[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 11 Jun 2018 12:54:13 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0d746947 by Salvatore Bonaccorso at 2018-06-11T21:53:24+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22503,7 +22503,7 @@ CVE-2018-3740 (A specially crafted HTML fragment can 
cause Sanitize gem for Ruby
 CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer 
...)
        NOT-FOR-US: https-proxy-agent
 CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid 
.proto ...)
-       TODO: check
+       NOT-FOR-US: protobufjs
 CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid 
public keys. ...)
        - node-sshpk <unfixed> (unimportant; bug #901093)
        NOTE: https://github.com/joyent/node-sshpk/issues/44
@@ -22512,19 +22512,19 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when 
parsing crafted invalid public 
 CVE-2018-3736 (https-proxy-agent passes unsanitized options to Buffer(arg) 
resulting ...)
        NOT-FOR-US: https-proxy-agent nodejs module
 CVE-2018-3735 (bracket-template suffers from reflected XSS possible when 
variable ...)
-       TODO: check
+       NOT-FOR-US: bracket-template nodejs module
 CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability 
due to ...)
        NOT-FOR-US: stattic nodejs module
 CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path 
...)
        NOT-FOR-US: crud-file-server nodejs module
 CVE-2018-3732 (resolve-path node module before 1.4.0 suffers from a Path 
Traversal ...)
-       TODO: check
+       NOT-FOR-US: resolve-path nodejs module
 CVE-2018-3731 (public node module suffers from a Path Traversal vulnerability 
due to ...)
-       TODO: check
+       NOT-FOR-US: public nodejs module
 CVE-2018-3730 (mcstatic node module suffers from a Path Traversal 
vulnerability due ...)
-       TODO: check
+       NOT-FOR-US: mcstatic nodejs module
 CVE-2018-3729 (localhost-now node module suffers from a Path Traversal 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: localhost-now nodejs module
 CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers 
from a Modification of ...)
        - node-hoek <unfixed> (unimportant)
        NOTE: fixed in 4.2.1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d746947f1a17a3955d23485567a26119be2ec14

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d746947f1a17a3955d23485567a26119be2ec14
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to