[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 18 Apr 2018 22:43:06 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9ef08f1d by Salvatore Bonaccorso at 2018-04-19T07:41:41+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17,15 +17,15 @@ CVE-2018-1000167 (OISF suricata-update version 1.0.0a1 
contains an Insecure ...)
 CVE-2018-1000166
        RESERVED
 CVE-2018-1000165 (LightSAML version prior to 1.3.5 contains a Incorrect Access 
Control ...)
-       TODO: check
+       NOT-FOR-US: LightSAML
 CVE-2018-1000163 (Floodlight version 1.2 and earlier contains a Cross Site 
Scripting ...)
-       TODO: check
+       NOT-FOR-US: Floodlight
 CVE-2018-1000162 (Parsedown version prior to 1.7.0 contains a Cross Site 
Scripting (XSS) ...)
        TODO: check
 CVE-2018-1000160 (RisingStack protect version 1.2.0 and earlier contains a 
Cross Site ...)
        TODO: check
 CVE-2018-1000158 (cmsmadesimple version 2.2.7 contains a Incorrect Access 
Control ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2018-10199 (In versions of mruby up to and including 1.4.0, a 
use-after-free ...)
        - mruby <unfixed> (bug #896021)
        NOTE: https://github.com/mruby/mruby/issues/4001
@@ -41,7 +41,7 @@ CVE-2018-10191 (In versions of mruby up to and including 
1.4.0, an integer overf
 CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access 
(PIA) VPN ...)
        NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client 
for Windows
 CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. 
It is ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2018-10188
        RESERVED
 CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in 
the ...)
@@ -4944,7 +4944,7 @@ CVE-2018-8094
 CVE-2018-8093
        RESERVED
 CVE-2018-8092 (Mautic before 2.13.0 allows CSV injection. ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2018-8091
        RESERVED
 CVE-2018-8090
@@ -5006,7 +5006,7 @@ CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote 
attackers to execute arbitrar
 CVE-2018-8072
        RESERVED
 CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. 
...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
        NOT-FOR-US: QCMS
 CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
@@ -10018,7 +10018,7 @@ CVE-2018-6415
 CVE-2018-6414
        RESERVED
 CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S 
of ...)
-       TODO: check
+       NOT-FOR-US: Hikvision Camera DS-2CD9111-S
 CVE-2018-6412 (In the function sbusfb_ioctl_helper() in 
drivers/video/fbdev/sbuslib.c ...)
        - linux <unfixed> (unimportant)
        NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
@@ -13088,17 +13088,17 @@ CVE-2018-5344 (In the Linux kernel through 4.14.13, 
drivers/block/loop.c mishand
 CVE-2018-5343
        RESERVED
 CVE-2018-5342 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5341 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5340 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5339 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5338 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5337 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, 
NTP, ...)
        {DSA-4101-1 DLA-1258-1}
        - wireshark 2.4.4-1
@@ -24167,7 +24167,7 @@ CVE-2018-1242
 CVE-2018-1241
        RESERVED
 CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an 
...)
-       TODO: check
+       NOT-FOR-US: EMC ViPR Controller
 CVE-2018-1239
        RESERVED
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command 
injection ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef08f1da2a7adf1933fd48cd7492c38bce53a45

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef08f1da2a7adf1933fd48cd7492c38bce53a45
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to