[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c7c2bea by Moritz Muehlenhoff at 2019-10-23T10:47:14Z
NFUs
take firefox

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2595,23 +2595,23 @@ CVE-2015-9503
 CVE-2015-9502
 	RESERVED
 CVE-2015-9501 (The Artificial Intelligence theme before 1.2.4 for WordPress has XSS b ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9500 (The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9499 (The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execut ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9498 (The wps-hide-login plugin before 1.1 for WordPress has CSRF that affec ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9497 (The ad-inserter plugin before 1.5.3 for WordPress has CSRF with result ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9496 (The freshmail-newsletter plugin before 1.6 for WordPress has shortcode ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9495 (The syndication-links plugin before 1.0.3 for WordPress has XSS via th ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9494 (The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS vi ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2015-9493 (The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS is ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a ...)
 	- imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
@@ -3996,11 +3996,11 @@ CVE-2019-16975
 CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-16973 (In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16972 (In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php  ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16971 (In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php us ...)
-	TODO: check
+	NOT-FOR-US: FusionPBX
 CVE-2019-16970 (In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses  ...)
 	NOT-FOR-US: FusionPBX
 CVE-2019-16969 (In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php  ...)
@@ -30953,7 +30953,7 @@ CVE-2019-8091
 CVE-2019-8090
 	RESERVED
 CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-8088
 	RESERVED
 CVE-2019-8087


=====================================
data/dsa-needed.txt
=====================================
@@ -21,7 +21,7 @@ curl (ghedo)
 --
 evince/oldstable
 --
-firefox-esr
+firefox-esr (jmm)
 --
 freeimage (hle)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c7c2bea1026d18e526cc5586da5307181969d32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c7c2bea1026d18e526cc5586da5307181969d32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191023/c123ee3a/attachment-0001.html>