[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso Mon, 08 Apr 2019 13:51:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9773102f by Salvatore Bonaccorso at 2019-04-08T20:50:34Z
Process NFUs

- - - - -
31a14077 by Salvatore Bonaccorso at 2019-04-08T20:50:35Z
Add CVE-2019-10914/matrixssl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,7 +32,7 @@ CVE-2019-11003 (In Materialize through 1.0.0, XSS is possible 
via the Autocomple
 CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip 
feature. ...)
        TODO: check
 CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W 
devices th ...)
-       TODO: check
+       NOT-FOR-US: Reolink devices
 CVE-2019-11000
        RESERVED
 CVE-2019-10999
@@ -206,7 +206,9 @@ CVE-2019-10916
 CVE-2019-10915
        RESERVED
 CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside 
Secure T ...)
-       TODO: check
+       - matrixssl <removed>
+       NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785
+       NOTE: https://github.com/matrixssl/matrixssl/issues/26
 CVE-2019-10913
        RESERVED
 CVE-2019-10912
@@ -375,7 +377,7 @@ CVE-2019-10847
 CVE-2019-10846
        RESERVED
 CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When 
enterin ...)
-       TODO: check
+       NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network 
Libraries (aka n ...)
        NOT-FOR-US: Sony
 CVE-2019-10843
@@ -826,7 +828,7 @@ CVE-2019-10678 (Domoticz before 4.10579 neglects to 
categorize \n and \r as inse
 CVE-2019-10677
        RESERVED
 CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon 
enterin ...)
-       TODO: check
+       NOT-FOR-US: Uniqkey Password Manager
 CVE-2019-10675
        REJECTED
 CVE-2019-10674
@@ -16725,7 +16727,7 @@ CVE-2019-4212
 CVE-2019-4211
        RESERVED
 CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass 
authentication expo ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4209
        RESERVED
 CVE-2019-4208
@@ -16835,7 +16837,7 @@ CVE-2019-4157
 CVE-2019-4156
        RESERVED
 CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is 
impacted b ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4154
        RESERVED
 CVE-2019-4153
@@ -16859,7 +16861,7 @@ CVE-2019-4145
 CVE-2019-4144
        RESERVED
 CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 
3.1.1  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4142
        RESERVED
 CVE-2019-4141
@@ -17043,7 +17045,7 @@ CVE-2019-4053
 CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by 
unauthe ...)
        NOT-FOR-US: IBM
 CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose 
system spe ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4050
        RESERVED
 CVE-2019-4049
@@ -17055,7 +17057,7 @@ CVE-2019-4047
 CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
        NOT-FOR-US: IBM
 CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process 
Manager 18.0 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4044
        RESERVED
 CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 
is vuln ...)
@@ -19541,7 +19543,7 @@ CVE-2018-20343
 CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a 
UART serial ...)
        NOT-FOR-US: Floureon IP Camera SP012
 CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption before 8.3 has an Unquoted 
Search P ...)
-       TODO: check
+       NOT-FOR-US: WINMAGIC SecureDoc Disk Encryption
 CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, 
which c ...)
        {DSA-4389-1}
        - libu2f-host 1.1.7-1 (bug #921726)
@@ -110880,7 +110882,7 @@ CVE-2017-7914 (A Missing Authorization issue was 
discovered in Rockwell Automati
 CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa 
OnCell  ...)
        NOT-FOR-US: Moxa
 CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to 
SRN4000_v ...)
-       TODO: check
+       NOT-FOR-US: Hanwha Techwin firmware
 CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT 
Platform, ...)
        NOT-FOR-US: CyberVision Kaa IoT Platform
 CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital 
Canal St ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/0de708c7add105a8b6c7494113d1bfad170d2673...31a1407736f4f3a6e9c01248915f5cc36b79de39

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/0de708c7add105a8b6c7494113d1bfad170d2673...31a1407736f4f3a6e9c01248915f5cc36b79de39
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Reply via email to