[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 08 Oct 2019 13:29:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dec8dc6e by Salvatore Bonaccorso at 2019-10-08T20:27:56Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2019-17273
 CVE-2019-17272
        RESERVED
 CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the 
ajax/api/hook/getHookList ...)
-       TODO: check
+       NOT-FOR-US: vBulletin
 CVE-2019-17270
        RESERVED
 CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to 
execute arbitr ...)
@@ -185,49 +185,49 @@ CVE-2019-17263 (In libyal libfwsi before 20191006, 
libfwsi_extension_block_copy_
        NOTE: https://github.com/libyal/libfwsi/issues/13
        NOTE: 
https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3
 CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at 
Xwsq+0x0 ...)
-       TODO: check
+       NOT-FOR-US: XnView
 CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at 
Xwsq+0x0 ...)
-       TODO: check
+       NOT-FOR-US: XnView
 CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a 
Block Data M ...)
        TODO: check
 CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at 
utils!src_ne ...)
-       TODO: check
+       NOT-FOR-US: KMPlayer (different from src:kmplayer)
 CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control 
a subseq ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17257 (IrfanView 4.53 allows a Exception Handler Chain to be 
Corrupted starti ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17256 (IrfanView 4.53 allows a User Mode Write AV starting at 
DPX!ReadDPX_W+0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17255 (IrfanView 4.53 allows a User Mode Write AV starting at 
EXR!ReadEXR+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17254 (IrfanView 4.53 allows Data from a Faulting Address to control 
a subseq ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17253 (IrfanView 4.53 allows a User Mode Write AV starting at 
JPEG_LS+0x00000 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17252 (IrfanView 4.53 allows a User Mode Write AV starting at 
FORMATS!Read_Ba ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17251 (IrfanView 4.53 allows a User Mode Write AV starting at 
FORMATS!GetPlug ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17250 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17249 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17248 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17247 (IrfanView 4.53 allows Data from a Faulting Address to control 
a subseq ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17246 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17245 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17244 (IrfanView 4.53 allows Data from a Faulting Address to control 
Code Flo ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17243 (IrfanView 4.53 allows Data from a Faulting Address to control 
Code Flo ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17242 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at 
WSQ!ReadWSQ+0x0 ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers 
to bypas ...)
        NOT-FOR-US: Bludit
 CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in 
the downl ...)
@@ -337,9 +337,9 @@ CVE-2019-17189
 CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in 
catalog/pr ...)
        NOT-FOR-US: Fecshop FecMall
 CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 
1.00.M5007_ ...)
-       TODO: check
+       NOT-FOR-US: FiberHome HG2201T devices
 CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 
1.00.M5007_JS_201 ...)
-       TODO: check
+       NOT-FOR-US: FiberHome HG2201T devices
 CVE-2019-17185
        RESERVED
 CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 
C8030/C8035/C8045/C8055/C ...)
@@ -917,7 +917,7 @@ CVE-2019-16931 (A stored XSS vulnerability in the 
Visualizer plugin 3.3.0 for Wo
 CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP 
address of a ...)
        NOT-FOR-US: Zcash
 CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control 
because Iden ...)
-       TODO: check
+       NOT-FOR-US: Auth0 auth0.net
 CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile 
part of the ...)
        - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
@@ -956,7 +956,7 @@ CVE-2019-16915 (An issue was discovered in pfSense through 
2.4.4-p3. widgets/wid
 CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In 
services_c ...)
        NOT-FOR-US: pfSense
 CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to 
%PROGRAMFILES(X86 ...)
-       TODO: check
+       NOT-FOR-US: PC Protect Antivirus
 CVE-2019-16912
        RESERVED
 CVE-2019-16911
@@ -2191,9 +2191,9 @@ CVE-2019-16419
 CVE-2019-16418
        RESERVED
 CVE-2019-16417 (HRworks FLOW 3.36.9 allows XSS via the purpose of a 
travel-expense rep ...)
-       TODO: check
+       NOT-FOR-US: HRworks FLOW
 CVE-2019-16416 (HRworks 3.36.9 allows XSS via the purpose of a travel-expense 
report. ...)
-       TODO: check
+       NOT-FOR-US: HRworks
 CVE-2019-16415
        RESERVED
 CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding 
of malici ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dec8dc6e06db3aaee1511741e6ef0013ac5e94b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dec8dc6e06db3aaee1511741e6ef0013ac5e94b5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to