[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Oct 10 21:38:23 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac5a9f2e by Salvatore Bonaccorso at 2019-10-10T20:37:56Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,17 +66,17 @@ CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAu
 	- libntlm <unfixed>
 	NOTE: https://gitlab.com/jas/libntlm/issues/2
 CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWri ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListIns ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
 	TODO: check
 CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...)
 	TODO: check
 CVE-2019-17449 (Avira Software Updater before 2.0.6.21094 allows a DLL side-loading at ...)
-	TODO: check
+	NOT-FOR-US: Avira Software Updater
 CVE-2019-17448
 	RESERVED
 CVE-2019-17447
@@ -106,23 +106,23 @@ CVE-2019-17436
 CVE-2019-17435
 	RESERVED
 CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that is mishan ...)
-	TODO: check
+	NOT-FOR-US: LavaLite
 CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles s ...)
-	TODO: check
+	NOT-FOR-US: z-song laravel-admin
 CVE-2019-17432 (An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a p ...)
-	TODO: check
+	NOT-FOR-US: fastadmin
 CVE-2019-17431 (An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a p ...)
-	TODO: check
+	NOT-FOR-US: fastadmin
 CVE-2019-17430 (EyouCms through 2019-07-11 has XSS related to the login.php web_record ...)
-	TODO: check
+	NOT-FOR-US: EyouCms
 CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id ...)
-	TODO: check
+	NOT-FOR-US: Adhouma CMS
 CVE-2015-9480 (The RobotCPA plugin 5 for WordPress has directory traversal via the f. ...)
 	NOT-FOR-US: RobotCPA plugin for WordPress
 CVE-2015-9479 (The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has a ...)
-	TODO: check
+	NOT-FOR-US: ACF-Frontend-Display plugin for WordPress
 CVE-2015-9478 (prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. ...)
-	TODO: check
+	NOT-FOR-US: prettyPhoto
 CVE-2015-9477 (The Vernissage theme 1.2.8 for WordPress has insufficient restrictions ...)
 	NOT-FOR-US: Vernissage theme for WordPress
 CVE-2015-9476 (The Teardrop theme 1.8.1 for WordPress has insufficient restrictions o ...)
@@ -132,7 +132,7 @@ CVE-2015-9475 (The Pont theme 1.5 for WordPress has insufficient restrictions on
 CVE-2015-9474 (The Simpolio theme 1.3.2 for WordPress has insufficient restrictions o ...)
 	NOT-FOR-US: Simpolio theme for WordPress
 CVE-2015-9473 (The estrutura-basica theme through 2015-09-13 for WordPress has direct ...)
-	TODO: check
+	NOT-FOR-US: estrutura-basica theme for WordPress
 CVE-2015-9472 (The incoming-links plugin before 0.9.10b for WordPress has referrers.p ...)
 	NOT-FOR-US: incoming-links plugin for WordPress
 CVE-2015-9471 (The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.p ...)
@@ -375,7 +375,7 @@ CVE-2019-17322
 CVE-2019-17321
 	RESERVED
 CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a buffer ove ...)
-	TODO: check
+	NOT-FOR-US: NetSarang XFTP Client
 CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
 	NOT-FOR-US: SugarCRM
 CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
@@ -5886,7 +5886,7 @@ CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin
 CVE-2019-15227 (FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and User ...)
 	NOT-FOR-US: FlightPath
 CVE-2019-15226 (Upon receiving each incoming request header data, Envoy will iterate o ...)
-	TODO: check
+	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match incoming ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-15224 (The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on  ...)
@@ -7397,7 +7397,7 @@ CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.28, in the
 	NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
 	NOTE: which changed the access to file permissions.
 CVE-2019-14810 (A vulnerability has been found in the implementation of the Label Dist ...)
-	TODO: check
+	NOT-FOR-US: EOS
 CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...)
 	{DSA-4503-1}
 	- golang-1.13 1.13~beta1-3 (bug #934954)
@@ -13562,7 +13562,7 @@ CVE-2019-13053 (Logitech Unifying devices allow keystroke injection, bypassing e
 CVE-2019-13052 (Logitech Unifying devices allow live decryption if the pairing of a ke ...)
 	NOT-FOR-US: Logitech
 CVE-2019-13051 (Pi-Hole 4.3 allows Command Injection. ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole
 CVE-2019-13050 (Interaction between the sks-keyserver code through 1.2.0 of the SKS ke ...)
 	NOT-FOR-US: Conceptual weakness in PGP keyserver design
 CVE-2019-13049 (An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows user ...)
@@ -17720,7 +17720,7 @@ CVE-2019-11528
 CVE-2019-11527
 	RESERVED
 CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A maintenance sc ...)
-	TODO: check
+	NOT-FOR-US: Softing uaGate
 CVE-2019-11525
 	RESERVED
 CVE-2019-11524



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac5a9f2eeedbf262c067f6e7be203490f03ae221

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac5a9f2eeedbf262c067f6e7be203490f03ae221
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/796a5789/attachment.html>

More information about the debian-security-tracker-commits mailing list