[Git][security-tracker-team/security-tracker][master] 3 commits: Reference upstream commit for CVE-2019-18192

Salvatore Bonaccorso carnil at debian.org
Sat Jan 23 10:41:12 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea1ea263 by Salvatore Bonaccorso at 2021-01-23T11:33:03+01:00
Reference upstream commit for CVE-2019-18192

- - - - -
3b003b9f by Salvatore Bonaccorso at 2021-01-23T11:33:48+01:00
Update status for CVE-2019-18192

- - - - -
bd6520f4 by Salvatore Bonaccorso at 2021-01-23T11:40:46+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11405,7 +11405,7 @@ CVE-2021-21262
 CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean  ...)
 	NOT-FOR-US: Online Invoicing System (OIS)
 CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...)
-	TODO: check
+	NOT-FOR-US: HedgeDoc
 CVE-2021-21258
 	RESERVED
 CVE-2021-21257
@@ -30382,7 +30382,7 @@ CVE-2020-25387
 CVE-2020-25386
 	RESERVED
 CVE-2020-25385 (Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Nagios Log Server
 CVE-2020-25384
 	RESERVED
 CVE-2020-25383
@@ -33797,7 +33797,7 @@ CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Regi
 CVE-2020-23827
 	RESERVED
 CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote co ...)
-	TODO: check
+	NOT-FOR-US: Yale WIPC-303W camera
 CVE-2020-23825
 	RESERVED
 CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forger ...)
@@ -34925,7 +34925,7 @@ CVE-2020-23264
 CVE-2020-23263
 	RESERVED
 CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a malicious user ...)
-	TODO: check
+	NOT-FOR-US: ming-soft MCMS
 CVE-2020-23261
 	RESERVED
 CVE-2020-23260
@@ -35125,11 +35125,11 @@ CVE-2020-23164
 CVE-2020-23163
 	RESERVED
 CVE-2020-23162 (Sensitive information disclosure and weak encryption in Pyrescom Termo ...)
-	TODO: check
+	NOT-FOR-US: Pyrescom Termod4 time management devices
 CVE-2020-23161 (Local file inclusion in Pyrescom Termod4 time management devices befor ...)
-	TODO: check
+	NOT-FOR-US: Pyrescom Termod4 time management devices
 CVE-2020-23160 (Remote code execution in Pyrescom Termod4 time management devices befo ...)
-	TODO: check
+	NOT-FOR-US: Pyrescom Termod4 time management devices
 CVE-2020-23159
 	RESERVED
 CVE-2020-23158
@@ -35421,7 +35421,7 @@ CVE-2020-23016
 CVE-2020-23015
 	RESERVED
 CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: APfell
 CVE-2020-23013
 	RESERVED
 CVE-2020-23012
@@ -59268,7 +59268,7 @@ CVE-2020-12527
 CVE-2020-12526
 	RESERVED
 CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x  ...)
-	TODO: check
+	NOT-FOR-US: M&M Software fdtCONTAINER Component
 CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
 	NOT-FOR-US: Phoenix Contact HMIs BTP
 CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get  ...)
@@ -59290,13 +59290,13 @@ CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family
 CVE-2020-12515
 	RESERVED
 CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
 CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
 CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
 CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
 CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...)
 	NOT-FOR-US: Beckhoff
 CVE-2020-12509
@@ -96425,8 +96425,9 @@ CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out o
 CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...)
 	NOT-FOR-US: Android
 CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...)
-	- guix 1.2.0-3
+	 - guix <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://issues.guix.gnu.org/issue/37744
+	NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c47ea343004e88223c7 (v1.1.0rc1)
 CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep Security  ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/238a7f0b321b3344ed251b513488d819f385976d...bd6520f4c90ec38c659d5f32a31c3c0cc7ac76d8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/238a7f0b321b3344ed251b513488d819f385976d...bd6520f4c90ec38c659d5f32a31c3c0cc7ac76d8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210123/00f3610d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list