[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Oct 1 09:55:36 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fdc8679 by Salvatore Bonaccorso at 2019-10-01T08:55:05Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -755,11 +755,11 @@ CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of mem
 CVE-2019-16747
 	RESERVED
 CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: eBrigade
 CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: eBrigade
 CVE-2019-16743 (eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. ...)
-	TODO: check
+	NOT-FOR-US: eBrigade
 CVE-2019-16742
 	RESERVED
 CVE-2019-16741
@@ -12235,9 +12235,9 @@ CVE-2019-13126 (An integer overflow in NATS Server 2.0.0 allows a remote attacke
 CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...)
 	NOT-FOR-US: Tencent
 CVE-2019-13124 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-13123 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag  ...)
 	NOT-FOR-US: Patchwork
 CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
@@ -19245,11 +19245,11 @@ CVE-2019-10542
 CVE-2019-10541
 	RESERVED
 CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10538 (Lack of check of address range received from firmware response allows  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10537
 	RESERVED
 CVE-2019-10536
@@ -19305,15 +19305,15 @@ CVE-2019-10512
 CVE-2019-10511
 	RESERVED
 CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10508 (Lack of input validation for data received from user space can lead to ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10507 (Lack of check of extscan change results received from firmware can lea ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor comm ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10505
 	RESERVED
 CVE-2019-10504
@@ -19323,15 +19323,15 @@ CVE-2019-10503
 CVE-2019-10502
 	RESERVED
 CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10500
 	RESERVED
 CVE-2019-10499 (Improper validation of read and write index of tx and rx fifo`s before ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec reques ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10497 (Use after free issue occurs If another instance of open for voice_svc  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10496
 	RESERVED
 CVE-2019-10495
@@ -19341,13 +19341,13 @@ CVE-2019-10494
 CVE-2019-10493
 	RESERVED
 CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10491
 	RESERVED
 CVE-2019-10490
 	RESERVED
 CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10488
 	RESERVED
 CVE-2019-10487
@@ -37412,17 +37412,17 @@ CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportA
 CVE-2019-3734 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an ...)
 	NOT-FOR-US: EMC
 CVE-2019-3733 (RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vuln ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2019-3732 (RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2019-3731 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2019-3730 (RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2019-3729 (RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x,  ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2019-3728 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x)  ...)
-	TODO: check
+	NOT-FOR-US: RSA
 CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...)
 	NOT-FOR-US: Dell EMC RecoverPoint
 CVE-2019-3726 (An Uncontrolled Search Path Vulnerability is applicable to the followi ...)
@@ -42462,7 +42462,7 @@ CVE-2019-2343 (Out of bound read and information disclosure in firmware due to i
 CVE-2019-2342
 	RESERVED
 CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is larger  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2340
 	RESERVED
 CVE-2019-2339
@@ -42478,7 +42478,7 @@ CVE-2019-2335
 CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2332
 	RESERVED
 CVE-2019-2331
@@ -42556,7 +42556,7 @@ CVE-2019-2296
 CVE-2019-2295
 	RESERVED
 CVE-2019-2294 (Usage of hard-coded magic number for calculating heap guard bytes can  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...)
@@ -42576,7 +42576,7 @@ CVE-2019-2286
 CVE-2019-2285
 	RESERVED
 CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2283
 	RESERVED
 CVE-2019-2282
@@ -42640,7 +42640,7 @@ CVE-2019-2254 (Position determination accuracy may be degraded due to wrongly de
 CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corrupted  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2252 (Classic buffer overflow vulnerability while playing the specific video ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2251
 	RESERVED
 CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fdc86795b63c00d5bd173cd3e3cbe699b4c8c1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fdc86795b63c00d5bd173cd3e3cbe699b4c8c1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191001/b6b667fd/attachment.html>

More information about the debian-security-tracker-commits mailing list