[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Oct 4 21:34:46 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90385e0f by Salvatore Bonaccorso at 2019-10-04T20:34:13Z
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-17179 (XSS in library/custom_template/add_template.php in OpenEMR through 5.0 ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
 	TODO: check
 CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
@@ -7,7 +7,7 @@ CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x throu
 CVE-2019-17176
 	RESERVED
 CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...)
-	TODO: check
+	NOT-FOR-US: joyplus-cms
 CVE-2019-17174
 	RESERVED
 CVE-2019-17173
@@ -91,11 +91,11 @@ CVE-2019-17135
 CVE-2019-17134
 	RESERVED
 CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...)
 	- linux <unfixed>
 	NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2
@@ -668,7 +668,7 @@ CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass applicati
 	NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
 	NOTE: https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d
 CVE-2019-16891 (Liferay Portal CE 6.2.5 allows remote command execution because of des ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...)
 	NOT-FOR-US: Halo
 CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause  ...)
@@ -2571,7 +2571,7 @@ CVE-2019-16200
 CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...)
 	NOT-FOR-US: eQ-3 Homematic CCU2
 CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by t ...)
-	TODO: check
+	NOT-FOR-US: KSLabs KSWEB
 CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-A ...)
 	- dolibarr <removed>
 CVE-2019-16196
@@ -3671,7 +3671,7 @@ CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in th
 	NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
 	NOTE: Neutralised by toolchain hardening, no security impact
 CVE-2019-15766 (The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android al ...)
-	TODO: check
+	NOT-FOR-US: KSLABS KSWEB
 CVE-2019-15765
 	RESERVED
 CVE-2019-15764
@@ -11997,7 +11997,7 @@ CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the
 CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like Button p ...)
 	NOT-FOR-US: CRUDLab WP Like Button plugin for WordPress
 CVE-2019-13343 (Butor Portal before 1.0.27 is affected by a Path Traversal vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Butor Portal
 CVE-2019-13342
 	RESERVED
 CVE-2019-13341 (In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment b ...)
@@ -12049,9 +12049,9 @@ CVE-2019-13319 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2019-13318 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2019-13317 (This vulnerability allows remote atackers to execute arbitrary code on ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-13316 (This vulnerability allows remote atackers to execute arbitrary code on ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-13315 (This vulnerability allows remote atackers to execute arbitrary code on ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2019-13314 (virt-bootstrap 1.1.0 allows local users to discover a root password by ...)
@@ -30466,7 +30466,7 @@ CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exis
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
 	NOTE: https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
 CVE-2019-6776 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit PhantomPDF
 CVE-2019-6775 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2019-6774 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -32406,7 +32406,7 @@ CVE-2019-6017
 CVE-2019-6016
 	RESERVED
 CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firm ...)
-	TODO: check
+	NOT-FOR-US: FON routers
 CVE-2019-6014
 	RESERVED
 CVE-2019-6013



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90385e0f1326282641957e6f1a4cffa59b592c03

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/90385e0f1326282641957e6f1a4cffa59b592c03
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191004/1b626982/attachment.html>

More information about the debian-security-tracker-commits mailing list