[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat May 11 12:40:43 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d74c93b0 by Salvatore Bonaccorso at 2019-05-11T11:40:07Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10939,7 +10939,7 @@ CVE-2019-7655
 CVE-2019-7654
 	RESERVED
 CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
-	TODO: check
+	NOT-FOR-US: TheHive Project UnshortenLink analyzer
 CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...)
 	NOT-FOR-US: Emsisoft Anti-Malware
 CVE-2019-7650
@@ -16124,11 +16124,11 @@ CVE-2019-5679
 CVE-2019-5678
 	RESERVED
 CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
 CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
 CVE-2019-5675 (NVIDIA Windows GPU Display driver software for Windows (all versions)  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows
 CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...)
 	NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on al ...)
@@ -16490,11 +16490,11 @@ CVE-2019-5498
 CVE-2019-5497
 	RESERVED
 CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
-	TODO: check
+	NOT-FOR-US: Oncommand Insight / Netapp
 CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows prior  ...)
-	TODO: check
+	NOT-FOR-US: OnCommand Unified Manager for VMware vSphere, Linux and Windows / Netapp
 CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...)
-	TODO: check
+	NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp
 CVE-2019-5493
 	RESERVED
 CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...)
@@ -20686,7 +20686,7 @@ CVE-2019-3568
 CVE-2019-3567
 	RESERVED
 CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp for Android
 CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...)
 	TODO: check
 CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...)
@@ -59680,7 +59680,7 @@ CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.
 CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login fun ...)
 	NOT-FOR-US: WolfCMS
 CVE-2018-8812 (An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 an ...)
-	TODO: check
+	NOT-FOR-US: Avaya
 CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in system/workplace/ad ...)
 	NOT-FOR-US: OpenCMS
 CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...)
@@ -98289,9 +98289,9 @@ CVE-2017-12887
 CVE-2017-12886
 	RESERVED
 CVE-2017-12885 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Sit ...)
-	TODO: check
+	NOT-FOR-US: OX Software GmbH App Suite
 CVE-2017-12884 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Informati ...)
-	TODO: check
+	NOT-FOR-US: OX Software GmbH App Suite
 CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...)
 	{DSA-3982-1}
 	- perl 5.26.0-8 (bug #875597)
@@ -99080,7 +99080,7 @@ CVE-2017-12797 (Integer overflow in the INT123_parse_new_id3 function in the ID3
 CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distri ...)
 	NOT-FOR-US: OpenMRS addon
 CVE-2017-12795 (OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper I ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...)
 	- python-django 1:1.11.5-1 (low; bug #874415)
 	[stretch] - python-django 1:1.10.7-2+deb9u2
@@ -99201,7 +99201,7 @@ CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is cop
 	NOTE: Fixed by: https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967 (v4.13-rc4)
 	NOTE: Driver is disabled since squeeze and unmaintained for a long time
 CVE-2017-12761 (http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by ...)
-	TODO: check
+	NOT-FOR-US: Endober WebFile Explorer
 CVE-2017-12760 (Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa  ...)
 	NOT-FOR-US: Ynet Interactive
 CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Man ...)
@@ -162653,7 +162653,7 @@ CVE-2016-1602 (A code injection in the supportconfig data collection tool in sup
 CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, do ...)
 	NOT-FOR-US: yast2-users / SuSE YAST
 CVE-2016-1600 (The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6  ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Identity Manager
 CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service Passwor ...)
 	NOT-FOR-US: NetIQ Self Service Password Reset
 CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attacke ...)
@@ -190131,7 +190131,7 @@ CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before
 CVE-2015-1007 (A specially crafted configuration file could be used to cause a stack- ...)
 	NOT-FOR-US: Opto 22 PAC
 CVE-2015-1006 (A vulnerable file in Opto 22 PAC Project Professional versions prior t ...)
-	TODO: check
+	NOT-FOR-US: Opto
 CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE u ...)
 	NOT-FOR-US: IniNet
 CVE-2015-1004



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d74c93b07bdf3e013d8bc14b1937bb4a248571ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d74c93b07bdf3e013d8bc14b1937bb4a248571ba
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190511/378356c3/attachment.html>

More information about the debian-security-tracker-commits mailing list