[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Feb 5 11:12:05 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2a7f6f3 by Moritz Muehlenhoff at 2020-02-05T12:11:34+01:00
NFUs
add explicit status for older libidn2-0 src pkg name

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22359,6 +22359,7 @@ CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controlle
 CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
 	{DSA-4613-1}
 	- libidn2 2.2.0-1 (bug #942895)
+	- libidn2-0 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
 	NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
 CVE-2019-18223
@@ -225507,7 +225508,7 @@ CVE-2015-4088
 CVE-2015-4087
 	RESERVED
 CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in  ...)
-	TODO: check
+	NOT-FOR-US: feed-proxy.php
 CVE-2015-4086
 	RESERVED
 CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1. ...)
@@ -268718,15 +268719,15 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri
 CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...)
-	TODO: check
+	NOT-FOR-US: Evernote
 CVE-2013-5115
 	RESERVED
 CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...)
-	TODO: check
+	NOT-FOR-US: LastPass
 CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...)
-	TODO: check
+	NOT-FOR-US: LastPass
 CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...)
-	TODO: check
+	NOT-FOR-US: Evernote
 CVE-2013-5111
 	RESERVED
 CVE-2013-5110
@@ -275085,11 +275086,11 @@ CVE-2013-2680
 CVE-2013-2679
 	RESERVED
 CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2677
 	RESERVED
 CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
-	TODO: check
+	NOT-FOR-US: Brother
 CVE-2013-2675
 	RESERVED
 CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
@@ -275188,7 +275189,7 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.14
 	- libv8-3.14 <removed> (unimportant; bug #773671)
 	NOTE: libv8 not covered by security support
 CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...)
-	TODO: check
+	NOT-FOR-US: TinyWebGallery
 CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...)
 	NOT-FOR-US: CA Service Desk Manager
 CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...)
@@ -275205,7 +275206,7 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1
 	NOTE: DSA-2733-1
 	NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
 CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...)
-	TODO: check
+	NOT-FOR-US: Telean
 CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...)
 	NOT-FOR-US: Uebimiau Webmail
 CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...)
@@ -275316,7 +275317,7 @@ CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to t
 CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...)
 	NOT-FOR-US: TP-Link
 CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...)
-	TODO: check
+	NOT-FOR-US: Xpient point of sale (POS)
 CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
 	NOT-FOR-US: Zavio
 CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...)
@@ -275669,7 +275670,7 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote a
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274
 	NOTE: Versions affected: 1.8.0 to 1.8.5
 CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...)
-	TODO: check
+	NOT-FOR-US: AWS XMS
 CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
 	{DSA-2727-1 DSA-2722-1}
 	- openjdk-6 6b27-1.12.6-1
@@ -279233,7 +279234,7 @@ CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php,
 	{DSA-2633-1}
 	- fusionforge 5.2.1+20130227-1
 CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar  ...)
 	- webcalendar <removed>
 CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...)
@@ -282501,7 +282502,7 @@ CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SS
 	- sssd <not-affected> (Introduced in 1.9.0)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress theme
 CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before  ...)
 	NOT-FOR-US: nori Ruby gem
 CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...)
@@ -283119,7 +283120,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
 	NOTE: http://secunia.com/advisories/49889/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
-	TODO: check
+	NOT-FOR-US: Soapbox
 CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
 	NOT-FOR-US: Android browser
 CVE-2012-6300
@@ -284728,7 +284729,7 @@ CVE-2012-5778
 CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...)
 	NOT-FOR-US: EmpireCMS
 CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in  ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
 CVE-2012-5775
 	REJECTED
 CVE-2012-5774
@@ -284914,7 +284915,7 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DN
 CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature  ...)
 	NOT-FOR-US: TP-LINK TL-WR841N router
 CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...)
-	TODO: check
+	NOT-FOR-US: ZPanel
 CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...)
 	NOT-FOR-US: ZPanel
 CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier  ...)
@@ -296024,9 +296025,9 @@ CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x befor
 	{DSA-2423-1}
 	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers  ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
 	RESERVED
 	{DSA-2424-1}
@@ -297318,7 +297319,7 @@ CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access
 	- nvidia-graphics-drivers 295.40-1
 	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
 CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...)
-	TODO: check
+	NOT-FOR-US: whoopsie-daisy
 CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does  ...)
 	- aptdaemon 0.43+bzr790-1
 	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a7f6f364f42b1e285832b142fb1973a9e1de3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a2a7f6f364f42b1e285832b142fb1973a9e1de3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/17647269/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list