Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
164fe48e by Moritz Muehlenhoff at 2018-07-02T18:42:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -32539,7 +32539,7 @@ CVE-2018-1155
CVE-2018-1154
RESERVED
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate
the ...)
- TODO: check
+ NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
- libjpeg-turbo <unfixed>
NOTE:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
@@ -39020,19 +39020,19 @@ CVE-2017-16042 (Growl adds growl notification support
to nodejs. Growl before 1.
NOTE: https://nodesecurity.io/advisories/146
NOTE: nodejs not covered by security support
CVE-2017-16041 (ikst versions before 1.1.2 download resources over HTTP, which
leaves ...)
- TODO: check
+ NOT-FOR-US: ikst
CVE-2017-16040 (gfe-sass is a library for promises (CommonJS/Promises/A,B,D)
gfe-sass ...)
- TODO: check
+ NOT-FOR-US: gfe-sass
CVE-2017-16039 (`hftp` is a static http or ftp server `hftp` is vulnerable to
a ...)
- TODO: check
+ NOT-FOR-US: hftp
CVE-2017-16038 (`f2e-server` 1.12.11 and earlier is vulnerable to a directory
...)
- TODO: check
+ NOT-FOR-US: f2e-server
CVE-2017-16037 (`gomeplus-h5-proxy` is vulnerable to a directory traversal
issue, ...)
- TODO: check
+ NOT-FOR-US: gomeplus-h5-proxy
CVE-2017-16036 (`badjs-sourcemap-server` receives files sent by
`badjs-sourcemap`. ...)
- TODO: check
+ NOT-FOR-US: badjs-sourcemap-server
CVE-2017-16035 (The hubl-server module is a wrapper for the HubL Development
Server. ...)
- TODO: check
+ NOT-FOR-US: hubl-server
CVE-2017-16034
RESERVED
CVE-2017-16033
@@ -39040,13 +39040,13 @@ CVE-2017-16033
CVE-2017-16032
RESERVED
CVE-2017-16031 (Socket.io is a realtime application framework that provides
...)
- TODO: check
+ NOT-FOR-US: Socket.io
CVE-2017-16030 (Useragent is used to parse useragent headers. It uses several
regular ...)
NOT-FOR-US: useragent nodejs module
CVE-2017-16029 (hostr is a simple web server that serves up the contents of
the ...)
- TODO: check
+ NOT-FOR-US: hostr
CVE-2017-16028 (react-native-meteor-oauth is a library for Oauth2 login to a
Meteor ...)
- TODO: check
+ NOT-FOR-US: react-native-meteor-oauth
CVE-2017-16027
RESERVED
CVE-2017-16026 (Request is an http client. If a request is made using
```multipart```, ...)
@@ -39056,36 +39056,36 @@ CVE-2017-16026 (Request is an http client. If a
request is made using ```multipa
NOTE: https://github.com/request/request/pull/2018
NOTE: nodejs not covered by security support
CVE-2017-16025 (Nes is a websocket extension library for hapi. Hapi is a
webserver ...)
- TODO: check
+ NOT-FOR-US: Nes
CVE-2017-16024 (The sync-exec module is used to simulate
child_process.execSync in ...)
- TODO: check
+ NOT-FOR-US: sync-exec
CVE-2017-16023 (Decamelize is used to convert a dash/dot/underscore/space
separated ...)
- node-decamelize <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/sindresorhus/decamelize/issues/5
NOTE:
https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0
NOTE: nodejs not covered by security support
CVE-2017-16022 (Morris.js creates an svg graph, with labels that appear when
hovering ...)
- TODO: check
+ NOT-FOR-US: Morris.js
CVE-2017-16021 (uri-js is a module that tries to fully implement RFC 3986. One
of ...)
NOT-FOR-US: uri-js nodejs module
CVE-2017-16020 (Summit is a node web framework. When using the PouchDB driver
in the ...)
- TODO: check
+ NOT-FOR-US: Summit
CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for
building ...)
- TODO: check
+ NOT-FOR-US: GitBook
CVE-2017-16018 (Restify is a framework for building REST APIs. Restify
>=2.0.0 <=4.0.4 ...)
- TODO: check
+ NOT-FOR-US: Restify
CVE-2017-16017 (sanitize-html is a library for scrubbing html input for
malicious ...)
- TODO: check
+ NOT-FOR-US: sanitize-html
CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of
malicious ...)
