Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4df869ab by Moritz Muehlenhoff at 2018-11-14T17:07:52Z
NFUs
nasm non-issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -249,11 +249,11 @@ CVE-2018-19248
CVE-2018-19247
RESERVED
CVE-2018-19246 (PHP-Proxy 5.1.0 allows remote attackers to read local files if
the ...)
- TODO: check
+ NOT-FOR-US: PHP-Proxy
CVE-2018-19245
RESERVED
CVE-2018-19244 (An XML External Entity (XXE) vulnerability exists in the
Charles 4.2.7 ...)
- TODO: check
+ NOT-FOR-US: Charles
CVE-2018-19243
RESERVED
CVE-2018-19242
@@ -317,22 +317,19 @@ CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02
has a use-after-free in
NOTE:
https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
TODO: Something is not correct about this CVE, the upstream bug is
3392425, but commit references 3392525, and the former is really fixed in
2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03.
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer
over-read in ...)
- - nasm <unfixed>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
NOTE:
https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
- TODO: check
+ NOTE: No security impact, crash in CLI tool
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer
over-read in ...)
- - nasm <unfixed>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392521
NOTE:
https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
- TODO: check
+ NOTE: No security impact, crash in CLI tool
CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks
that may ...)
- - nasm <unfixed>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392524
- TODO: check
+ NOTE: No security impact, crash in CLI tool
CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
TODO: check
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at
function ...)
@@ -4254,7 +4251,7 @@ CVE-2018-17616 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2018-17615 (This vulnerability allows remote attackers to execute
arbitrary code ...)
NOT-FOR-US: Foxit Reader
CVE-2018-17614 (This vulnerability allows remote attackers to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Losant Arduino MQTT Client
CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use
proxy" is ...)
- telegram-desktop <unfixed>
NOTE:
https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html
@@ -8824,7 +8821,7 @@ CVE-2018-15797
CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0,
uses an ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses
a ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2018-15794
RESERVED
CVE-2018-15793
@@ -17342,7 +17339,7 @@ CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as
used in Apache Tika and
CVE-2018-12417
RESERVED
CVE-2018-12416 (The GridServer Broker and GridServer Director components of
TIBCO ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO
Software ...)
NOT-FOR-US: TIBCO
CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure
Routing Daemon ...)
@@ -27550,25 +27547,25 @@ CVE-2018-8611
CVE-2018-8610
RESERVED
CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft
Dynamics 365 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8608 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8607 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8606 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft
Dynamics ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8604
RESERVED
CVE-2018-8603
RESERVED
CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team
Foundation ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8601
RESERVED
CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure
App ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8599
RESERVED
CVE-2018-8598
@@ -27584,15 +27581,15 @@ CVE-2018-8594
CVE-2018-8593
RESERVED
CVE-2018-8592 (An elevation of privilege vulnerability exists in Windows 10
version ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8591
RESERVED
CVE-2018-8590
RESERVED
CVE-2018-8589 (An elevation of privilege vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8588 (A remote code execution vulnerability exists in the way that
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8587
RESERVED
CVE-2018-8586
@@ -27600,59 +27597,59 @@ CVE-2018-8586
CVE-2018-8585
RESERVED
CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8583
RESERVED
CVE-2018-8582 (A remote code execution vulnerability exists in the way that
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft
Exchange ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8580
RESERVED
CVE-2018-8579 (An information disclosure vulnerability exists when attaching
files to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8577 (A remote code execution vulnerability exists in Microsoft Excel
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8576 (A remote code execution vulnerability exists in Microsoft
Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8575 (A remote code execution vulnerability exists in Microsoft
Project ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8574 (A remote code execution vulnerability exists in Microsoft Excel
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8573 (A remote code execution vulnerability exists in Microsoft Word
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8572 (An elevation of privilege vulnerability exists when Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8571
RESERVED
CVE-2018-8570 (A remote code execution vulnerability exists when Internet
Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8569 (A remote code execution vulnerability exists in the Yammer
desktop ...)
NOT-FOR-US: Yammer
CVE-2018-8568 (An elevation of privilege vulnerability exists when Microsoft
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8567 (An elevation of privilege vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8566 (A security feature bypass vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8565 (An information disclosure vulnerability exists when the win32k
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8564 (A spoofing vulnerability exists when Microsoft Edge improperly
handles ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8563 (An information disclosure vulnerability exists when DirectX
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8562 (An elevation of privilege vulnerability exists in Windows when
the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8561 (An elevation of privilege vulnerability exists when DirectX
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8560
RESERVED
CVE-2018-8559
RESERVED
CVE-2018-8558 (An information disclosure vulnerability exists when Microsoft
Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2018-8557 (A remote code execution vulnerability exists in the way that
the ...)
TODO: check
CVE-2018-8556 (A remote code execution vulnerability exists in the way that
the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4df869ab639cc114991559bd5ef513345fd12d89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4df869ab639cc114991559bd5ef513345fd12d89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
