[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Oct 8 21:28:28 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dec8dc6e by Salvatore Bonaccorso at 2019-10-08T20:27:56Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2019-17273
 CVE-2019-17272
 	RESERVED
 CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2019-17270
 	RESERVED
 CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...)
@@ -185,49 +185,49 @@ CVE-2019-17263 (In libyal libfwsi before 20191006, libfwsi_extension_block_copy_
 	NOTE: https://github.com/libyal/libfwsi/issues/13
 	NOTE: https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3
 CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data M ...)
 	TODO: check
 CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_ne ...)
-	TODO: check
+	NOT-FOR-US: KMPlayer (different from src:kmplayer)
 CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17257 (IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starti ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17256 (IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17255 (IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17254 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17253 (IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x00000 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17252 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_Ba ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17251 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlug ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17250 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17249 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17248 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17247 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17246 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17245 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17244 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17243 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17242 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
 	NOT-FOR-US: Bludit
 CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...)
@@ -337,9 +337,9 @@ CVE-2019-17189
 CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...)
 	NOT-FOR-US: Fecshop FecMall
 CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_ ...)
-	TODO: check
+	NOT-FOR-US: FiberHome HG2201T devices
 CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201 ...)
-	TODO: check
+	NOT-FOR-US: FiberHome HG2201T devices
 CVE-2019-17185
 	RESERVED
 CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...)
@@ -917,7 +917,7 @@ CVE-2019-16931 (A stored XSS vulnerability in the Visualizer plugin 3.3.0 for Wo
 CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a ...)
 	NOT-FOR-US: Zcash
 CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control because Iden ...)
-	TODO: check
+	NOT-FOR-US: Auth0 auth0.net
 CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
@@ -956,7 +956,7 @@ CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/wid
 CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...)
 	NOT-FOR-US: pfSense
 CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86 ...)
-	TODO: check
+	NOT-FOR-US: PC Protect Antivirus
 CVE-2019-16912
 	RESERVED
 CVE-2019-16911
@@ -2191,9 +2191,9 @@ CVE-2019-16419
 CVE-2019-16418
 	RESERVED
 CVE-2019-16417 (HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense rep ...)
-	TODO: check
+	NOT-FOR-US: HRworks FLOW
 CVE-2019-16416 (HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. ...)
-	TODO: check
+	NOT-FOR-US: HRworks
 CVE-2019-16415
 	RESERVED
 CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malici ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dec8dc6e06db3aaee1511741e6ef0013ac5e94b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dec8dc6e06db3aaee1511741e6ef0013ac5e94b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191008/8cd44ee6/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list