[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Sat, 28 Jul 2018 21:01:54 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f60a32c2 by Salvatore Bonaccorso at 2018-07-29T04:00:59Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -221,13 +221,13 @@ CVE-2018-1002208 (sharplibzip before 1.0 RC1 is 
vulnerable to directory traversa
        NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232
        TODO: further checks
 CVE-2018-1002207 (mholt/archiver golang package before ...)
-       TODO: check
+       NOT-FOR-US: golang-github-mholt-archiver
 CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory 
traversal, ...)
-       TODO: check
+       NOT-FOR-US: SharpCompress library (for .NET Standard 1.0)
 CVE-2018-1002205 (DotNetZip.Semvered before 1.11.0 is vulnerable to directory 
traversal, ...)
-       TODO: check
+       NOT-FOR-US: DotNetZip.Semvered library (.NET)
 CVE-2018-1002203 (unzipper npm library before 0.8.13 is vulnerable to 
directory ...)
-       TODO: check
+       NOT-FOR-US: unzipper nodejs module
 CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a 
denial of ...)
        NOT-FOR-US: wancms
 CVE-2018-14595
@@ -632,7 +632,7 @@ CVE-2018-14441 (An issue was discovered in cckevincyh SSH 
CompanyWebsite through
 CVE-2018-14440 (An issue was discovered in cckevincyh SSH CompanyWebsite 
through ...)
        NOT-FOR-US: cckevincyh SSH CompanyWebsite
 CVE-2018-14439 (espritblock eos4j, an unofficial SDK for EOS, through 
2018-07-12 ...)
-       TODO: check
+       NOT-FOR-US: eos4j
 CVE-2018-14438 (In Wireshark through 2.6.2, the create_app_running_mutex 
function in ...)
        - wireshark <not-affected> (Problem with SetSecurityDescriptorDacl() is 
Windows specific issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921
@@ -1008,7 +1008,7 @@ CVE-2018-14337 (The CHECK macro in 
mrbgems/mruby-sprintf/src/sprintf.c in mruby 
 CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a 
denial of ...)
        NOT-FOR-US: TP-Link
 CVE-2018-14335 (An issue was discovered in H2 1.4.197. Insecure handling of 
...)
-       TODO: check
+       NOT-FOR-US: H2 (different from src:python-h2)
 CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows 
arbitrary file ...)
        NOT-FOR-US: joyplus-cms
 CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode 
format within ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60a32c273b4f032afdf0a90630e5bc5aefd40af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60a32c273b4f032afdf0a90630e5bc5aefd40af
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to