Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a881d6e by Salvatore Bonaccorso at 2019-01-26T09:51:01Z
Mark CVE-2018-17191 as ignored
As we track source-code level issues, mark the issue as ignored.
Given the Nashorn module is not enabled and javascript support is
incomplete we can ignore the issue for the stable release. not-affected
would imply that the issue is not present in the version as released in
stretch.
- - - - -
8a4e3fbd by Salvatore Bonaccorso at 2019-01-26T09:52:14Z
Remove reference to original attempt to fix CVE-2019-5489
More details tracked in kernel-sec triaging repository.
- - - - -
2d6e9243 by Salvatore Bonaccorso at 2019-01-26T10:00:58Z
Process NFUs
- - - - -
d1ce3136 by Salvatore Bonaccorso at 2019-01-26T10:01:17Z
Add CVE-2019-6956/faad2 issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2019-6968
CVE-2019-6967
RESERVED
CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom
class in ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2019-6965
RESERVED
CVE-2019-6964
@@ -33,7 +33,8 @@ CVE-2019-6958
CVE-2019-6957
RESERVED
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2
(FAAD2) ...)
- TODO: check
+ - faad2 <unfixed> (bug #914641)
+ NOTE: https://sourceforge.net/p/faac/bugs/240/
CVE-2019-6955
RESERVED
CVE-2019-6954
@@ -335,7 +336,7 @@ CVE-2019-6807
CVE-2019-6806
RESERVED
CVE-2019-6805 (SQL Injection was found in S-CMS version V3.0 via the ...)
- TODO: check
+ NOT-FOR-US: S-CMS
CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck
Community ...)
NOT-FOR-US: Rundeck Community Edition
CVE-2019-6803 (typora through 0.9.9.20.3 beta has XSS, with resultant remote
command ...)
@@ -3422,7 +3423,6 @@ CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in
the ...)
NOT-FOR-US: EARCLINK ESPCMS-P8
CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux
kernel ...)
- linux <unfixed>
- NOTE:
https://git.kernel.org/linus/574823bfab82d9d8fa47f422778043fbb4b4f50e (5.0-rc1)
CVE-2019-5487
RESERVED
CVE-2019-5486
@@ -18986,11 +18986,11 @@ CVE-2018-19025
CVE-2018-19024
RESERVED
CVE-2018-19023 (Hetronic Nova-M radio control systems prior to version r161
use fixed ...)
- TODO: check
+ NOT-FOR-US: Hetronic Nova-M radio control systems
CVE-2018-19022
RESERVED
CVE-2018-19021 (A specially crafted script could bypass the authentication of
a ...)
- TODO: check
+ NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-19020
RESERVED
CVE-2018-19019 (A type confusion vulnerability exists when processing project
files in ...)
@@ -19017,7 +19017,7 @@ CVE-2018-19010
RESERVED
NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19009 (Pilz PNOZmulti Configurator prior to version 10.9 allows an
...)
- TODO: check
+ NOT-FOR-US: Pilz PNOZmulti Configurator
CVE-2018-19008
RESERVED
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to
1.12.0.25 the ...)
@@ -19073,7 +19073,7 @@ CVE-2018-18983 (VT-Designer Version 2.1.7.31 is
vulnerable by the program readin
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application
allows ...)
NOT-FOR-US: NUUO CMS
CVE-2018-18981 (In Rockwell Automation FactoryTalk Services Platform 2.90 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before
0.8.0 ...)
{DLA-1584-1}
- ruby-i18n 0.7.0-3 (bug #913093)
@@ -20631,7 +20631,7 @@ CVE-2018-18365
CVE-2018-18364
RESERVED
CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a
bypass ...)
- TODO: check
+ NOT-FOR-US: Norton App Lock
CVE-2018-18362 (Norton Password Manager for Android (formerly Norton Identity
Safe) ...)
NOT-FOR-US: Norton Password Manager for Android
CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
@@ -23624,7 +23624,7 @@ CVE-2018-17192 (The X-Frame-Options headers were
applied inconsistently on some
NOT-FOR-US: Apache NiFi
CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy
Auto-Configuration ...)
- netbeans 10.0-1
- [stretch] - netbeans <not-affected> (Nashorn module is not enabled.
Javascript support is incomplete)
+ [stretch] - netbeans <ignored> (Nashorn module is not enabled.
Javascript support is incomplete)
NOTE: Fixed upstream in version 10.0
NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource
manager ...)
@@ -36532,7 +36532,7 @@ CVE-2018-12239 (Norton prior to 22.15; Symantec
Endpoint Protection (SEP) prior
CVE-2018-12238 (Norton prior to 22.15; Symantec Endpoint Protection (SEP)
prior to ...)
NOT-FOR-US: Norton
CVE-2018-12237 (The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2
prior to ...)
- TODO: check
+ NOT-FOR-US: Symantec Reporter CLI
CVE-2018-12236
RESERVED
CVE-2018-12235
@@ -55667,7 +55667,7 @@ CVE-2018-5499
CVE-2018-5498
RESERVED
CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5
are ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are
...)
NOT-FOR-US: Data ONTAP
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4be12f62f9b326224980726781e3cb96e4cde346...d1ce31367e07f67dfcd2b731b5cace0f4ca33518
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/4be12f62f9b326224980726781e3cb96e4cde346...d1ce31367e07f67dfcd2b731b5cace0f4ca33518
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
