[Git][security-tracker-team/security-tracker][master] new snapd issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1825680c by Moritz Muehlenhoff at 2019-05-08T15:57:18Z
new snapd issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -588,7 +588,7 @@ CVE-2019-11562
 CVE-2019-11561
 	RESERVED
 CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
-	TODO: check
+	NOT-FOR-US: hisilicon
 CVE-2019-11559
 	RESERVED
 CVE-2019-11558
@@ -762,7 +762,7 @@ CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server log
 CVE-2019-11491
 	RESERVED
 CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed .pcap file ...)
-	TODO: check
+	NOT-FOR-US: Npcap
 CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interface in ...)
 	NOT-FOR-US: SimplyBook.me Enterprise
 CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...)
@@ -1460,7 +1460,7 @@ CVE-2019-11205
 CVE-2019-11204
 	RESERVED
 CVE-2019-11203 (The workspace client, openspace client, app development client, and RE ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-11202
 	RESERVED
 CVE-2019-11201
@@ -11801,7 +11801,7 @@ CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socke
 	NOTE: https://bugs.launchpad.net/snapd/+bug/1813365
 	NOTE: Introduced in 2.28, fixed in 2.37.1
 CVE-2019-7303 (A vulnerability in the seccomp filters of Canonical snapd before versi ...)
-	TODO: check
+	- snapd <unfixed>
 CVE-2019-7302
 	RESERVED
 CVE-2019-7301 (Zen Load Balancer 3.10.1 allows remote authenticated admin users to ex ...)
@@ -19989,11 +19989,11 @@ CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain jav
 CVE-2019-3800
 	RESERVED
 CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...)
-	TODO: check
+	NOT-FOR-US: Spring Cloud Config
 CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0,  ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 2.1.5, 2. ...)
-	TODO: check
+	NOT-FOR-US: Spring Data JPA
 CVE-2019-3796
 	RESERVED
 CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...)
@@ -23916,7 +23916,8 @@ CVE-2019-2693 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2692 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
 	- mysql-connector-java <not-affected> (Only affects 8.x)
-	TODO: check if this is actually true or only 8.x listed because supported
+	NOTE: It's not clear whether older versions are affected, but Oracle doesn't provide
+	NOTE: further information, so there's not really anything we can do about this anyway
 CVE-2019-2691 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
 	- mysql-5.7 <not-affected> (Only affects MySQL 8)
 CVE-2019-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1825680c8c527bb98ad1f0f057c94250109e140c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1825680c8c527bb98ad1f0f057c94250109e140c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190508/fa02cd20/attachment.html>