- TODO: check
+ NOT-FOR-US: sanitize-html
CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions
before ...)
- TODO: check
+ NOT-FOR-US: Forms
CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors
are ...)
- node-http-proxy <itp> (bug #896978)
NOTE: https://nodesecurity.io/advisories/323
NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101
CVE-2017-16013 (hapi is a web and services application framework. When hapi
>= 15.0.0 ...)
- TODO: check
+ NOT-FOR-US: hapi
CVE-2017-16012
REJECTED
CVE-2017-16011
@@ -39096,13 +39096,13 @@ CVE-2017-16010 (i18next is a language translation
framework. When using the .ini
NOTE: https://nodesecurity.io/advisories/326
NOTE: nodejs not covered by security support
CVE-2017-16009 (ag-grid is an advanced data grid that is library agnostic.
ag-grid is ...)
- TODO: check
+ NOT-FOR-US: ag-grid
CVE-2017-16008 (i18next is a language translation framework. Because of how
the ...)
- TODO: check
+ NOT-FOR-US: i18next
CVE-2017-16007 (node-jose is a JavaScript implementation of the JSON Object
Signing ...)
- TODO: check
+ NOT-FOR-US: node-jose
CVE-2017-16006 (Remarkable is a markdown parser. In versions 1.6.2 and lower,
...)
- TODO: check
+ NOT-FOR-US: Remarkable
CVE-2017-16005 (Http-signature is a "Reference implementation of Joyent's
HTTP ...)
- node-http-signature <not-affected> (Fixed before initial upload to
Debian)
NOTE: https://github.com/joyent/node-http-signature/issues/10
@@ -39111,7 +39111,7 @@ CVE-2017-16005 (Http-signature is a "Reference
implementation of Joyent's H
CVE-2017-16004
RESERVED
CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools
for ...)
- TODO: check
+ NOT-FOR-US: windows-build-tools
CVE-2017-16002
RESERVED
CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
@@ -39135,33 +39135,33 @@ CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils
2.29 allows remote attacker
CVE-2017-15995
RESERVED
CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text
analyzer by ...)
- TODO: check
+ NOT-FOR-US: mystem-fix
CVE-2016-10697 (react-native-baidu-voice-synthesizer is a baidu voice speech
...)
- TODO: check
+ NOT-FOR-US: react-native-baidu-voice-synthesizer
CVE-2016-10696 (windows-latestchromedriver downloads the latest version of ...)
- TODO: check
+ NOT-FOR-US: windows-latestchromedriver
CVE-2016-10695 (The npm-test-sqlite3-trunk module provides asynchronous,
non-blocking ...)
- TODO: check
+ NOT-FOR-US: npm-test-sqlite3-trunk
CVE-2016-10694 (alto-saxophone is a module to install and launch Chromedriver
for Mac, ...)
- TODO: check
+ NOT-FOR-US: alto-saxophone
CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka
server ...)
- TODO: check
+ NOT-FOR-US: pm2-kafka
CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim
...)
- TODO: check
+ NOT-FOR-US: haxeshim
CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium
Jar file ...)
- TODO: check
+ NOT-FOR-US: windows-seleniumjar
CVE-2016-10690 (openframe-ascii-image module is an openframe plugin which adds
support ...)
- TODO: check
+ NOT-FOR-US: openframe-ascii-image
CVE-2016-10689 (The windows-iedriver module downloads fixed version of ...)
- TODO: check
+ NOT-FOR-US: The windows-iedriver
CVE-2016-10688 (Haxe 3 : The Cross-Platform Toolkit (a fork from David
Mouton's ...)
TODO: check
CVE-2016-10687 (windows-selenium-chromedriver is a module that downloads the
Selenium ...)
- TODO: check
+ NOT-FOR-US: windows-selenium-chromedriver
CVE-2016-10686 (fis-sass-all is another libsass wrapper for node. fis-sass-all
...)
- TODO: check
+ NOT-FOR-US: fis-sass-all
CVE-2016-10685 (pk-app-wonderbox is an integration with wonderbox
pk-app-wonderbox ...)
- TODO: check
+ NOT-FOR-US: pk-app-wonderbox
CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health
Center agent ...)
NOT-FOR-US: IBM
CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it
vulnerable to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/164fe48ef72e4a454dad302d851da6fcf98f65d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/164fe48ef72e4a454dad302d851da6fcf98f65d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
