[Git][security-tracker-team/security-tracker][master] Process NFUs

Fri, 03 Aug 2018 01:23:02 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5de1f871 by Salvatore Bonaccorso at 2018-08-03T08:22:31Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-14878
        RESERVED
 CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via 
Site ...)
-       TODO: check
+       NOT-FOR-US: WeaselCMS
 CVE-2018-14876 (An issue was discovered in image_save_png in 
image/image-png.cpp in ...)
        - flif <unfixed>
        NOTE: https://github.com/FLIF-hub/FLIF/issues/520
@@ -40,7 +40,7 @@ CVE-2018-14860
 CVE-2018-14859
        RESERVED
 CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before 
V7.0.11 ...)
-       TODO: check
+       NOT-FOR-US: idreamsoft iCMS
 CVE-2018-14857
        RESERVED
 CVE-2018-14856
@@ -5951,7 +5951,7 @@ CVE-2018-12450
 CVE-2018-12449
        RESERVED
 CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but 
only a ...)
-       TODO: check
+       NOT-FOR-US: Whale Browser
 CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in 
libavcodec, as used ...)
        NOT-FOR-US: libbpg
 CVE-2018-12446 (** DISPUTED ** An issue was discovered in the 
com.dropbox.android ...)
@@ -10838,7 +10838,7 @@ CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and 
v8.1SP1, and InTouch Machine 
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 
3.90.01 ...)
        NOT-FOR-US: RSLinx
 CVE-2018-10618 (Davolink DVW-3200N all version prior to Version 1.00.06. The 
device ...)
-       TODO: check
+       NOT-FOR-US: Davolink DVW-3200N
 CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 
4.00.04 ...)
        NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input 
validation ...)
@@ -18334,7 +18334,7 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an 
Insufficient Control of Ne
 CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 
3.1 ...)
        NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified 
Application
 CVE-2018-7649 (Monitorix before 3.10.1 allows XSS via CGI variables. ...)
-       TODO: check
+       NOT-FOR-US: Monitorix
 CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 
2.3.0. The ...)
        - openjpeg2 <unfixed> (unimportant)
        NOTE: 
https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
@@ -29232,11 +29232,11 @@ CVE-2018-3925
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
        TODO: check
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
-       TODO: check
+       NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
-       TODO: check
+       NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
-       TODO: check
+       NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3920
        RESERVED
 CVE-2018-3919
@@ -35679,7 +35679,7 @@ CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 
5.5.0 is vulnerable to ...)
 CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to 
...)
        NOT-FOR-US: IBM FileNet Content Manager
 CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 
could allow ...)
        NOT-FOR-US: IBM
 CVE-2018-1552
@@ -43239,7 +43239,7 @@ CVE-2017-16351
 CVE-2017-16350
        RESERVED
 CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the 
...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2017-16348
        RESERVED
 CVE-2017-16347 (An attacker could send an authenticated HTTP request to 
trigger this ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5de1f8711cb5cb00880f8aa3d3e431f7a34f8a2d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5de1f8711cb5cb00880f8aa3d3e431f7a34f8a2d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to