[Git][security-tracker-team/security-tracker][master] NFUs

Fri Sep 20 13:02:14 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ccec2bd by Moritz Muehlenhoff at 2019-09-20T12:01:57Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2019-16533
 CVE-2019-16532
 	RESERVED
 CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...)
-	TODO: check
+	NOT-FOR-US: LayerBB
 CVE-2019-16530
 	RESERVED
 CVE-2019-16529
@@ -430,11 +430,11 @@ CVE-2019-16354 (The File Session Manager in Beego 1.10.0 allows local users to r
 CVE-2019-16353 (Emerson GE Automation Proficy Machine Edition 8.0 allows an access vio ...)
 	NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
 CVE-2019-16352 (ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_dec ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2019-16350 (ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() ...)
-	TODO: check
+	NOT-FOR-US: ffjpeg
 CVE-2019-16349 (Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::Rea ...)
 	NOT-FOR-US: Bento4
 CVE-2019-16348 (marc-q libwav through 2019-08-15 has a NULL pointer dereference in gai ...)
@@ -589,7 +589,7 @@ CVE-2019-16279
 CVE-2019-16278
 	RESERVED
 CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
-	TODO: check
+	NOT-FOR-US: PicoC
 CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script injection vi ...)
 	NOT-FOR-US: newspaper theme for WordPress
 CVE-2016-10973 (The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin ...)
@@ -888,9 +888,9 @@ CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_aj
 	- wordpress 5.2.3+dfsg1-1 (bug #939543)
 	NOTE: https://core.trac.wordpress.org/changeset/45936
 CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME types of upl ...)
-	TODO: check
+	- zulip-server <itp> (bug #800052)
 CVE-2019-16215 (The Markdown parser in Zulip server before 2.0.5 used a regular expres ...)
-	TODO: check
+	- zulip-server <itp> (bug #800052)
 CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...)
 	NOT-FOR-US: Libra
 CVE-2019-16213
@@ -922,7 +922,7 @@ CVE-2019-16201
 CVE-2019-16200
 	RESERVED
 CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 Homematic CCU2
 CVE-2019-16198
 	RESERVED
 CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-A ...)
@@ -1520,7 +1520,7 @@ CVE-2019-15952 (An issue was discovered in Total.js CMS 12.0.0. An authenticated
 CVE-2019-15951
 	RESERVED
 CVE-2019-15950 (The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard d ...)
-	TODO: check
+	NOT-FOR-US: Redmine plugin
 CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root. The ex ...)
 	NOT-FOR-US: Nagios XI
 CVE-2019-15948
@@ -1542,7 +1542,7 @@ CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1
 CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
 	NOT-FOR-US: Counter-Strike: Global Offensive
 CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allow ...)
-	TODO: check
+	NOT-FOR-US: Counter-Strike: Global Offensive
 CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
 	- ffmpeg <not-affected> (Only affects 4.2)
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
@@ -1838,7 +1838,7 @@ CVE-2019-15845
 CVE-2019-15844
 	RESERVED
 CVE-2019-15843 (A malicious file upload vulnerability was discovered in Xiaomi Millet  ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress  ...)
 	NOT-FOR-US: easy-pdf-restaurant-menu-upload plugin for WordPress
 CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CS ...)
@@ -3875,7 +3875,7 @@ CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login r
 	[jessie] - zabbix <postponed> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-16532
 CVE-2019-15131 (In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Code42
 CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
 	NOT-FOR-US: Recruitment module in Humanica Humatrix
 CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
@@ -4220,9 +4220,9 @@ CVE-2019-15035
 CVE-2019-15034
 	RESERVED
 CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...)
-	TODO: check
+	NOT-FOR-US: Pydio
 CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...)
-	TODO: check
+	NOT-FOR-US: Pydio
 CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ccec2bd5645788c4f921eb009720cc3cc274f8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ccec2bd5645788c4f921eb009720cc3cc274f8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190920/ff8e5cb3/attachment-0001.html>
