[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Sat, 17 Aug 2019 01:23:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8f9edb12 by Salvatore Bonaccorso at 2019-08-17T08:21:57Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,13 +17,13 @@ CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c 
in the Linux kernel
        - linux <unfixed>
        NOTE: Fixed by: 
https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
 CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress 
has XSS  ...)
-       TODO: check
+       NOT-FOR-US: easy-digital-downloads plugin for WordPress
 CVE-2019-15115 (The peters-login-redirect plugin before 2.9.2 for WordPress 
has CSRF. ...)
-       TODO: check
+       NOT-FOR-US: peters-login-redirect plugin for WordPress
 CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress 
has CSRF. ...)
-       TODO: check
+       NOT-FOR-US: formcraft-form-builder plugin for WordPress
 CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for 
WordPress has  ...)
-       TODO: check
+       NOT-FOR-US: companion-sitemap-generator plugin for WordPress
 CVE-2019-15112
        RESERVED
 CVE-2019-15111
@@ -79,13 +79,13 @@ CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as 
used on Dell laptops,
 CVE-2019-15083
        RESERVED
 CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
-       TODO: check
+       NOT-FOR-US: js-jobs plugin for WordPress
 CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress 
has local  ...)
-       TODO: check
+       NOT-FOR-US: companion-auto-update plugin for WordPress
 CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress 
has CSRF. ...)
-       TODO: check
+       NOT-FOR-US: companion-auto-update plugin for WordPress
 CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF 
affecting ...)
-       TODO: check
+       NOT-FOR-US: church-admin plugin for WordPress
 CVE-2018-20970
        RESERVED
 CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not 
block string ...)
@@ -95,19 +95,19 @@ CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 
2.7.6 does not block
 CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL 
injection. ...)
        NOT-FOR-US: note-press plugin for WordPress
 CVE-2017-18547 (The nelio-ab-testing plugin before 4.6.4 for WordPress has 
CSRF in exp ...)
-       TODO: check
+       NOT-FOR-US: nelio-ab-testing plugin for WordPress
 CVE-2017-18546 (The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF. 
...)
-       TODO: check
+       NOT-FOR-US: jayj-quicktag plugin for WordPress
 CVE-2017-18545 (The invite-anyone plugin before 1.3.16 for WordPress has 
incorrect esc ...)
-       TODO: check
+       NOT-FOR-US: invite-anyone plugin for WordPress
 CVE-2017-18544 (The invite-anyone plugin before 1.3.16 for WordPress has 
admin-panel C ...)
-       TODO: check
+       NOT-FOR-US: invite-anyone plugin for WordPress
 CVE-2017-18543 (The invite-anyone plugin before 1.3.16 for WordPress has 
incorrect acc ...)
-       TODO: check
+       NOT-FOR-US: invite-anyone plugin for WordPress
 CVE-2017-18542 (The zendesk-help-center plugin before 1.0.5 for WordPress has 
multiple ...)
-       TODO: check
+       NOT-FOR-US: zendesk-help-center plugin for WordPress
 CVE-2017-18541 (The xo-security plugin before 1.5.3 for WordPress has XSS. ...)
-       TODO: check
+       NOT-FOR-US: xo-security plugin for WordPress
 CVE-2017-18540
        RESERVED
 CVE-2017-18539
@@ -163,17 +163,17 @@ CVE-2015-9326 (The wp-business-intelligence-lite plugin 
before 1.6.3 for WordPre
 CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL 
injection. ...)
        NOT-FOR-US: visitors-online plugin for WordPress
 CVE-2015-9324 (The easy-digital-downloads plugin before 2.3.3 for WordPress 
has SQL i ...)
-       TODO: check
+       NOT-FOR-US: easy-digital-downloads plugin for WordPress
 CVE-2015-9323 (The 404-to-301 plugin before 2.0.3 for WordPress has SQL 
injection. ...)
-       TODO: check
+       NOT-FOR-US: 404-to-301 plugin for WordPress
 CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for 
WordPress ...)
-       TODO: check
+       NOT-FOR-US: erident-custom-login-and-dashboard plugin for WordPress
 CVE-2015-9321
        RESERVED
 CVE-2015-9320
        RESERVED
 CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL 
injecti ...)
-       TODO: check
+       NOT-FOR-US: i-recommend-this plugin for WordPress
 CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel 
through 5.2. ...)
        - linux <unfixed>
        NOTE: 
https://lore.kernel.org/linux-wireless/[email protected]/T/#u



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f9edb125e09c9cea573d0597c633a1adf938e52

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f9edb125e09c9cea573d0597c633a1adf938e52
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to