[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Oct 2 20:40:05 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
654a22d8 by Salvatore Bonaccorso at 2019-10-02T19:39:39Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34,7 +34,7 @@ CVE-2019-17065
 CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...)
 	TODO: check
 CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can ...)
-	TODO: check
+	NOT-FOR-US: Snowtide PDFxStream
 CVE-2019-17062
 	RESERVED
 CVE-2019-17061
@@ -172,7 +172,7 @@ CVE-2019-17001
 CVE-2019-17000
 	RESERVED
 CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
-	TODO: check
+	NOT-FOR-US: CloudBoot
 CVE-2019-16998
 	RESERVED
 CVE-2019-16997 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/lan ...)
@@ -180,7 +180,7 @@ CVE-2019-16997 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/syst
 CVE-2019-16996 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/pro ...)
 	NOT-FOR-US: Metinfo
 CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...)
-	TODO: check
+	NOT-FOR-US: CDG
 CVE-2019-16995 (In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_final ...)
 	- linux 4.19.37-1
 	[stretch] - linux 4.9.168-1
@@ -971,9 +971,9 @@ CVE-2019-16686 (Dolibarr 9.0.5 has stored XSS in a User Note section to note.php
 CVE-2019-16685 (Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Descripti ...)
 	- dolibarr <removed>
 CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. When any ...)
-	TODO: check
+	NOT-FOR-US: Xoops
 CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...)
-	TODO: check
+	NOT-FOR-US: Xoops
 CVE-2019-16682
 	RESERVED
 CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established  ...)
@@ -1418,7 +1418,7 @@ CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_wait
 CVE-2019-16509
 	RESERVED
 CVE-2019-16508 (The Imagination Technologies driver for Chrome OS before R74-11895.B,  ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies driver for Chrome OS
 CVE-2019-16507
 	RESERVED
 CVE-2019-16506
@@ -2973,7 +2973,7 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may all
 	NOTE: were added only in 2.0 the vulnerability has no effect. The vulnerability
 	NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC before)
 CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
-	TODO: check
+	NOT-FOR-US: Victure PC530 devices
 CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
 	TODO: check
 CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in  ...)
@@ -5660,21 +5660,21 @@ CVE-2019-15044
 CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...)
 	- grafana <removed>
 CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15041 (JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2019-15040
 	RESERVED
 CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possi ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity s ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15037
 	RESERVED
 CVE-2019-15036
 	RESERVED
 CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2019-15034
 	RESERVED
 CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...)
@@ -5915,25 +5915,25 @@ CVE-2019-14963
 CVE-2019-14962
 	RESERVED
 CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly escaping HTML t ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Upsource
 CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Rider
 CVE-2019-14959
 	RESERVED
 CVE-2019-14958
 	RESERVED
 CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing individual pr ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Vim plugin
 CVE-2019-14956
 	RESERVED
 CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...)
-	TODO: check
+	NOT-FOR-US: JetBrains Hub
 CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...)
-	TODO: check
+	NOT-FOR-US: JetBrains IntelliJ IDEA
 CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in  ...)
-	TODO: check
+	NOT-FOR-US: JetBrains YouTrack
 CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...)
 	NOT-FOR-US: Telenav Scout GPS Link app
 CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...)
@@ -26501,15 +26501,15 @@ CVE-2019-8294
 CVE-2019-8293
 	RESERVED
 CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to see if a  ...)
-	TODO: check
+	NOT-FOR-US: Online Store System
 CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see if a use ...)
-	TODO: check
+	NOT-FOR-US: Online Store System
 CVE-2019-8290 (Vulnerability in Online Store v1.0, The registration form requirements ...)
-	TODO: check
+	NOT-FOR-US: Online Store System
 CVE-2019-8289 (Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php  ...)
-	TODO: check
+	NOT-FOR-US: Online Store System
 CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php where  ...)
-	TODO: check
+	NOT-FOR-US: Online Store System
 CVE-2019-8287
 	RESERVED
 CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/654a22d8b1e1b3cc429b7dad1d6fafcb5c72f4a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/654a22d8b1e1b3cc429b7dad1d6fafcb5c72f4a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191002/f1ecf6f6/attachment.html>

More information about the debian-security-tracker-commits mailing list