[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Nov 18 20:49:18 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d92c8f7d by Salvatore Bonaccorso at 2019-11-18T20:48:50Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...)
-	TODO: check
+	NOT-FOR-US: newbee-mall
 CVE-2019-19112
 	RESERVED
 CVE-2019-19111
@@ -55,11 +55,11 @@ CVE-2019-19087
 CVE-2019-19086
 	RESERVED
 CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with  ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2018-21031 (Plex Media Server 1.18.2.2029-36236cc4c allows remote attackers to byp ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server
 CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...)
 	TODO: check
 CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. ...)
@@ -176,9 +176,9 @@ CVE-2019-19043 (A memory leak in the i40e_setup_macvlans() function in drivers/n
 CVE-2019-19042
 	RESERVED
 CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as d ...)
-	TODO: check
+	NOT-FOR-US: Xorux
 CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...)
-	TODO: check
+	NOT-FOR-US: KairosDB
 CVE-2019-19039
 	RESERVED
 CVE-2019-19038
@@ -8137,9 +8137,9 @@ CVE-2019-17060
 CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...)
 	NOT-FOR-US: Sophos
 CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary file uplo ...)
-	TODO: check
+	NOT-FOR-US: Footy Tipping Software AFL Web Edition
 CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Footy Tipping Software AFL Web Edition
 CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...)
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104
@@ -15688,7 +15688,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c
 	[jessie] - open-cobol <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
 CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
-	TODO: check
+	NOT-FOR-US: Social Photo Gallery plugin for WordPress
 CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.]
 	RESERVED
 	{DLA-1905-1}
@@ -47192,9 +47192,9 @@ CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE produ
 CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3424 (authentication issues vulnerability, which exists in V2.1.14 and below ...)
-	TODO: check
+	NOT-FOR-US: C520V21 smart camera devices
 CVE-2019-3423 (permission and access control vulnerability, which exists in V2.1.14 a ...)
-	TODO: check
+	NOT-FOR-US: C520V21 smart camera devices
 CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d92c8f7da0f9776891310c46e3dc775aa2cbd653

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d92c8f7da0f9776891310c46e3dc775aa2cbd653
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191118/0ddb5615/attachment.html>

More information about the debian-security-tracker-commits mailing list