[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Tue, 20 Aug 2019 07:23:24 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
51c0120f by Moritz Muehlenhoff at 2019-08-20T14:22:38Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,19 +18,19 @@ CVE-2019-15233
 CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because 
GenericMediaSer ...)
        TODO: check
 CVE-2019-15231 (Webmin 1.890, in a default installation, contains a backdoor 
that allo ...)
-       TODO: check
+       NOT-FOR-US: Webmin
 CVE-2019-15230
        RESERVED
 CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks 
section of ...)
-       TODO: check
+       NOT-FOR-US: FUEL CMS
 CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the 
Admin conso ...)
-       TODO: check
+       NOT-FOR-US: FUEL CMS
 CVE-2019-15227 (FlightPath 4.8.3 has XSS in the Content, Edit urgent message, 
and User ...)
-       TODO: check
+       NOT-FOR-US: FlightPath
 CVE-2019-15226
        RESERVED
 CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match 
incoming ...)
-       TODO: check
+       NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-15224 (The rest-client gem 1.6.13 for Ruby, as distributed on 
RubyGems.org, i ...)
        TODO: check
 CVE-2019-15223 (An issue was discovered in the Linux kernel before 5.1.8. 
There is a N ...)
@@ -266,7 +266,7 @@ CVE-2019-15151 (AdPlug 2.3.1 has a double free in the 
Cu6mPlayer class in u6m.h.
        - adplug <unfixed>
        NOTE: https://github.com/adplug/adplug/issues/91
 CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a 
CSRF vulner ...)
-       TODO: check
+       NOT-FOR-US: OAuth2 Client MediaWiki extension
 CVE-2019-15149 (** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that 
drops t ...)
        TODO: check
 CVE-2018-20976 (An issue was discovered in fs/xfs/xfs_super.c in the Linux 
kernel befo ...)
@@ -15643,9 +15643,9 @@ CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in 
Poppler 0.74.0 mishandles dict
 CVE-2019-9902
        RESERVED
 CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A 
remote att ...)
-       NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
+       NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-9900 (When parsing HTTP/1.x header values, Envoy 1.9.0 and before 
does not r ...)
-       NOT-FOR-US: envoy (not the same as itp'ed envoy, #758651)
+       NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-9899
        RESERVED
 CVE-2019-9898 (Potential recycling of random numbers used in cryptography 
exists with ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/51c0120f8389cda3564e90b34f84f64981cafcb9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/51c0120f8389cda3564e90b34f84f64981cafcb9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to