[Git][security-tracker-team/security-tracker][master] NFUs

Fri, 06 Jul 2018 06:49:22 -0700 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1850b7b2 by Moritz Muehlenhoff at 2018-07-06T15:48:42+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25886,9 +25886,9 @@ CVE-2018-3766 (Path traversal in buttle module versions 
<= 0.2.0 allows to re
 CVE-2018-3765
        RESERVED
 CVE-2018-3764 (In Nextcloud Contacts before 2.1.2, a missing sanitization of 
search ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Contacts
 CVE-2018-3763 (In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing 
sanitization ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Contacts
 CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper 
checks ...)
        - nextcloud <itp> (bug #835086)
 CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper 
...)
@@ -39987,37 +39987,37 @@ CVE-2016-10674 (limbus-buildgen is a &quot;build 
anywhere&quot; build system. li
 CVE-2016-10673 (ipip-coffee queries geolocation information from IP 
ipip-coffee ...)
        NOT-FOR-US: ipip-coffee
 CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend 
cloudpub-redis ...)
-       TODO: check
+       NOT-FOR-US: cloudpub-redis
 CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. 
mystem-wrapper ...)
-       TODO: check
+       NOT-FOR-US: mystem-wrapper
 CVE-2016-10670 (windows-seleniumjar-mirror downloads the Selenium Jar file ...)
-       TODO: check
+       NOT-FOR-US: windows-seleniumjar-mirror
 CVE-2016-10669 (soci downloads binary resources over HTTP, which leaves it 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: soci
 CVE-2016-10668 (libsbml is a module that installs Linux binaries for libSBML 
libsbml ...)
-       TODO: check
+       NOT-FOR-US: libsbml node integration, different from src:libsml
 CVE-2016-10667 (selenium-portal is a Selenium Testing Framework 
selenium-portal ...)
-       TODO: check
+       NOT-FOR-US: selenium-portal
 CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser 
tomita-parser ...)
-       TODO: check
+       NOT-FOR-US: tomita-parser
 CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on 
libtins ...)
-       TODO: check
+       NOT-FOR-US: herbivore
 CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text 
analyzer by ...)
-       TODO: check
+       NOT-FOR-US: mystem
 CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset 
binaries ...)
-       TODO: check
+       NOT-FOR-US: wixtoolset
 CVE-2016-10662 (tomita is a node wrapper for Yandex Tomita Parser tomita 
downloads ...)
-       TODO: check
+       NOT-FOR-US: tomita
 CVE-2016-10661 (phantomjs-cheniu is a Headless WebKit with JS API 
phantomjs-cheniu ...)
-       TODO: check
+       NOT-FOR-US: phantomjs-cheniu
 CVE-2016-10660 (fis-parser-sass-bin a plugin for fis to compile sass using ...)
-       TODO: check
+       NOT-FOR-US: fis-parser-sass-bin
 CVE-2016-10659 (poco - The POCO libraries, downloads source file resources 
used for ...)
        NOT-FOR-US: nodejs poco module
 CVE-2016-10658 (native-opencv is the OpenCV library installed via npm 
native-opencv ...)
-       TODO: check
+       NOT-FOR-US: native-opencv binding for node, different from src:opencv
 CVE-2016-10657 (co-cli-installer downloads the co-cli module as part of the 
install ...)
-       TODO: check
+       NOT-FOR-US: co-cli-installer
 CVE-2016-10656 (qbs is a build tool that helps simplify the build process for 
...)
        NOT-FOR-US: npm qbs (different from src:qbs)
 CVE-2016-10655 (The clang-extra module installs LLVM's clang-extra tools. 
clang-extra ...)
@@ -40033,7 +40033,7 @@ CVE-2016-10651 (webdriver-launcher is a Node.js 
Selenium Webdriver Launcher. ...
 CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver 
downloads ...)
        NOT-FOR-US: ntfserver
 CVE-2016-10649 (frames-compiler downloads binary resources over HTTP, which 
leaves it ...)
-       TODO: check
+       NOT-FOR-US: frames-compiler
 CVE-2016-10648 (marionette-socket-host is a marionette-js-runner host for 
sending ...)
        NOT-FOR-US: marionette-socket-host
 CVE-2016-10647 (node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads 
binary ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1850b7b21dba8a3ffa044901b7085243648a65ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1850b7b21dba8a3ffa044901b7085243648a65ad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to