[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27decf9b by Moritz Muehlenhoff at 2019-10-13T13:38:04Z
NFUs
new libpng issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2019-17533 (Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856
 	NOTE: https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a
 CVE-2019-17532 (An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OW ...)
-	TODO: check
+	NOT-FOR-US: Belkin
 CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
 	- jackson-databind <unfixed>
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2498
@@ -15,11 +15,11 @@ CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by
 	NOTE: but still an issue when Default Typing is enabled.
 CVE-2019-17530 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-17529 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the func ...)
-	TODO: check
+	NOT-FOR-US: Bento4
 CVE-2019-17527
 	RESERVED
 CVE-2019-17526
@@ -31,9 +31,9 @@ CVE-2019-17524
 CVE-2019-17523
 	RESERVED
 CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the ...)
-	TODO: check
+	NOT-FOR-US: Hotaru CMS
 CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Landing-CMS
 CVE-2019-17520
 	RESERVED
 CVE-2019-17519
@@ -444,7 +444,10 @@ CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical
 CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...)
 	NOT-FOR-US: NETGEAR
 CVE-2019-17371 (libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...)
-	TODO: check
+	- libpng1.6 <unfixed> (low)
+	[buster] - libpng1.6 <no-dsa> (Minor issue)
+	[stretch] - libpng1.6 <no-dsa> (Minor issue)
+	- libpng <removed>
 CVE-2019-17370 (OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheck ...)
 	NOT-FOR-US: OTCMS
 CVE-2019-17369 (OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, le ...)
@@ -30111,6 +30114,7 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-a
 	- firefox 67.0-2
 	- firefox-esr 60.7.0esr-1
 	- thunderbird 1:60.7.0-1
+	- libpng <removed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
 	NOTE: https://github.com/glennrp/libpng/issues/275
 	NOTE: https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27decf9b8bd9f4bbfc1a1a4cc75e98a42053e71f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/27decf9b8bd9f4bbfc1a1a4cc75e98a42053e71f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191013/3e2cc93b/attachment.html>