[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Sep 11 12:16:55 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce6efd01 by Moritz Muehlenhoff at 2019-09-11T11:16:42Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...)
-	TODO: check
+	NOT-FOR-US: Libra
 CVE-2019-16213
 	RESERVED
 CVE-2019-16212
@@ -139,7 +139,7 @@ CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference func
 	- cflow <unfixed> (bug #939915)
 	NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
 CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...)
-	TODO: check
+	NOT-FOR-US: MyHTML
 CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ...)
 	- libonig <unfixed> (low; bug #939988)
 	[buster] - libonig <no-dsa> (Minor issue)
@@ -186,7 +186,7 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca
 	NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
 	NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
 CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
-	TODO: check
+	NOT-FOR-US: Sakai
 CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
 	NOT-FOR-US: Liferay Portal
 CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...)
@@ -233,7 +233,7 @@ CVE-2019-16128
 CVE-2019-16127
 	RESERVED
 CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
 	NOT-FOR-US: Jobberbase
 CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has no acce ...)
@@ -378,9 +378,9 @@ CVE-2019-16061
 CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
 	- linux <unfixed>
 CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...)
-	TODO: check
+	NOT-FOR-US: Airbrake Ruby notifier
 CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker t ...)
-	TODO: check
+	NOT-FOR-US: Sentrifugo
 CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for O ...)
 	- pam-p11 <unfixed> (bug #939664)
 	NOTE: https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
@@ -2953,7 +2953,7 @@ CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.
 CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
 	NOT-FOR-US: Recruitment module in Humanica Humatrix
 CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to creat ...)
-	TODO: check
+	NOT-FOR-US: iF.SVNAdmin
 CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...)
 	NOT-FOR-US: REDCap
 CVE-2019-15126
@@ -10124,9 +10124,10 @@ CVE-2019-13022
 CVE-2019-13021
 	RESERVED
 CVE-2019-13020 (The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI ...)
-	TODO: check
+	NOT-FOR-US: Tightrope Media Carousel
 CVE-2019-13019
 	RESERVED
+	NOT-FOR-US: Microsoft .NET
 CVE-2019-13018
 	RESERVED
 CVE-2019-13017
@@ -10136,9 +10137,9 @@ CVE-2019-13016
 CVE-2019-13015
 	RESERVED
 CVE-2019-13014 (Little Snitch versions 4.4.0 fixes a vulnerability in a privileged hel ...)
-	TODO: check
+	NOT-FOR-US: Little Snitch
 CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalatio ...)
-	TODO: check
+	NOT-FOR-US: Little Snitch
 CVE-2019-13011 [Merge Request Template Name Disclosure]
 	RESERVED
 	[experimental] - gitlab 11.10.8+dfsg-1
@@ -10198,7 +10199,7 @@ CVE-2019-12998
 CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...)
 	NOT-FOR-US: Loopchain
 CVE-2019-12996 (In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Mendix
 CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
 	NOT-FOR-US: Istio
 CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
@@ -11129,9 +11130,9 @@ CVE-2019-12647
 CVE-2019-12646
 	RESERVED
 CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12643 (A vulnerability in the Cisco REST API virtual service container for Ci ...)
 	NOT-FOR-US: Cisco
 CVE-2019-12642
@@ -11255,11 +11256,11 @@ CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows re
 CVE-2019-12590
 	RESERVED
 CVE-2019-12588 (The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2. ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2019-12587 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2019-12586 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2019-12585 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...)
 	- apcupsd <not-affected> (Vulnerable code in pfSense-specific status page)
 CVE-2019-12584 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...)
@@ -24367,8 +24368,10 @@ CVE-2019-8071
 	RESERVED
 CVE-2019-8070
 	RESERVED
+	NOT-FOR-US: Adobe
 CVE-2019-8069
 	RESERVED
+	NOT-FOR-US: Adobe
 CVE-2019-8068
 	RESERVED
 CVE-2019-8067



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce6efd012373fba6a27357d36df2f9bdd3028819

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce6efd012373fba6a27357d36df2f9bdd3028819
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190911/1e412861/attachment.html>

More information about the debian-security-tracker-commits mailing list