[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri May 24 16:36:05 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c98a3831 by Salvatore Bonaccorso at 2019-05-24T15:30:53Z
Process some NFUs

- - - - -
c1f0cd0c by Salvatore Bonaccorso at 2019-05-24T15:34:24Z
Add CVE-2016-7151/capstone

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submit
 CVE-2019-12299
 	RESERVED
 CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
-	TODO: check
+	NOT-FOR-US: Leanify
 CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
 	NOT-FOR-US: Motorola
 CVE-2019-12296
@@ -619,7 +619,7 @@ CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x befo
 CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...)
 	NOT-FOR-US: remarkable
 CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAgentSha ...)
-	TODO: check
+	NOT-FOR-US: Panda products
 CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...)
 	NOT-FOR-US: remarkable
 CVE-2019-12040
@@ -3590,7 +3590,7 @@ CVE-2019-10848
 CVE-2019-10847
 	RESERVED
 CVE-2019-10846 (Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: Computrols CBAS
 CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...)
 	NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...)
@@ -29338,7 +29338,7 @@ CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley Pow
 CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A re ...)
 	NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
 CVE-2018-19614 (XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre ...)
-	TODO: check
+	NOT-FOR-US: Westermo routers
 CVE-2018-19613
 	RESERVED
 CVE-2018-19612
@@ -121734,7 +121734,7 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i
 CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...)
 	NOT-FOR-US: Unisys ClearPath
 CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: ...)
-	TODO: check
+	NOT-FOR-US: Odoo
 CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...)
 	NOT-FOR-US: ViMbAdmin
 CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo  ...)
@@ -145137,7 +145137,9 @@ CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congest
 CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion wi ...)
 	NOTE: CVE assigned for the HTTP/2 protocol issue
 CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a re ...)
-	TODO: check
+	- capstone <unfixed>
+	NOTE: https://github.com/aquynh/capstone/commit/87a25bb543c8e4c09b48d4b4a6c7db31ce58df06 (4.0-alpha4)
+	NOTE: https://github.com/aquynh/capstone/pull/725
 CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)
 	NOT-FOR-US: b2evolution
 CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f334f8e4e8bf0f32cbfc07c8bb2189456581dab1...c1f0cd0ccc54ba6ab14de55ad06a1473b5145ea1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f334f8e4e8bf0f32cbfc07c8bb2189456581dab1...c1f0cd0ccc54ba6ab14de55ad06a1473b5145ea1
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190524/9652c807/attachment.html>

More information about the debian-security-tracker-commits mailing list