[Git][security-tracker-team/security-tracker][master] 4 commits: Update to unaliased entry for reference

Salvatore Bonaccorso carnil at debian.org
Thu Jan 16 23:31:50 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b30ec5e by Salvatore Bonaccorso at 2020-01-16T23:53:59+01:00
Update to unaliased entry for reference

- - - - -
9b52d2a9 by Salvatore Bonaccorso at 2020-01-16T23:55:35+01:00
Update status for CVE-2019-20166

With respect to to the experimental version the same reasoning applies
as in 44c7d5b783c2 ("Reference correct commit for CVE-2019-20168"). The
next update will include the fix either first via experimental or
directly to unstable and in either case should not introduce the issue
first into unstable.

- - - - -
321076d9 by Salvatore Bonaccorso at 2020-01-17T00:22:09+01:00
Update information for CVE-2019-20167

- - - - -
c7af6233 by Salvatore Bonaccorso at 2020-01-17T00:31:04+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4763,17 +4763,11 @@ CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 	NOTE: https://github.com/gpac/gpac/issues/1333
 	NOTE: https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb
 CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
-	- gpac <unfixed>
-	[buster] - gpac <not-affected> (vulnerable code introduced in development version after v0.8)
-	[stretch] - gpac <not-affected> (vulnerable code introduced in development version after v0.8)
-	[jessie] - gpac <not-affected> (vulnerable code introduced in development version after v0.8)
+	- gpac <not-affected> (Vulnerable code introduced in development version after v0.8.0)
 	NOTE: https://github.com/gpac/gpac/issues/1330
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #3)
 CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
-	- gpac <unfixed>
-	[buster] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
-	[stretch] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
-	[jessie] - gpac <not-affected> (vulnerable code introduced in 0.7.0)
+	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
 	NOTE: https://github.com/gpac/gpac/issues/1331
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
 CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -21452,7 +21446,7 @@ CVE-2019-17570 [untrusted deserialization]
 	RESERVED
 	- libxmlrpc3-java <unfixed> (bug #949089)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1
-	NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570
+	NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193
 CVE-2019-17569
 	RESERVED
 CVE-2019-17568
@@ -32719,7 +32713,7 @@ CVE-2019-13941
 CVE-2019-13940
 	RESERVED
 CVE-2019-13939 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
-	TODO: check
+	NOT-FOR-US: Nucleus
 CVE-2019-13938
 	RESERVED
 CVE-2019-13937
@@ -32731,7 +32725,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Siemens
 CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
 	NOT-FOR-US: Siemens
 CVE-2019-13931 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...)
@@ -34732,7 +34726,7 @@ CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.
 CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrat ...)
 	NOT-FOR-US: IP-AK2 Access Control Panel
 CVE-2019-13524 (GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/ ...)
-	TODO: check
+	NOT-FOR-US: GE/Emerson
 CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
 	NOT-FOR-US: Honeywell
 CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the  ...)
@@ -41988,7 +41982,7 @@ CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versi
 CVE-2019-10941
 	RESERVED
 CVE-2019-10940 (A vulnerability has been identified in SINEMA Server (All versions &lt ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10939
 	RESERVED
 CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with CPU var ...)
@@ -42000,7 +41994,7 @@ CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Ki
 CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions),  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10932
@@ -47120,7 +47114,7 @@ CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are vuln
 	NOTE: Patches: https://w1.fi/security/2019-1/
 	NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1
 CVE-2019-9493 (The MyCar Controls of AutoMobility Distribution Inc., mobile applicati ...)
-	TODO: check
+	NOT-FOR-US: MyCar Controls
 CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-9491 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below  ...)
@@ -215171,7 +215165,7 @@ CVE-2015-6594
 CVE-2015-6592 (Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require auth ...)
 	NOT-FOR-US: Huawei
 CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia/load ...)
-	TODO: check
+	NOT-FOR-US: Free Reprintables ArticleFR
 CVE-2015-6590
 	RESERVED
 CVE-2015-6589
@@ -215440,7 +215434,7 @@ CVE-2015-6499
 CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 a ...)
 	NOT-FOR-US: Alcatel-Lucent Home Device Manager
 CVE-2015-6497 (The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2 ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...)
 	NOT-FOR-US: Cloudera
 CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango  ...)
@@ -243027,7 +243021,7 @@ CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 1
 CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X ...)
 	NOT-FOR-US: Juniper Junos OS
 CVE-2014-6448 (Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before ...)
-	TODO: check
+	NOT-FOR-US: Juniper
 CVE-2014-6447
 	RESERVED
 CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPre ...)
@@ -293020,7 +293014,7 @@ CVE-2012-1328 (Cisco Unified IP Phones 9900 series devices with firmware 9.1 and
 CVE-2012-1327 (dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 al ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2012-1326 (Cisco IronPort Web Security Appliance up to and including 7.5 does not ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-1325
 	RESERVED
 CVE-2012-1324 (Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2,  ...)
@@ -293040,7 +293034,7 @@ CVE-2012-1318
 CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows remo ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2012-1316 (Cisco IronPort Web Security Appliance does not check for certificate r ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall i ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote atta ...)
@@ -295595,7 +295589,7 @@ CVE-2012-0336
 CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
 	NOT-FOR-US: Cisco
 CVE-2012-0334 (Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 ha ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and  ...)
 	NOT-FOR-US: Cisco
 CVE-2012-0332
@@ -296517,7 +296511,7 @@ CVE-2005-4893
 CVE-2005-4892
 	RESERVED
 CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...)
-	TODO: check
+	NOT-FOR-US: Simple Machine Forum (SMF)
 CVE-2011-4856 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sen ...)
 	NOT-FOR-US: Plesk
 CVE-2011-4855 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omi ...)
@@ -315832,7 +315826,7 @@ CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to
 CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of s ...)
 	NOT-FOR-US: Cisco
 CVE-2010-3048 (Cisco Unified Personal Communicator 7.0 (1.13056) does not free alloca ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2010-3047
 	RESERVED
 CVE-2010-3046



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/44c7d5b783c2c915121cf583f32e4b59cc5dc77a...c7af6233c54799f6fcdc29d702a4161bf83c65b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/44c7d5b783c2c915121cf583f32e4b59cc5dc77a...c7af6233c54799f6fcdc29d702a4161bf83c65b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200116/e397c011/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list