45Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as us
 CVE-2019-10653
 	RESERVED
 CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...)
-	TODO: check
+	NOT-FOR-US: flatCore
 CVE-2019-10651
 	RESERVED
 CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...)
@@ -7828,7 +7828,7 @@ CVE-2019-7615
 CVE-2019-7614
 	RESERVED
 CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient loggin ...)
-	TODO: check
+	NOT-FOR-US: Winlogbeat
 CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash version ...)
 	- logstash <itp> (bug #664841)
 CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 5.6.15 a ...)
@@ -10667,7 +10667,7 @@ CVE-2019-6483
 CVE-2019-6482
 	RESERVED
 CVE-2019-6481 (Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor  ...)
-	TODO: check
+	NOT-FOR-US: Abine Blur
 CVE-2019-6480
 	RESERVED
 CVE-2019-6479
@@ -28629,7 +28629,7 @@ CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthent
 CVE-2018-19202
 	RESERVED
 CVE-2018-19201 (A reflected XSS vulnerability in the ModCP Profile Editor in MyBB befo ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows  ...)
 	{DLA-1581-1}
 	- uriparser 0.9.0-1 (bug #913817)
@@ -29673,7 +29673,7 @@ CVE-2018-18768
 CVE-2018-18767 (An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06.  ...)
 	NOT-FOR-US: D-Link
 CVE-2018-18766 (An elevation of privilege vulnerability exists in the Call Dispatcher  ...)
-	TODO: check
+	NOT-FOR-US: Provisio SiteKiosk
 CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
 	- smplayer 18.5.0~ds1-1
 	[stretch] - smplayer <not-affected> (Vulnerable code not present)
@@ -62859,7 +62859,7 @@ CVE-2017-18113
 CVE-2017-18112
 	RESERVED
 CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10,  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Application Links
 CVE-2017-18110 (The administration backup restore resource in Atlassian Crowd before v ...)
 	NOT-FOR-US: Atlassian Crowd
 CVE-2017-18109 (The login resource of CrowdId in Atlassian Crowd before version 3.0.2  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ea83a9156a18d38bed78647737ca4be620a979

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/88ea83a9156a18d38bed78647737ca4be620a979
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190331/2384e5a0/attachment.html>


More information about the debian-security-tracker-commits mailing list