[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Thu, 10 Oct 2019 13:38:33 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ac5a9f2e by Salvatore Bonaccorso at 2019-10-10T20:37:56Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -66,17 +66,17 @@ CVE-2019-17455 (Libntlm through 1.5 relies on a fixed 
buffer size for tSmbNtlmAu
        - libntlm <unfixed>
        NOTE: https://gitlab.com/jas/libntlm/issues/2
 CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in 
AP4_Descriptor::GetTa ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in 
AP4_DescriptorListWri ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in 
AP4_DescriptorListIns ...)
-       TODO: check
+       NOT-FOR-US: Bento4
 CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD) 
library (a ...)
        TODO: check
 CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File 
Descriptor (BFD) ...)
        TODO: check
 CVE-2019-17449 (Avira Software Updater before 2.0.6.21094 allows a DLL 
side-loading at ...)
-       TODO: check
+       NOT-FOR-US: Avira Software Updater
 CVE-2019-17448
        RESERVED
 CVE-2019-17447
@@ -106,23 +106,23 @@ CVE-2019-17436
 CVE-2019-17435
        RESERVED
 CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that 
is mishan ...)
-       TODO: check
+       NOT-FOR-US: LavaLite
 CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the 
Roles s ...)
-       TODO: check
+       NOT-FOR-US: z-song laravel-admin
 CVE-2019-17432 (An issue was discovered in fastadmin 1.0.0.20190705_beta. 
There is a p ...)
-       TODO: check
+       NOT-FOR-US: fastadmin
 CVE-2019-17431 (An issue was discovered in fastadmin 1.0.0.20190705_beta. 
There is a p ...)
-       TODO: check
+       NOT-FOR-US: fastadmin
 CVE-2019-17430 (EyouCms through 2019-07-11 has XSS related to the login.php 
web_record ...)
-       TODO: check
+       NOT-FOR-US: EyouCms
 CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the 
post.php p_id ...)
-       TODO: check
+       NOT-FOR-US: Adhouma CMS
 CVE-2015-9480 (The RobotCPA plugin 5 for WordPress has directory traversal via 
the f. ...)
        NOT-FOR-US: RobotCPA plugin for WordPress
 CVE-2015-9479 (The ACF-Frontend-Display plugin through 2015-07-03 for 
WordPress has a ...)
-       TODO: check
+       NOT-FOR-US: ACF-Frontend-Display plugin for WordPress
 CVE-2015-9478 (prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. ...)
-       TODO: check
+       NOT-FOR-US: prettyPhoto
 CVE-2015-9477 (The Vernissage theme 1.2.8 for WordPress has insufficient 
restrictions ...)
        NOT-FOR-US: Vernissage theme for WordPress
 CVE-2015-9476 (The Teardrop theme 1.8.1 for WordPress has insufficient 
restrictions o ...)
@@ -132,7 +132,7 @@ CVE-2015-9475 (The Pont theme 1.5 for WordPress has 
insufficient restrictions on
 CVE-2015-9474 (The Simpolio theme 1.3.2 for WordPress has insufficient 
restrictions o ...)
        NOT-FOR-US: Simpolio theme for WordPress
 CVE-2015-9473 (The estrutura-basica theme through 2015-09-13 for WordPress has 
direct ...)
-       TODO: check
+       NOT-FOR-US: estrutura-basica theme for WordPress
 CVE-2015-9472 (The incoming-links plugin before 0.9.10b for WordPress has 
referrers.p ...)
        NOT-FOR-US: incoming-links plugin for WordPress
 CVE-2015-9471 (The dzs-zoomsounds plugin through 2.0 for WordPress has 
admin/upload.p ...)
@@ -375,7 +375,7 @@ CVE-2019-17322
 CVE-2019-17321
        RESERVED
 CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a 
buffer ove ...)
-       TODO: check
+       NOT-FOR-US: NetSarang XFTP Client
 CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL 
injection in the ...)
        NOT-FOR-US: SugarCRM
 CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL 
injection in the ...)
@@ -5886,7 +5886,7 @@ CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create 
Blocks section of the Admin
 CVE-2019-15227 (FlightPath 4.8.3 has XSS in the Content, Edit urgent message, 
and User ...)
        NOT-FOR-US: FlightPath
 CVE-2019-15226 (Upon receiving each incoming request header data, Envoy will 
iterate o ...)
-       TODO: check
+       NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match 
incoming ...)
        NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2019-15224 (The rest-client gem 1.6.10 through 1.6.13 for Ruby, as 
distributed on  ...)
@@ -7397,7 +7397,7 @@ CVE-2019-14811 (A flaw was found in, ghostscript versions 
prior to 9.28, in the
        NOTE: from 
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
        NOTE: which changed the access to file permissions.
 CVE-2019-14810 (A vulnerability has been found in the implementation of the 
Label Dist ...)
-       TODO: check
+       NOT-FOR-US: EOS
 CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 
mishandles malfo ...)
        {DSA-4503-1}
        - golang-1.13 1.13~beta1-3 (bug #934954)
@@ -13562,7 +13562,7 @@ CVE-2019-13053 (Logitech Unifying devices allow 
keystroke injection, bypassing e
 CVE-2019-13052 (Logitech Unifying devices allow live decryption if the pairing 
of a ke ...)
        NOT-FOR-US: Logitech
 CVE-2019-13051 (Pi-Hole 4.3 allows Command Injection. ...)
-       TODO: check
+       NOT-FOR-US: Pi-Hole
 CVE-2019-13050 (Interaction between the sks-keyserver code through 1.2.0 of 
the SKS ke ...)
        NOT-FOR-US: Conceptual weakness in PGP keyserver design
 CVE-2019-13049 (An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 
allows user ...)
@@ -17720,7 +17720,7 @@ CVE-2019-11528
 CVE-2019-11527
        RESERVED
 CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A 
maintenance sc ...)
-       TODO: check
+       NOT-FOR-US: Softing uaGate
 CVE-2019-11525
        RESERVED
 CVE-2019-11524



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac5a9f2eeedbf262c067f6e7be203490f03ae221

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ac5a9f2eeedbf262c067f6e7be203490f03ae221
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to