[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Mon, 09 Mar 2020 01:43:31 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
76bfb7f0 by Moritz Muehlenhoff at 2020-03-09T09:42:29+01:00
NFUs
imagemagick triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,9 +27,9 @@ CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is 
vulnerable to Heap C
 CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 
allows re ...)
        TODO: check
 CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management 
Appliance  ...)
-       TODO: check
+       NOT-FOR-US: Quest KACE
 CVE-2016-11021 (setSystemCommand on D-Link DCS-930L devices before 2.12 allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web 
interface is ...)
        NOT-FOR-US: rConfig
 CVE-2020-10219
@@ -47,7 +47,7 @@ CVE-2020-10214 (An issue was discovered on D-Link DIR-825 
Rev.B 2.10 devices. Th
 CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. 
They all ...)
        NOT-FOR-US: D-Link
 CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows 
SSRF via ...)
-       TODO: check
+       NOT-FOR-US: Responsive FileManager
 CVE-2020-10211
        RESERVED
 CVE-2020-10210
@@ -1008,7 +1008,7 @@ CVE-2020-9758
 CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows 
Server-Side  ...)
        NOT-FOR-US: Seomatic component for Craft CMS
 CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows 
insuff ...)
-       TODO: check
+       NOT-FOR-US: Patriot Viper RGB Driver
 CVE-2020-9755
        RESERVED
 CVE-2020-9754
@@ -1481,9 +1481,9 @@ CVE-2020-9533
 CVE-2020-9532
        RESERVED
 CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM 
devices. In t ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi
 CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM 
devices. The  ...)
-       TODO: check
+       NOT-FOR-US: Xiaomi
 CVE-2020-9529
        RESERVED
 CVE-2020-9528
@@ -1611,7 +1611,7 @@ CVE-2020-9472
 CVE-2020-9471
        RESERVED
 CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before 
February 2020. ...)
-       TODO: check
+       NOT-FOR-US: Wing FTP Server
 CVE-2020-9469
        RESERVED
 CVE-2020-9468
@@ -42781,7 +42781,9 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based 
buffer overflow vulnerabi
        [stretch] - xymon 4.3.28-2+deb9u1
        NOTE: https://lists.xymon.com/archive/2019-July/046570.html
 CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in 
RemoveDuplicateLay ...)
-       - imagemagick <unfixed> (bug #931740)
+       - imagemagick <unfixed> (low; bug #931740)
+       [buster] - imagemagick <ignored> (Minor issue)
+       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (low impact issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
@@ -44132,7 +44134,9 @@ CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of 
uninitialized value" vulnerab
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
 CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" 
vulnerability  ...)
-       - imagemagick <unfixed> (bug #931191)
+       - imagemagick <unfixed> (low; bug #931191)
+       [buster] - imagemagick <ignored> (Minor issue)
+       [stretch] - imagemagick <ignored> (Minor issue)
        [jessie] - imagemagick <ignored> (minor security impact)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
@@ -44144,7 +44148,9 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak 
vulnerability in the Writ
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
 CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in 
coders/pa ...)
        {DLA-1888-1}
-       - imagemagick <unfixed> (bug #931196)
+       - imagemagick <unfixed> (low; bug #931196)
+       [buster] - imagemagick <ignored> (Minor issue)
+       [stretch] - imagemagick <ignored> (Minor issue)
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
        NOTE: 
https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the 
opj_t1_encode_c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76bfb7f0c135c4b1d053aab799713767298ae7df

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76bfb7f0c135c4b1d053aab799713767298ae7df
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to