[Git][security-tracker-team/security-tracker][master] NFUs

Wed, 13 Nov 2019 09:32:56 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6e0dfe0b by Moritz Muehlenhoff at 2019-11-13T17:31:58Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116,7 +116,7 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 
can have a double free.
        - python-psutil <unfixed> (bug #944605)
        NOTE: https://github.com/giampaolo/psutil/pull/1616
 CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent 
HTTP hea ...)
-       TODO: check
+       NOT-FOR-US: FUDForum
 CVE-2019-18872
        RESERVED
 CVE-2019-18871
@@ -2797,7 +2797,7 @@ CVE-2019-18660
 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote 
attackers t ...)
        NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol
 CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a 
chart as  ...)
-       TODO: check
+       - helm-kubernetes <itp> (bug #910799)
 CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via 
the url  ...)
        NOT-FOR-US: ClickHouse
 CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because 
bundles/AdminBu ...)
@@ -16153,7 +16153,7 @@ CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer 
over-read in Exiv2::RafI
        NOTE: Fixed by: 
https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
        NOTE: Introduced by: 
https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e
 CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source 
code. An ...)
-       TODO: check
+       NOT-FOR-US: Slack-Chat
 CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack 
Access T ...)
        NOT-FOR-US: WP SlackSync plugin for WordPress
 CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack 
Access T ...)
@@ -41553,7 +41553,7 @@ CVE-2019-5697 (NVIDIA Virtual GPU Manager, all 
versions, contains a vulnerabilit
 CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a 
vulnerability in  ...)
        NOT-FOR-US: NVIDIA Virtual GPU Manager
 CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU 
Display Dr ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2019-5694 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
        NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a 
vulnerabil ...)
@@ -54672,7 +54672,7 @@ CVE-2019-1236 (A remote code execution vulnerability 
exists in the way that the
 CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text 
Service ...)
        NOT-FOR-US: Microsoft
 CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to 
validate cer ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange 
Server  ...)
        NOT-FOR-US: Microsoft
 CVE-2019-1232 (An elevation of privilege vulnerability exists when the 
Diagnostics Hu ...)
@@ -289261,9 +289261,9 @@ CVE-2011-2337 (A wrong type is used for a return 
value from strlen in WebKit in
 CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. 
when clea ...)
        NOTE: Historic webkit/Chromium issues
 CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome 
before B ...)
-       TODO: check
+       NOTE: Historic webkit/Chromium issues
 CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome 
before  ...)
-       TODO: check
+       NOTE: Historic webkit/Chromium issues
 CVE-2011-2333
        RESERVED
 CVE-2011-2329 (The rampart_timestamp_token_validate function in 
util/rampart_timestam ...)
@@ -290660,9 +290660,9 @@ CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in 
WebKit before r86862, as us
        [squeeze] - chromium-browser <not-affected>
        NOTE: http://trac.webkit.org/changeset/86448
 CVE-2011-1803 (An issue exists in 
third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
-       TODO: check
+       NOTE: Historic webkit/Chromium issues
 CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not 
properly han ...)
-       TODO: check
+       NOTE: Historic webkit/Chromium issues
 CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 
allows r ...)
        - chromium-browser 11.0.696.71~r86024-1 (unimportant)
        NOTE: http://trac.webkit.org/changeset/85977



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e0dfe0bbf38448e5750dbbaffeed218d3bff222

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e0dfe0bbf38448e5750dbbaffeed218d3bff222
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to