[Git][security-tracker-team/security-tracker][master] 3 commits: Remove uneeded reference to intent to work on CVEs

Salvatore Bonaccorso carnil at debian.org
Thu May 2 20:29:21 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41c68f81 by Salvatore Bonaccorso at 2019-05-02T19:02:33Z
Remove uneeded reference to intent to work on CVEs

- - - - -
05397f6b by Salvatore Bonaccorso at 2019-05-02T19:19:16Z
Process some NFUs

- - - - -
24a33ed2 by Salvatore Bonaccorso at 2019-05-02T19:20:01Z
Add CVE-2018-8035/uimaj

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -207,7 +207,7 @@ CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found
 	NOTE: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
 	NOTE: https://github.com/memcached/memcached/issues/474
 CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...)
-	TODO: check
+	NOT-FOR-US: uBlock
 CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...)
 	NOT-FOR-US: AdBlock
 CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...)
@@ -235,7 +235,7 @@ CVE-2019-11581
 CVE-2019-11580
 	RESERVED
 CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
-	TODO: check
+	NOT-FOR-US: esoTalk
 CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...)
 	NOT-FOR-US: WordPress plugin contact-form-maker
 CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...)
@@ -1176,7 +1176,7 @@ CVE-2019-11195
 CVE-2019-11194
 	RESERVED
 CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via  ...)
-	TODO: check
+	NOT-FOR-US: DirectAdmin
 CVE-2019-11192
 	RESERVED
 CVE-2019-11189
@@ -1855,7 +1855,6 @@ CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox
 	[jessie] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
 	NOTE: https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26
-	NOTE: https://lists.debian.org/debian-lts/2019/04/msg00107.html
 CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup is disa ...)
 	NOT-FOR-US: Parsedown
 CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...)
@@ -3340,7 +3339,7 @@ CVE-2019-10274
 CVE-2019-10273 (Information leakage vulnerability in the /mc login page in ManageEngin ...)
 	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2019-10272 (An issue was discovered in Weaver e-cology 9.0. There is a CRLF Inject ...)
-	TODO: check
+	NOT-FOR-US: Weaver e-cology
 CVE-2019-10271
 	RESERVED
 CVE-2019-10270
@@ -13322,7 +13321,7 @@ CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, mode
 CVE-2019-6495
 	RESERVED
 CVE-2019-6494 (IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privilege ...)
-	TODO: check
+	NOT-FOR-US: IObit Malware Fighter
 CVE-2019-6493 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
 	NOT-FOR-US: IObit Smart Defrag
 CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
@@ -20122,13 +20121,13 @@ CVE-2019-3565
 CVE-2019-3564
 	RESERVED
 CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
-	TODO: check
+	NOT-FOR-US: Facebook Wangle
 CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
-	TODO: check
+	NOT-FOR-US: Oculus Browser UI
 CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functions al ...)
 	- hhvm <removed>
 CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
-	TODO: check
+	NOT-FOR-US: Fizz
 CVE-2019-3559
 	RESERVED
 CVE-2019-3558
@@ -21866,7 +21865,7 @@ CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and C
 CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and Cruci ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 before 5.2 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and fro ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 allo ...)
@@ -41974,11 +41973,11 @@ CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9
 	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
 	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
 CVE-2018-15208 (BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. ...)
-	TODO: check
+	NOT-FOR-US: BPC SmartVista
 CVE-2018-15207 (BPC SmartVista 2 has Improper Access Control in the SVFE module, where ...)
-	TODO: check
+	NOT-FOR-US: BPC SmartVista
 CVE-2018-15206 (BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.js ...)
-	TODO: check
+	NOT-FOR-US: BPC SmartVista
 CVE-2018-15205
 	RESERVED
 CVE-2018-15204
@@ -60978,7 +60977,8 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
 	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
 CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
-	TODO: check
+	- uimaj <unfixed>
+	NOTE: https://uima.apache.org/security_report#CVE-2018-8035
 CVE-2018-8034 (The host name verification when using TLS with the WebSocket client wa ...)
 	{DSA-4281-1 DLA-1491-1 DLA-1453-1}
 	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
@@ -162062,7 +162062,7 @@ CVE-2016-1588
 CVE-2016-1587 (The Snapweb interface before version 0.21.2 was exposing controls to i ...)
 	NOT-FOR-US: Snapweb
 CVE-2016-1586 (A malicious webview could install long-lived unload handlers that re-u ...)
-	TODO: check
+	NOT-FOR-US: Oxide
 CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when  ...)
 	- apparmor <undetermined>
 	NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7f8732b2e77b535de0629565498d76ca8b043999...24a33ed25b8531c0225726817d102944755f838f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7f8732b2e77b535de0629565498d76ca8b043999...24a33ed25b8531c0225726817d102944755f838f
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190502/fdd8e215/attachment.html>

More information about the debian-security-tracker-commits mailing list