[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7a5374f6 by Moritz Muehlenhoff at 2018-11-16T15:15:38Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25129,24 +25129,34 @@ CVE-2018-9579
        RESERVED
 CVE-2018-9578
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9577
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9576
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9575
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9574
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9573
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9572
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9571
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9570
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9569
        RESERVED
+       NOT-FOR-US: Android libxaac
 CVE-2018-9568
        RESERVED
 CVE-2018-9567
@@ -25214,31 +25224,31 @@ CVE-2018-9537 (In CAacDecoder_DecodeFrame of 
aacdecode.cpp, there is a possible
 CVE-2018-9536 (In numerous functions of libFDK, there are possible out of 
bounds ...)
        NOT-FOR-US: Android Media Framework
 CVE-2018-9535 (In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a 
possible ...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9534 (In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a 
...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9533 (In ixheaacd_dec_data_init of ixheaacd_create.c there is a 
possible out ...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9532 (In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there 
is a ...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9531 (In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a 
possible ...)
        NOT-FOR-US: Android Media Framework
 CVE-2018-9530 (In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a 
...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9529 (In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is 
a ...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9528 (In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s 
there is a ...)
-       TODO: check
+       NOT-FOR-US: Android libxaac
 CVE-2018-9527 (In vorbis_book_decodev_set of codebook.c there is a possible 
out of ...)
        NOT-FOR-US: Android Media Framework
 CVE-2018-9526 (In device configuration data, there is an improperly configured 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9525 (In the AndroidManifest.xml file defining the 
SliceBroadcastReceiver ...)
        NOT-FOR-US: Android
 CVE-2018-9524 (In functionality implemented in System UI, there are 
insufficient ...)
        NOT-FOR-US: Android
 CVE-2018-9523 (In Parcel.writeMapInternal of Parcel.java, there is a possible 
parcel ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9522 (In the serialization functions of StatsLogEventWrapper.java, 
there is ...)
        NOT-FOR-US: Android
 CVE-2018-9521 (In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a 
possible out ...)
@@ -25403,7 +25413,7 @@ CVE-2018-9459 (In Attachment of Attachment.java and 
getFilePath of ...)
 CVE-2018-9458 (In computeFocusedWindow of RootWindowContainer.java, and 
related ...)
        NOT-FOR-US: Android
 CVE-2018-9457 (In onCheckedChanged of BluetoothPairingController.java, there 
is a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2018-9456
        RESERVED
        NOT-FOR-US: Android
@@ -27892,7 +27902,7 @@ CVE-2018-8531 (A remote code execution vulnerability 
exists in the way that Azur
 CVE-2018-8530 (A security feature bypass vulnerability exists when Microsoft 
Edge ...)
        NOT-FOR-US: Microsoft
 CVE-2018-8529 (A remote code execution vulnerability exists when Team 
Foundation ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2018-8528
        RESERVED
 CVE-2018-8527 (An information disclosure vulnerability exists in Microsoft SQL 
Server ...)
@@ -37216,7 +37226,7 @@ CVE-2018-5497
 CVE-2018-5496
        RESERVED
 CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: NetApp
 CVE-2018-5494
        RESERVED
 CVE-2018-5493
@@ -42040,9 +42050,9 @@ CVE-2018-3700
 CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for 
Windows may ...)
        NOT-FOR-US: Intel RAID Web Console
 CVE-2018-3698 (Improper file permissions in the installer for the Intel Ready 
Mode ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-3697 (Improper directory permissions in the installer for the Intel 
Media ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-3696 (Authentication bypass in the Intel RAID Web Console 3 for 
Windows ...)
        NOT-FOR-US: Intel RAID Web Console
 CVE-2018-3695
@@ -42206,7 +42216,7 @@ CVE-2018-3637
 CVE-2018-3636
        RESERVED
 CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store 
...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online 
Connect ...)
        NOT-FOR-US: Intel
 CVE-2018-3633
@@ -42234,7 +42244,7 @@ CVE-2018-3623
 CVE-2018-3622
        RESERVED
 CVE-2018-3621 (Insufficient input validation in the Intel Driver & Support 
Assistant ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2018-3620 (Systems with microprocessors utilizing speculative execution 
and ...)
        {DSA-4279-1 DSA-4274-1 DLA-1529-1 DLA-1481-1}
        - linux 4.17.15-1
@@ -47665,7 +47675,7 @@ CVE-2018-1645
 CVE-2018-1644 (IBM WebSphere Commerce Enterprise, Professional, Express, and 
...)
        NOT-FOR-US: IBM
 CVE-2018-1643 (The Installation Verification Tool of IBM WebSphere Application 
Server ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2018-1642
        RESERVED
 CVE-2018-1641
@@ -51741,49 +51751,49 @@ CVE-2018-0703
 CVE-2018-0702
        RESERVED
 CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 
to ...)
-       TODO: check
+       NOT-FOR-US: BlueStacks App Player
 CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular 
request ...)
-       TODO: check
+       NOT-FOR-US: YukiWiki
 CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: YukiWiki
 CVE-2018-0698
        RESERVED
 CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 
and ...)
-       TODO: check
+       NOT-FOR-US: Metabase
 CVE-2018-0696
        RESERVED
 CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) 
Version ...)
-       TODO: check
+       NOT-FOR-US: User-friendly SVN
 CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute 
arbitrary ...)
-       TODO: check
+       NOT-FOR-US: FileZen
 CVE-2018-0693 (Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: FileZen
 CVE-2018-0692 (Untrusted search path vulnerability in Baidu Browser Version 
...)
-       TODO: check
+       NOT-FOR-US: Baidu
 CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior 
to ...)
-       TODO: check
+       NOT-FOR-US: Softbank +Message App for Android
 CVE-2018-0690 (An unvalidated software update vulnerability in Music Center 
for PC ...)
-       TODO: check
+       NOT-FOR-US: Music Center for PC
 CVE-2018-0689
        RESERVED
 CVE-2018-0688
        RESERVED
 CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. 
(Denbun ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and 
earlier, ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0685 (SQL injection vulnerability in the Denbun POP version V3.3P 
R4.0 and ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0684 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version 
V3.3P ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0683 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version 
V3.3P ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0682 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and 
earlier, ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0681 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and 
earlier, ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and 
earlier, ...)
-       TODO: check
+       NOT-FOR-US: NEOJAPAN
 CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network 
...)
        TODO: check
 CVE-2018-0678
@@ -51797,7 +51807,7 @@ CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier 
allows an arbitrary script ..
 CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script 
...)
        NOT-FOR-US: AttacheCase
 CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 
4.6.3 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions 
prior to ...)
        - movabletype-opensource <removed>
 CVE-2018-0671



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a5374f6c40bb2849c1e59fd5c322e27140244b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a5374f6c40bb2849c1e59fd5c322e27140244b2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits