[Git][security-tracker-team/security-tracker][master] 2 commits: Update todo note for CVE-2018-20871

Salvatore Bonaccorso Sat, 10 Aug 2019 06:16:06 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1f852a6e by Salvatore Bonaccorso at 2019-08-10T13:15:21Z
Update todo note for CVE-2018-20871

- - - - -
c6055dbd by Salvatore Bonaccorso at 2019-08-10T13:15:22Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2019-14808
        RESERVED
 CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for 
MediaWiki, XSS e ...)
-       TODO: check
+       NOT-FOR-US: MobileFrontend extension for MediaWiki
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has 
insufficien ...)
        - python-werkzeug <unfixed> (low)
        [buster] - python-werkzeug <no-dsa> (Minor issue)
@@ -1458,7 +1458,7 @@ CVE-2019-14439 (A Polymorphic Typing issue was discovered 
in FasterXML jackson-d
        NOTE: https://github.com/FasterXML/jackson-databind/issues/2389
        NOTE: 
https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
 CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker 
jobs and ...)
-       TODO: check
+       TODO: check, might affect src:gridengine as well
 CVE-2015-9290 (In FreeType before 2.6.1, a buffer over-read occurs in 
type1/t1parse.c ...)
        - freetype 2.6.1-0.1
        NOTE: 
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30
@@ -6538,7 +6538,7 @@ CVE-2019-12807
 CVE-2019-12806
        RESERVED
 CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier 
versions have ...)
-       TODO: check
+       NOT-FOR-US: NCSOFT Game Launcher
 CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 
4.0.16, due to ...)
        NOT-FOR-US: Hunesion i-oneNet
 CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 
4.0.16, the sp ...)
@@ -7945,19 +7945,19 @@ CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a 
Buffer Overflow in the TC
 CVE-2019-12262
        RESERVED
 CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer 
Overflow in the ...)
-       TODO: check
+       NOT-FOR-US: Wind River VxWorks
 CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
TCP compon ...)
-       TODO: check
+       NOT-FOR-US: Wind River VxWorks
 CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the 
IGMPv3  ...)
        NOT-FOR-US: Wind River VxWorks
 CVE-2019-12258 (Wind River VxWorks 6.5 through 6.9 and vx7 has Session 
Fixation in the ...)
-       TODO: check
+       NOT-FOR-US: Wind River VxWorks
 CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
DHCP clien ...)
        NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
IPv4 compo ...)
        NOT-FOR-US: Wind River VxWorks
 CVE-2019-12255 (Wind River VxWorks 6.5 through 6.9.3 has a Buffer Overflow in 
the TCP  ...)
-       TODO: check
+       NOT-FOR-US: Wind River VxWorks
 CVE-2019-12254
        RESERVED
 CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as 
demonstr ...)
@@ -9668,9 +9668,9 @@ CVE-2018-20829
 CVE-2018-20828
        RESERVED
 CVE-2018-20827 (The activity stream gadget in Jira before version 7.13.1 
allows remote ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2018-20826 (The inline-create rest resource in Jira before version 7.12.3 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2018-20825
        RESERVED
 CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 
allows rem ...)
@@ -9736,7 +9736,7 @@ CVE-2019-11583 (The issue searching component in Jira 
before version 8.1.0 allow
 CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree 
for Window ...)
        NOT-FOR-US: Atlassian Sourcetree
 CVE-2019-11581 (There was a server-side template injection vulnerability in 
Jira Serve ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall 
development p ...)
        NOT-FOR-US: Atlassian Crowd and Crowd Data Center
 CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ 
URI. ...)
@@ -10547,7 +10547,7 @@ CVE-2019-11276
 CVE-2019-11275
        RESERVED
 CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to 
an XSS a ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry UAA
 CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 
1.3.7, and ve ...)
        NOT-FOR-US: Pivotal Container Services
 CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older 
unsupported ve ...)
@@ -26478,9 +26478,9 @@ CVE-2019-5400 (A remote session reuse vulnerability was 
discovered in HPE 3PAR S
 CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in 
HPE 3P ...)
        NOT-FOR-US: HPE
 CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was 
discovered in  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2019-5397 (A remote bypass of security restrictions vulnerability was 
discovered  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in 
HPE 3PA ...)
        NOT-FOR-US: HPE
 CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in 
HPE 3PA ...)
@@ -30153,11 +30153,11 @@ CVE-2019-3746
 CVE-2019-3745
        RESERVED
 CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 
contain a pri ...)
-       TODO: check
+       NOT-FOR-US: Dell/Alienware Digital Delivery
 CVE-2019-3743
        RESERVED
 CVE-2019-3742 (Dell/Alienware Digital Delivery versions prior to 3.5.2013 
contain a p ...)
-       TODO: check
+       NOT-FOR-US: Dell/Alienware Digital Delivery
 CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 
contain a  ...)
        NOT-FOR-US: EMC
 CVE-2019-3740



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9954bc6ec9b4a8f83838913691ff3d84f3fd6beb...c6055dbd32e11fc029accc3e6b38f4dabec176bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9954bc6ec9b4a8f83838913691ff3d84f3fd6beb...c6055dbd32e11fc029accc3e6b38f4dabec176bc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Update todo note for CVE-2018-20871

Reply via email to