[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso Thu, 06 Jun 2019 03:00:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ad1026ee by Salvatore Bonaccorso at 2019-06-06T10:00:05Z
Process some NFUs

- - - - -
2800ddfb by Salvatore Bonaccorso at 2019-06-06T10:00:06Z
Add CVE-2019-12739/nextcloud

Actually this might not be in the target for src:nextcloud but in an
external addon and as such marked differently.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2019-12743
 CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change 
the passw ...)
        NOT-FOR-US: bludit
 CVE-2019-12741 (XSS exists in the HAPI FHIR testpage overlay module of the 
HAPI FHIR l ...)
-       TODO: check
+       NOT-FOR-US: HAPI FHIR library
 CVE-2019-12740
        RESERVED
 CVE-2019-12739 (lib/Controller/ExtractionController.php in the Extract add-on 
before 1 ...)
-       TODO: check
+       - nextcloud <itp> (bug #835086)
 CVE-2019-12738
        RESERVED
 CVE-2019-12737
@@ -313,7 +313,7 @@ CVE-2019-12595
 CVE-2019-12594
        RESERVED
 CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file 
inclusion  ...)
-       TODO: check
+       NOT-FOR-US: IceWarp Mail Server
 CVE-2019-12592
        RESERVED
 CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows 
remote a ...)
@@ -387,11 +387,11 @@ CVE-2019-12557
 CVE-2019-12556
        RESERVED
 CVE-2019-12555 (In SweetScape 010 Editor 9.0.1, improper validation of 
arguments in th ...)
-       TODO: check
+       NOT-FOR-US: SweetScape 010 Editor
 CVE-2019-12554 (In SweetScape 010 Editor 9.0.1, improper validation of 
arguments in th ...)
-       TODO: check
+       NOT-FOR-US: SweetScape 010 Editor
 CVE-2019-12553 (In SweetScape 010 Editor 9.0.1, improper validation of 
arguments in th ...)
-       TODO: check
+       NOT-FOR-US: SweetScape 010 Editor
 CVE-2019-12552
        RESERVED
 CVE-2019-12551
@@ -987,7 +987,7 @@ CVE-2016-10751 (osClass 3.6.1 allows oc-admin/plugins.php 
Directory Traversal vi
 CVE-2019-12311
        RESERVED
 CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have 
a /monit ...)
-       TODO: check
+       NOT-FOR-US: ExaGrid appliances
 CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability 
exploitable by  ...)
        NOT-FOR-US: dotCMS
 CVE-2019-12308 (An issue was discovered in Django 1.11 before 1.11.21, 2.1 
before 2.1. ...)
@@ -1150,7 +1150,7 @@ CVE-2019-12245
 CVE-2019-12244
        RESERVED
 CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
-       TODO: check
+       NOT-FOR-US: Istio
 CVE-2019-12242
        RESERVED
 CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure 
Deserializat ...)
@@ -1527,7 +1527,7 @@ CVE-2019-12098 (In the client side of Heimdal before 
7.6.0, failure to verify an
        NOTE: Fixed by: 
https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf
 (7.6.0)
        NOTE: Introduced by: 
https://github.com/heimdal/heimdal/commit/a1ef548600c5bb51cf52a9a9ea12676506ede19f
 (1.4.0)
 CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of 
EnableLoop ...)
-       TODO: check
+       NOT-FOR-US: Telerik Fiddler
 CVE-2019-12096
        RESERVED
 CVE-2019-12095
@@ -2904,7 +2904,7 @@ CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus 
before build 5708 has XSS v
 CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 
8.2 before ...)
        NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11509 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 
8.2 before ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 
8.2 before ...)
        NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 
8.3R7.1 and 9. ...)
@@ -3308,13 +3308,13 @@ CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 
r1198 has a Buffer Overf
        NOTE: https://github.com/lh3/bwa/issues/239
        NOTE: Neutralised by toolchain hardening
 CVE-2019-11370 (Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as 
demonstr ...)
-       TODO: check
+       NOT-FOR-US: Carel pCOWeb
 CVE-2019-11369 (An issue was discovered in Carel pCOWeb prior to B1.2.4. In 
/config/pw ...)
-       TODO: check
+       NOT-FOR-US: Carel pCOWeb
 CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 
1.3.0 via  ...)
-       TODO: check
+       NOT-FOR-US: AUO Solar Data Recorder
 CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 
1.3.0. The w ...)
-       TODO: check
+       NOT-FOR-US: AUO Solar Data Recorder
 CVE-2019-11364
        RESERVED
 CVE-2019-11363



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee0bd3c8095913905b734290a7c52c090fd2fff7...2800ddfb34be8cb08294855f6c82070e8ed3945c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee0bd3c8095913905b734290a7c52c090fd2fff7...2800ddfb34be8cb08294855f6c82070e8ed3945c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Reply via email to