[Git][security-tracker-team/security-tracker][master] new mediawiki issue

Fri, 27 Sep 2019 02:24:14 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41f8d53e by Moritz Muehlenhoff at 2019-09-27T09:23:16Z
new mediawiki issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -468,7 +468,8 @@ CVE-2019-16740
 CVE-2019-16739
        RESERVED
 CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows 
information discl ...)
-       TODO: check
+       - mediawiki <unfixed>
+       NOTE: https://phabricator.wikimedia.org/T230402
 CVE-2019-16737
        RESERVED
 CVE-2019-16736
@@ -2748,7 +2749,7 @@ CVE-2019-15894
 CVE-2019-15893
        RESERVED
 CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x 
through 3. ...)
-       TODO: check
+       NOT-FOR-US: CKFinder
 CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in 
ip_reas ...)
        {DLA-1927-1}
        - slirp4netns 0.4.1-1 (bug #939868)
@@ -2828,7 +2829,7 @@ CVE-2019-15892 (An issue was discovered in Varnish Cache 
before 6.0.4 LTS, and 6
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af
 CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper 
checks o ...)
-       TODO: check
+       NOT-FOR-US: CKFinder
 CVE-2019-15861
        RESERVED
 CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. 
NOTE: 2. ...)
@@ -13373,7 +13374,7 @@ CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, 
remote attackers can view
 CVE-2019-12563
        RESERVED
 CVE-2019-12562 (Cross-site scripting (XSS) is possible in DNN (formerly 
DotNetNuke) be ...)
-       TODO: check
+       NOT-FOR-US: DNN
 CVE-2019-12561
        RESERVED
 CVE-2019-12560
@@ -16949,9 +16950,9 @@ CVE-2019-11281
 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service 
versions ...)
        NOT-FOR-US: Pivotal
 CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a 
client that s ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry
 CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be 
directly q ...)
-       TODO: check
+       NOT-FOR-US: Cloud Foundry
 CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 
1.7.11 and 2 ...)
        NOT-FOR-US: Cloud Foundry
 CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service 
versions ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41f8d53e38f4b26bdd909eff4a6f8f704475f753

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41f8d53e38f4b26bdd909eff4a6f8f704475f753
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to