[Git][security-tracker-team/security-tracker][master] 3 commits: Remove doubled note

Salvatore Bonaccorso carnil at debian.org
Thu Feb 27 22:12:33 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f87193fe by Salvatore Bonaccorso at 2020-02-27T23:06:05+01:00
Remove doubled note

- - - - -
7b9943e8 by Salvatore Bonaccorso at 2020-02-27T23:06:53+01:00
Remove no-dsa tagged entry which got an update

- - - - -
d911927a by Salvatore Bonaccorso at 2020-02-27T23:12:06+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -217,8 +217,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Set
 CVE-2020-6802 [mutation XSS vulnerability]
 	RESERVED
 	- python-bleach 3.1.1-1 (bug #951907)
-	[jessie] - python-bleach <ignored> (Fix too invasive in jessie)
-	NOTE: Jessie version uses an external html5 parser making a fix invasive.
+	[jessie] - python-bleach <ignored> (Fix too invasive in jessie; uses external html5 parser)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public)
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
 	NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
@@ -63919,13 +63918,13 @@ CVE-2019-5328
 CVE-2019-5327
 	RESERVED
 CVE-2019-5326 (An administrative application user of or application user with write a ...)
-	TODO: check
+	NOT-FOR-US: Aruba Airwave VisualRF
 CVE-2019-5325
 	RESERVED
 CVE-2019-5324
 	RESERVED
 CVE-2019-5323 (There are command injection vulnerabilities present in the AirWave app ...)
-	TODO: check
+	NOT-FOR-US: Aruba Airwave
 CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
 	NOT-FOR-US: Edge Switch models
 CVE-2019-5321
@@ -133871,7 +133870,7 @@ CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a lo
 CVE-2017-16901
 	RESERVED
 CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the ...)
-	TODO: check
+	NOT-FOR-US: Hunesion i-oneNet
 CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows remo ...)
 	- fig2dev 1:3.2.6a-5 (bug #881143)
 	[stretch] - fig2dev 1:3.2.6a-2+deb9u1
@@ -199601,7 +199600,6 @@ CVE-2016-5104 (The socket_create function in common/socket.c in libimobiledevice
 	[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
 	- libusbmuxd 1.0.10-3 (bug #825554)
-	[jessie] - libusbmuxd <no-dsa> (Minor issue)
 	NOTE: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
 CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
 	- roundcube 1.2.0+dfsg.1-1
@@ -258440,7 +258438,7 @@ CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektro
 CVE-2014-2728
 	RESERVED
 CVE-2014-2727 (The STARTTLS implementation in MailMarshal before 7.2 allows plaintext ...)
-	TODO: check
+	NOT-FOR-US: MailMarshal
 CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the Socoli ...)
 	NOT-FOR-US: PrestaShop
 CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail Progra ...)
@@ -259803,7 +259801,7 @@ CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php
 CVE-2014-2229
 	RESERVED
 CVE-2014-2228 (The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote a ...)
-	TODO: check
+	NOT-FOR-US: HP Fortify SCA
 CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Ne ...)
 	NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...)
@@ -275594,7 +275592,7 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.
 	- xen 4.4.1-3 (unimportant)
 	NOTE: Hardware design flaw, no software solution
 CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...)
-	TODO: check
+	NOT-FOR-US: UMPlayer
 CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
 	NOT-FOR-US: XnView
 CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
@@ -293809,7 +293807,7 @@ CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk
 CVE-2012-3352
 	RESERVED
 CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video  ...)
-	TODO: check
+	NOT-FOR-US: LongTail Video JW Player
 CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remo ...)
 	NOT-FOR-US: WebMatic
 	NOTE: http://seclists.org/bugtraq/2012/Jul/25
@@ -295557,7 +295555,7 @@ CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB Shoppin
 CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for Andr ...)
 	NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
 CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site scripting (X ...)
-	TODO: check
+	NOT-FOR-US: Axous
 CVE-2012-2628
 	RESERVED
 CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell So ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffd4520e4a576c03cd7636846aba4f64aa3a1829...d911927a7f57a8a7d3157c9655319a6ed5b204bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffd4520e4a576c03cd7636846aba4f64aa3a1829...d911927a7f57a8a7d3157c9655319a6ed5b204bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200227/f98267e6/attachment.html>

More information about the debian-security-tracker-commits mailing list