[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Nov 13 17:32:22 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e0dfe0b by Moritz Muehlenhoff at 2019-11-13T17:31:58Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116,7 +116,7 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free.
 	- python-psutil <unfixed> (bug #944605)
 	NOTE: https://github.com/giampaolo/psutil/pull/1616
 CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
-	TODO: check
+	NOT-FOR-US: FUDForum
 CVE-2019-18872
 	RESERVED
 CVE-2019-18871
@@ -2797,7 +2797,7 @@ CVE-2019-18660
 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...)
 	NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol
 CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a chart as  ...)
-	TODO: check
+	- helm-kubernetes <itp> (bug #910799)
 CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url  ...)
 	NOT-FOR-US: ClickHouse
 CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...)
@@ -16153,7 +16153,7 @@ CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafI
 	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
 	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e
 CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...)
-	TODO: check
+	NOT-FOR-US: Slack-Chat
 CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...)
 	NOT-FOR-US: WP SlackSync plugin for WordPress
 CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...)
@@ -41553,7 +41553,7 @@ CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerabilit
 CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in  ...)
 	NOT-FOR-US: NVIDIA Virtual GPU Manager
 CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
@@ -54672,7 +54672,7 @@ CVE-2019-1236 (A remote code execution vulnerability exists in the way that the
 CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text Service ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to validate cer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange Server  ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1232 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
@@ -289261,9 +289261,9 @@ CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in
 CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
 	NOTE: Historic webkit/Chromium issues
 CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...)
-	TODO: check
+	NOTE: Historic webkit/Chromium issues
 CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before  ...)
-	TODO: check
+	NOTE: Historic webkit/Chromium issues
 CVE-2011-2333
 	RESERVED
 CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...)
@@ -290660,9 +290660,9 @@ CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as us
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/86448
 CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
-	TODO: check
+	NOTE: Historic webkit/Chromium issues
 CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...)
-	TODO: check
+	NOTE: Historic webkit/Chromium issues
 CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...)
 	- chromium-browser 11.0.696.71~r86024-1 (unimportant)
 	NOTE: http://trac.webkit.org/changeset/85977



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e0dfe0bbf38448e5750dbbaffeed218d3bff222

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e0dfe0bbf38448e5750dbbaffeed218d3bff222
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191113/16abdacc/attachment.html>

More information about the debian-security-tracker-commits mailing list