diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-02-05 12:11:34 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-02-05 12:11:34 +0100 |
commit | efb738f80a76487db1b461f9a04471dc9226748b (patch) | |
tree | eb09e0305170a4f19ac7bf43abba919907333dad | |
parent | 6686a537ba4ff92299b3391a82cd9bab976a21da (diff) |
NFUs
add explicit status for older libidn2-0 src pkg name
-rw-r--r-- | data/CVE/2007.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 12 | ||||
-rw-r--r-- | data/CVE/2013.list | 24 | ||||
-rw-r--r-- | data/CVE/2019.list | 1 |
4 files changed, 20 insertions, 19 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 5803fcdf2b..d0cebc29cc 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -11,7 +11,7 @@ CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmw CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...) NOT-FOR-US: Dataprobe iBootBar CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in ...) - TODO: check + NOT-FOR-US: feed-proxy.php CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...) NOT-FOR-US: GE Healthcare Centricity DMS CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index dc4f61515b..c66fc8ca88 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1050,7 +1050,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi NOTE: http://secunia.com/advisories/49889/ NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...) - TODO: check + NOT-FOR-US: Soapbox CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...) NOT-FOR-US: Android browser CVE-2012-6300 @@ -2399,7 +2399,7 @@ CVE-2012-5778 CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...) NOT-FOR-US: EmpireCMS CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in ...) - TODO: check + NOT-FOR-US: Dokeos CVE-2012-5775 REJECTED CVE-2012-5774 @@ -2585,7 +2585,7 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DN CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...) NOT-FOR-US: TP-LINK TL-WR841N router CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...) - TODO: check + NOT-FOR-US: ZPanel CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...) NOT-FOR-US: ZPanel CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier ...) @@ -12899,9 +12899,9 @@ CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x befor {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...) - TODO: check + - webcalendar <removed> CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers ...) - TODO: check + - webcalendar <removed> CVE-2012-1102 [XML::Atom Perl module XML entity expansion] RESERVED {DSA-2424-1} @@ -14171,7 +14171,7 @@ CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1 CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...) - TODO: check + NOT-FOR-US: whoopsie-daisy CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...) - aptdaemon 0.43+bzr790-1 [squeeze] - aptdaemon <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index cf85331602..ce2e1922e8 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -6152,15 +6152,15 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...) NOT-FOR-US: DotNetNuke CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...) - TODO: check + NOT-FOR-US: Evernote CVE-2013-5115 RESERVED CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...) - TODO: check + NOT-FOR-US: LastPass CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...) - TODO: check + NOT-FOR-US: LastPass CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...) - TODO: check + NOT-FOR-US: Evernote CVE-2013-5111 RESERVED CVE-2013-5110 @@ -12432,11 +12432,11 @@ CVE-2013-2680 CVE-2013-2679 RESERVED CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) - TODO: check + NOT-FOR-US: Cisco CVE-2013-2677 RESERVED CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) - TODO: check + NOT-FOR-US: Brother CVE-2013-2675 RESERVED CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) @@ -12535,7 +12535,7 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.14 - libv8-3.14 <removed> (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...) - TODO: check + NOT-FOR-US: TinyWebGallery CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...) NOT-FOR-US: CA Service Desk Manager CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...) @@ -12552,7 +12552,7 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1 NOTE: DSA-2733-1 NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/ CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...) - TODO: check + NOT-FOR-US: Telean CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...) NOT-FOR-US: Uebimiau Webmail CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...) @@ -12663,7 +12663,7 @@ CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to t CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...) NOT-FOR-US: TP-Link CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...) - TODO: check + NOT-FOR-US: Xpient point of sale (POS) CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) NOT-FOR-US: Zavio CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...) @@ -12951,7 +12951,7 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote a NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 NOTE: Versions affected: 1.8.0 to 1.8.5 CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...) - TODO: check + NOT-FOR-US: AWS XMS CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 @@ -16444,7 +16444,7 @@ CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, {DSA-2633-1} - fusionforge 5.2.1+20130227-1 CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...) - TODO: check + - webcalendar <removed> CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...) - webcalendar <removed> CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...) @@ -19283,7 +19283,7 @@ CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SS - sssd <not-affected> (Introduced in 1.9.0) NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...) - TODO: check + NOT-FOR-US: Wordpress theme CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...) NOT-FOR-US: nori Ruby gem CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 272ac626b8..3643067da7 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -5647,6 +5647,7 @@ CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controlle CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...) {DSA-4613-1} - libidn2 2.2.0-1 (bug #942895) + - libidn2-0 <not-affected> (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c CVE-2019-18223 |