[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri, 21 Jun 2019 12:02:03 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d4e37d51 by Salvatore Bonaccorso at 2019-06-21T19:01:29Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,7 +47,7 @@ CVE-2019-12907
 CVE-2019-12906
        RESERVED
 CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the 
?module=fileman& ...)
-       TODO: check
+       NOT-FOR-US: FileRun
 CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable 
to a flu ...)
        - libgcrypt20 <unfixed>
        - libgcrypt11 <removed>
@@ -55,11 +55,11 @@ CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of 
AES is vulnerable to
        NOTE: 
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
        NOTE: 
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
 CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in 
an unexpe ...)
-       TODO: check
+       NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's 
data upon ...)
-       TODO: check
+       NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements, 
allowing  ...)
-       TODO: check
+       NOT-FOR-US: Pydio Cells (relates to Pydio product)
 CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an 
out-of-bo ...)
        - bzip2 <unfixed>
        NOTE: 
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
@@ -69,9 +69,9 @@ CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has 
a User Mode Write A
 CVE-2019-12898 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write 
AV star ...)
        NOT-FOR-US: Delta Electronics DeviceNet Builder
 CVE-2019-12897 (Edraw Max 7.9.3 has a Read Access Violation at the Instruction 
Pointer ...)
-       TODO: check
+       NOT-FOR-US: Edraw Max
 CVE-2019-12896 (Edraw Max 7.9.3 has Heap Corruption starting at 
ntdll!RtlpNtMakeTempor ...)
-       TODO: check
+       NOT-FOR-US: Edraw Max
 CVE-2019-12895 (In Alternate Pic View 2.600, the Exception Handler Chain is 
Corrupted  ...)
        NOT-FOR-US: Alternate Pic View
 CVE-2019-12894 (Alternate Pic View 2.600 has a Read Access Violation at the 
Instructio ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4e37d51d3a63be723baa7900a1f4c45942af22c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4e37d51d3a63be723baa7900a1f4c45942af22c
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to