[Git][security-tracker-team/security-tracker][master] new mediawiki issue

Fri Sep 27 10:23:36 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41f8d53e by Moritz Muehlenhoff at 2019-09-27T09:23:16Z
new mediawiki issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -468,7 +468,8 @@ CVE-2019-16740
 CVE-2019-16739
 	RESERVED
 CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information discl ...)
-	TODO: check
+	- mediawiki <unfixed>
+	NOTE: https://phabricator.wikimedia.org/T230402
 CVE-2019-16737
 	RESERVED
 CVE-2019-16736
@@ -2748,7 +2749,7 @@ CVE-2019-15894
 CVE-2019-15893
 	RESERVED
 CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
-	TODO: check
+	NOT-FOR-US: CKFinder
 CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...)
 	{DLA-1927-1}
 	- slirp4netns 0.4.1-1 (bug #939868)
@@ -2828,7 +2829,7 @@ CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af
 CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper checks o ...)
-	TODO: check
+	NOT-FOR-US: CKFinder
 CVE-2019-15861
 	RESERVED
 CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...)
@@ -13373,7 +13374,7 @@ CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can view
 CVE-2019-12563
 	RESERVED
 CVE-2019-12562 (Cross-site scripting (XSS) is possible in DNN (formerly DotNetNuke) be ...)
-	TODO: check
+	NOT-FOR-US: DNN
 CVE-2019-12561
 	RESERVED
 CVE-2019-12560
@@ -16949,9 +16950,9 @@ CVE-2019-11281
 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
 	NOT-FOR-US: Pivotal
 CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be directly q ...)
-	TODO: check
+	NOT-FOR-US: Cloud Foundry
 CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/41f8d53e38f4b26bdd909eff4a6f8f704475f753

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/41f8d53e38f4b26bdd909eff4a6f8f704475f753
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190927/b87144f3/attachment.html>
