[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 3 14:08:27 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c8feffd by Salvatore Bonaccorso at 2020-03-03T15:07:53+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18212,9 +18212,9 @@ CVE-2019-19610
 CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
 	NOT-FOR-US: Strapi
 CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing component of  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2019-19607 (A SQL injection vulnerability in the web conferencing component of Mit ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2019-19606
 	RESERVED
 CVE-2019-19605
@@ -20346,9 +20346,9 @@ CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0
 CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...)
 	NOT-FOR-US: rConfig
 CVE-2019-19371 (A cross-site scripting (XSS) vulnerability in the web conferencing com ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2019-19370 (A cross-site scripting (XSS) vulnerability in the web conferencing com ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2019-19369
 	RESERVED
 CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login page of R ...)
@@ -21980,7 +21980,7 @@ CVE-2019-18865
 CVE-2019-18864
 	RESERVED
 CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
 	- mailutils <unfixed> (unimportant; bug #944265)
 	NOTE: /usr/sbin/maidat not installed suid root on Debian
@@ -70508,7 +70508,7 @@ CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStor
 CVE-2018-20344
 	RESERVED
 CVE-2018-20343 (Multiple buffer overflow vulnerabilities have been found in Ken Silver ...)
-	TODO: check
+	NOT-FOR-US: Ken Silverman Build Engine
 CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
 	NOT-FOR-US: Floureon IP Camera SP012
 CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted ...)
@@ -76327,7 +76327,7 @@ CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.
 CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= X ...)
 	- dolibarr <removed>
 CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uplo ...)
-	TODO: check
+	NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM)
 CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...)
 	- libsass <unfixed>
 	[buster] - libsass <no-dsa> (Minor issue)
@@ -78998,7 +78998,7 @@ CVE-2018-19601 (Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&amp
 CVE-2018-19600 (Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=di ...)
 	NOT-FOR-US: Rhymix CMS
 CVE-2018-19599 (Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/i ...)
-	TODO: check
+	NOT-FOR-US: Monstra CMS
 CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the /users U ...)
 	NOT-FOR-US: Statamic
 CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a relat ...)
@@ -88729,9 +88729,9 @@ CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, per
 CVE-2018-16358 (A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.p ...)
 	- dotclear <removed>
 CVE-2018-16357 (An issue was discovered in PbootCMS. There is a SQL injection via the  ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2018-16356 (An issue was discovered in PbootCMS. There is a SQL injection via the  ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2018-16355
 	RESERVED
 CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL in ...)
@@ -117562,7 +117562,7 @@ CVE-2018-5953 (The swiotlb_print_info function in lib/swiotlb.c in the Linux ker
 CVE-2018-5952
 	RESERVED
 CVE-2018-5951 (An issue was discovered in Mikrotik RouterOS. Crafting a packet that h ...)
-	TODO: check
+	NOT-FOR-US: Mikrotik RouterOS
 CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change setti ...)
 	NOT-FOR-US: JBMC DirectAdmin
 CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman befo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8feffd88a20c1957a4c05227e71f90d7749559

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8feffd88a20c1957a4c05227e71f90d7749559
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200303/ca1c139c/attachment.html>

More information about the debian-security-tracker-commits mailing list