[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Oct 14 09:18:19 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8b99f56 by Moritz Muehlenhoff at 2019-10-14T08:17:49Z
NFUs
new potential zabbix issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
 CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
 	TODO: check
 CVE-2019-17538 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for fil ...)
-	TODO: check
+	NOT-FOR-US: Jiangnan Online Judge
 CVE-2019-17537 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for fil ...)
-	TODO: check
+	NOT-FOR-US: Jiangnan Online Judge
 CVE-2019-17536 (Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Da ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2019-17535 (Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blo ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips befor ...)
 	- vips <unfixed> (bug #942254)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
@@ -101,9 +101,9 @@ CVE-2019-17504 (An issue was discovered in Kirona Dynamic Resource Scheduling (D
 CVE-2019-17503 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...)
 	NOT-FOR-US: Kirona Dynamic Resource Scheduling (DRS)
 CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon crash wh ...)
-	TODO: check
+	NOT-FOR-US: Hydra (different from src:hydra)
 CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS commands via t ...)
-	TODO: check
+	NOT-FOR-US: Centreon web UI (not packaged in Debian)
 CVE-2019-17500
 	RESERVED
 CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
@@ -157,7 +157,7 @@ CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash
 CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is  ...)
 	NOT-FOR-US: Craft CMS
 CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI b ...)
-	TODO: check
+	NOT-FOR-US: Swagger UI
 CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
 	NOT-FOR-US: laravel-bjyblog
 CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_ ...)
@@ -448,7 +448,7 @@ CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
 CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file permissio ...)
 	- ruby-netaddr <not-affected> (Upstream packaging issue)
 CVE-2019-17382 (An issue was discovered in zabbix.php?action=dashboard.view&dashbo ...)
-	TODO: check
+	- zabbix <undetermined>
 CVE-2019-17381
 	RESERVED
 CVE-2019-17380 (cPanel before 82.0.15 allows self XSS in the WHM Update Preferences in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8b99f562ebdfcea7f34dbcbc43277f645498c27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b8b99f562ebdfcea7f34dbcbc43277f645498c27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191014/f5785e4f/attachment.html>

More information about the debian-security-tracker-commits mailing list