historic glibc issues

NFUs
author: Moritz Muehlenhoff <jmm@debian.org> 2019-04-11 18:09:51 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2019-04-11 18:09:51 +0200
commit: ec30189f75a264572e8ee416fdd926b5cdabac3e (patch)
tree: 89e0f3b7a2f8a075d8fb1ae61aa253ef85ca8aea /data/CVE
parent: 936e3a30f3708b5fdb08b6c39a99a309c86f04c4 (diff)
4 files changed, 14 insertions, 14 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index c1a3f99ea6..98f4525b28 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,5 +1,5 @@
 CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version  ...)
-	TODO: check
+	- glibc 2.3.5-3
 CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for context-de ...)
 	NOT-FOR-US: Generic protocol issue
 CVE-2005-4899
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index a55e9762d8..eaf7fbaf9d 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,5 +1,5 @@
 CVE-2006-7254 (The nscd daemon in the GNU C Library (glibc) before version 2.5 does n ...)
-	TODO: check
+	- glibc 2.5-1
 CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
 	NOT-FOR-US: GE Healthcare Infinia II
 CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 74179f8533..84f72fd477 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -3717,14 +3717,14 @@ CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempti
 CVE-2018-19590
 	RESERVED
 CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
-	TODO: check
+	NOT-FOR-US: Utimaco CryptoServer HSM
 CVE-2018-19588
 	RESERVED
 CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
-	TODO: check
+	NOT-FOR-US: Silverpeas
 CVE-2018-19585
 	RESERVED
 	- gitlab 11.3.11+dfsg-1
@@ -4130,7 +4130,7 @@ CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in
 CVE-2018-19454
 	RESERVED
 CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
-	TODO: check
+	NOT-FOR-US: Kentico CMS
 CVE-2018-19452
 	RESERVED
 CVE-2018-19451
@@ -5260,7 +5260,7 @@ CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05
 CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the D ...)
 	NOT-FOR-US: Geutebrueck cameras
 CVE-2018-19006 (OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI Vision
 CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation  ...)
 	NOT-FOR-US: Cscape
 CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds rea ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 4e158fafba..318484ada5 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -35,9 +35,9 @@ CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism b
 CVE-2019-11067
 	RESERVED
 CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-11066
 	RESERVED
 CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
@@ -3947,7 +3947,7 @@ CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible
 CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...)
 	NOT-FOR-US: Norton Core
 CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...)
@@ -11361,7 +11361,7 @@ CVE-2019-6558
 CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...)
 	NOT-FOR-US: Moxa
 CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...)
-	TODO: check
+	NOT-FOR-US: Omron
 CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
 	NOT-FOR-US: Cscape
 CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...)
@@ -12302,11 +12302,11 @@ CVE-2019-6158
 CVE-2019-6157
 	RESERVED
 CVE-2019-6156 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6155
 	RESERVED
 CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable Genera ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6153
 	RESERVED
 CVE-2019-6152
@@ -16933,7 +16933,7 @@ CVE-2019-3945
 CVE-2019-3944
 	RESERVED
 CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...)
-	TODO: check
+	NOT-FOR-US: MikroTik
 CVE-2019-3942
 	RESERVED
 CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
@@ -17789,7 +17789,7 @@ CVE-2019-3614
 CVE-2019-3613
 	RESERVED
 CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
-	TODO: check
+	NOT-FOR-US: McAFee
 CVE-2019-3611
 	RESERVED
 CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
author	Moritz Muehlenhoff <jmm@debian.org>	2019-04-11 18:09:51 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2019-04-11 18:09:51 +0200
commit	ec30189f75a264572e8ee416fdd926b5cdabac3e (patch)
tree	89e0f3b7a2f8a075d8fb1ae61aa253ef85ca8aea /data/CVE
parent	936e3a30f3708b5fdb08b6c39a99a309c86f04c4 (diff)