[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Mar 24 16:39:15 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ea935bd by Moritz Muehlenhoff at 2020-03-24T17:38:53+01:00
NFUs
"new" bitcoin issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67982,15 +67982,15 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing
 CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2019-5186 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5185 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5184 (An exploitable double free vulnerability exists in the iocheckd servic ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...)
 	NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5182 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5181 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
 	NOT-FOR-US: WAGO
 CVE-2019-5180 (An exploitable stack buffer overflow vulnerability vulnerability exist ...)
@@ -68042,19 +68042,19 @@ CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPR
 CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...)
 	NOT-FOR-US: Moxa
 CVE-2019-5161 (An exploitable remote code execution vulnerability exists in the Cloud ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5160 (An exploitable improper host validation vulnerability exists in the Cl ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5159 (An exploitable improper input validation vulnerability exists in the f ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5158 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5157 (An exploitable command injection vulnerability exists in the Cloud Con ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5156 (An exploitable command injection vulnerability exists in the cloud con ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5155 (An exploitable command injection vulnerability exists in the cloud con ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
 	NOT-FOR-US: LEADTOOLS
 CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...)
@@ -68071,7 +68071,7 @@ CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.
 CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...)
 	NOT-FOR-US: YouPHPTube
 CVE-2019-5149 (The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent  ...)
 	NOT-FOR-US: Moxa
 CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
@@ -68099,9 +68099,9 @@ CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgen
 CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...)
 	NOT-FOR-US: Moxa
 CVE-2019-5135 (An exploitable timing discrepancy vulnerability exists in the authenti ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5134 (An exploitable regular expression without anchors vulnerability exists ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: ImageGear
 CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -68158,9 +68158,9 @@ CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linu
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
 	NOTE: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
 CVE-2019-5107 (A cleartext transmission vulnerability exists in the network communica ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentication ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2019-5105
 	RESERVED
 CVE-2019-5104
@@ -71265,9 +71265,9 @@ CVE-2019-3772 (Spring Integration (spring-integration-xml and spring-integration
 CVE-2019-3771
 	RESERVED
 CVE-2019-3770 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-3769 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an XML Ent ...)
 	NOT-FOR-US: RSA Authentication Manager
 CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)
@@ -71281,7 +71281,7 @@ CVE-2019-3764 (Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions pri
 CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
 	NOT-FOR-US: RSA
 CVE-2019-3762 (Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 cont ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
 	NOT-FOR-US: RSA
 CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
@@ -71450,7 +71450,7 @@ CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5e
 CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before  ...)
 	TODO: check
 CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
-	TODO: check
+	NOT-FOR-US: SuSE
 CVE-2019-3681
 	RESERVED
 CVE-2019-3680
@@ -71729,7 +71729,7 @@ CVE-2019-3555
 CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...)
 	NOT-FOR-US: Facebook Wangle
 CVE-2019-3553 (C++ Facebook Thrift servers would not error upon receiving messages de ...)
-	TODO: check
+	NOT-FOR-US: Thrift servers
 CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...)
 	NOT-FOR-US: Thrift servers
 CVE-2019-3551
@@ -72233,7 +72233,7 @@ CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 thro
 	- bitcoin <unfixed>
 	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
 CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...)
-	TODO: check
+	- bitcoin 0.17.1~dfsg-1
 CVE-2018-20585
 	RESERVED
 CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of service (ap ...)
@@ -73034,11 +73034,11 @@ CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote fu
 CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
 	NOT-FOR-US: ASUSWRT
 CVE-2018-20335 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: ASUSWRT
 CVE-2018-20334 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing  ...)
-	TODO: check
+	NOT-FOR-US: ASUSWRT
 CVE-2018-20333 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: ASUSWRT
 CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
 	NOT-FOR-US: OpenWebif plugin
 CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ...)
@@ -73317,7 +73317,7 @@ CVE-2019-3406
 CVE-2019-3405
 	RESERVED
 CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...)
-	TODO: check
+	NOT-FOR-US: ofrouter
 CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea935bd1ae05139a6612c4a29761c23768deac7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea935bd1ae05139a6612c4a29761c23768deac7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200324/8939a4d5/attachment.html>

More information about the debian-security-tracker-commits mailing list