[Git][security-tracker-team/security-tracker][master] Process more NFUs

Tue, 17 Dec 2019 23:43:29 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb3f8a3c by Salvatore Bonaccorso at 2019-12-18T07:42:46Z
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -457,11 +457,11 @@ CVE-2019-19852
 CVE-2019-19851
        RESERVED
 CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 
9.5.12, and ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 
9.5.12, and ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2019-19848 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 
9.5.12, and ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2019-19847 (Libspiro through 20190731 has a stack-based buffer overflow in 
the spi ...)
        - libspiro <unfixed>
        NOTE: https://github.com/fontforge/libspiro/issues/21
@@ -3217,7 +3217,7 @@ CVE-2019-19635 (An issue was discovered in libsixel 
1.8.2. There is a heap-based
        [jessie] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/103
 CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 
2.x throu ...)
-       TODO: check
+       NOT-FOR-US: K2 extension for Joomla!
 CVE-2019-19633
        RESERVED
 CVE-2019-19632
@@ -15778,7 +15778,7 @@ CVE-2019-16557 (Jenkins Redgate SQL Change Automation 
Plugin 2.0.3 and earlier s
 CVE-2019-16556 (Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials 
unencrypte ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-16555 (A user-supplied regular expression in Jenkins Build Failure 
Analyzer P ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Build Failure Analyzer Plugin
 CVE-2019-16554 (A missing permission check in Jenkins Build Failure Analyzer 
Plugin 1. ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2019-16553 (A cross-site request forgery vulnerability in Jenkins Build 
Failure An ...)
@@ -21805,7 +21805,7 @@ CVE-2019-14601
 CVE-2019-14600
        RESERVED
 CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2019-14598
        RESERVED
 CVE-2019-14597
@@ -27100,9 +27100,9 @@ CVE-2019-13184
 CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST 
endpoints, as  ...)
        NOT-FOR-US: Flarum
 CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in 
the web UI ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of 
SolarWinds Serv- ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2019-13180
        RESERVED
 CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption 
keyfile ...)
@@ -64865,7 +64865,7 @@ CVE-2019-0160 (Buffer overflow in system firmware for 
EDK II may allow unauthent
        NOTE: 
https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5
        NOTE: 
https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca
 CVE-2019-0159 (Insufficient memory protection in the Linux Administrative 
Tools for I ...)
-       TODO: check
+       NOT-FOR-US: Linux Administrative Tools for Intel Network Adapters
 CVE-2019-0158 (Insufficient path checking in the installation package for 
Intel(R) Gr ...)
        NOT-FOR-US: Intel
 CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for 
Linux may ...)
@@ -64923,7 +64923,7 @@ CVE-2019-0136 (Insufficient access control in the 
Intel(R) PROSet/Wireless WiFi
 CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated 
Storage ...)
        NOT-FOR-US: Intel
 CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and 
Thermal Fram ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2019-0133
        RESERVED
 CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 
3.3.176.13 may ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb3f8a3c020d83541de60f3bd1c32cedefc35a55

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb3f8a3c020d83541de60f3bd1c32cedefc35a55
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to