[Git][security-tracker-team/security-tracker][master] new ironic-inspector issue

Moritz Muehlenhoff jmm at debian.org
Tue May 21 09:29:38 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0730f90b by Moritz Muehlenhoff at 2019-05-21T08:28:31Z
new ironic-inspector issue
new kfreebsd issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,11 +9,11 @@ CVE-2019-12243
 CVE-2019-12242
 	RESERVED
 CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserializat ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-12240 (The Virim plugin 0.4 for WordPress allows Insecure Deserialization via ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-12239 (The WP Booking System plugin 1.5.1 for WordPress has no CSRF protectio ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-12238
 	RESERVED
 CVE-2019-12237
@@ -922,7 +922,7 @@ CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross s
 CVE-2019-11817
 	RESERVED
 CVE-2019-11816 (Incorrect access control in the WebUI in OPNsense before version 19.1. ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2019-11814 (An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.1 ...)
 	NOT-FOR-US: MISP
 CVE-2019-11813 (An issue was discovered in app/View/Elements/Events/View/value_field.c ...)
@@ -1329,7 +1329,7 @@ CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers
 CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2015-9287 (Directory Traversal was discovered in University of Cambridge mod_ucam ...)
-	TODO: check
+	NOT-FOR-US: mod_ucam_webauth
 CVE-2019-11631
 	REJECTED
 CVE-2019-11630
@@ -4975,6 +4975,9 @@ CVE-2019-10142
 	RESERVED
 CVE-2019-10141
 	RESERVED
+	- ironic-inspector <unfixed>
+	NOTE: https://review.opendev.org/#/c/660234/
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1711722
 CVE-2019-10140
 	RESERVED
 CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...)
@@ -5764,7 +5767,7 @@ CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can resul
 CVE-2019-1010259
 	RESERVED
 CVE-2019-1010258 (nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf4 ...)
-	TODO: check
+	NOT-FOR-US: nanosvg
 CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists in article2 ...)
 	NOT-FOR-US: article2pdf Wordpress plugin
 CVE-2019-1010256
@@ -8096,7 +8099,7 @@ CVE-2019-9198
 CVE-2019-9197
 	RESERVED
 CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...)
-	TODO: check
+	NOT-FOR-US: Aware mobile liveness
 CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...)
 	NOT-FOR-US: Grin
 CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...)
@@ -10323,7 +10326,7 @@ CVE-2019-8340
 CVE-2019-8339 (An issue was discovered in Sysdig through 0.24.2, as used in Falco thr ...)
 	TODO: check
 CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...)
-	TODO: check
+	NOT-FOR-US: Airmail
 CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...)
 	NOT-FOR-US: HashiCorp Consul
 CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...)
@@ -17187,9 +17190,13 @@ CVE-2019-5600
 CVE-2019-5599
 	RESERVED
 CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
+	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc
+	NOTE: kfreebsd not covered by security support
 CVE-2019-5597 (In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
+	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc
+	NOTE: kfreebsd not covered by security support
 CVE-2019-5596 (In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ...)
 	- kfreebsd-10 <unfixed> (unimportant)
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0730f90bfa2724f07274e1b0fdb2b73c9d157210

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0730f90bfa2724f07274e1b0fdb2b73c9d157210
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190521/114bf8c6/attachment.html>

More information about the debian-security-tracker-commits mailing list