[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 16 Jul 2018 13:18:00 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f1b1f019 by Salvatore Bonaccorso at 2018-07-16T22:16:37+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -515,7 +515,7 @@ CVE-2018-14072 (libsixel 1.8.1 has a memory leak in 
sixel_decoder_decode in deco
        [stretch] - libsixel <no-dsa> (Minor issue)
        NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610
 CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has 
insufficient ...)
-       TODO: check
+       NOT-FOR-US: Geo Mashup plugin for WordPress
 CVE-2018-14070
        RESERVED
 CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF 
vulnerability ...)
@@ -763,9 +763,9 @@ CVE-2018-13983
 CVE-2018-13982
        RESERVED
 CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS 
before ...)
-       TODO: check
+       NOT-FOR-US: Zeta Producer Desktop CMS
 CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS 
before ...)
-       TODO: check
+       NOT-FOR-US: Zeta Producer Desktop CMS
 CVE-2018-13979
        RESERVED
 CVE-2018-13978
@@ -2039,7 +2039,7 @@ CVE-2018-13389 (The attachment resource in Atlassian 
Confluence before version 6
 CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and 
Crucible ...)
        NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server 
before ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2018-13386
        RESERVED
 CVE-2018-13385
@@ -6263,9 +6263,9 @@ CVE-2016-1000344 (In the Bouncy Castle JCE Provider 
version 1.55 and earlier the
        [jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated 
by using a different mode than ECB)
        NOTE: 
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
 CVE-2018-11717 (An issue was discovered in Zoho ManageEngine Desktop Central 
before ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-11716 (An issue was discovered in Zoho ManageEngine Desktop Central 
before ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-11715 (The Recent Threads plugin before 1.1 for MyBB allows XSS via a 
thread ...)
        NOT-FOR-US: Recent Threads plugin for MyBB
 CVE-2018-11714 (An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 
3.16 ...)
@@ -24358,7 +24358,7 @@ CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 
6.6 and 6.7, and ProxySG 6
 CVE-2018-5240
        RESERVED
 CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a 
bypass ...)
-       TODO: check
+       NOT-FOR-US: Norton
 CVE-2018-5238
        RESERVED
 CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 
MP10 ...)
@@ -24386,7 +24386,7 @@ CVE-2018-5231 (The ForgotLoginDetails resource in 
Atlassian Jira before version 
 CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, 
from ...)
        NOT-FOR-US: Atlassian
 CVE-2018-5229 (The NotificationRepresentationFactoryImpl class in Atlassian 
Universal ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible 
before ...)
        NOT-FOR-US: Atlassian
 CVE-2018-5227 (Various administrative application link resources in Atlassian 
...)
@@ -37641,15 +37641,15 @@ CVE-2018-0712 (Command injection vulnerability in 
LDAP Server in QNAP QTS 4.2.6 
 CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 
build ...)
        NOT-FOR-US: QNAP
 CVE-2018-0710 (Command injection vulnerability in SSH of QNAP Q'center Virtual 
...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2018-0709 (Command injection vulnerability in date of QNAP Q'center 
Virtual ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2018-0708 (Command injection vulnerability in networking of QNAP Q'center 
Virtual ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2018-0707 (Command injection vulnerability in change password of QNAP 
Q'center ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2018-0706 (Exposure of Private Information in QNAP Q'center Virtual 
Appliance ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 
does not ...)
        - yard 0.9.12-1
        [stretch] - yard <no-dsa> (Minor issue)
@@ -38510,11 +38510,11 @@ CVE-2018-0387
 CVE-2018-0386
        RESERVED
 CVE-2018-0385 (A vulnerability in the detection engine parsing of Security 
Socket ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT 
System ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT 
System ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0382
        RESERVED
 CVE-2018-0381
@@ -38540,15 +38540,15 @@ CVE-2018-0372
 CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting 
Server ...)
        NOT-FOR-US: Cisco
 CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower 
System ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0369 (A vulnerability in the reassembly logic for fragmented IPv4 
packets of ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) 
Center ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0367
        RESERVED
 CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco 
Web ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco 
...)
        NOT-FOR-US: Cisco
 CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
@@ -38598,7 +38598,7 @@ CVE-2018-0343
 CVE-2018-0342
        RESERVED
 CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 
7800, and ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)
        NOT-FOR-US: Cisco
 CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco 
Identity ...)
@@ -190064,7 +190064,7 @@ CVE-2013-0524
 CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x 
through ...)
        NOT-FOR-US: IBM WebSphere
 CVE-2013-0522 (The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 
8.0.2, ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2013-0521
        RESERVED
 CVE-2013-0520 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 
Interim ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1b1f0191b602e23b9791c465d8ce2626d576126

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1b1f0191b602e23b9791c465d8ce2626d576126
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to