[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 07 Sep 2018 08:02:53 -0700

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5151dd49 by Moritz Muehlenhoff at 2018-09-07T15:02:03Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87,7 +87,7 @@ CVE-2018-16624
 CVE-2018-16623
        RESERVED
 CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-       TODO: check
+       NOT-FOR-US: DoraCMS
 CVE-2018-16621
        RESERVED
 CVE-2018-16620
@@ -157,7 +157,7 @@ CVE-2018-16592
 CVE-2018-16591
        RESERVED
 CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side 
JavaScript for ...)
-       TODO: check
+       NOT-FOR-US: FURUNO FELCOM
 CVE-2018-16589
        RESERVED
 CVE-2018-16588
@@ -232,7 +232,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains 
a Directory Traversa
        NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
        NOTE: 
https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer 
reference ...)
-       TODO: check
+       NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input 
Validation ...)
        TODO: check
 CVE-2018-1000673
@@ -241,25 +241,25 @@ CVE-2018-1000671 (sympa version 6.2.16 and later contains 
a CWE-601: URL Redirec
        - sympa <unfixed> (bug #908165)
        NOTE: https://github.com/sympa-community/sympa/issues/268
 CVE-2018-1000668 (jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds 
Read ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2018-1000667 (NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and 
earlier contains ...)
        - nasm <unfixed> (unimportant)
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392507
        NOTE: https://github.com/cyrillos/nasm/issues/3
        NOTE: Crash in CLI tool, no security impact
 CVE-2018-1000666 (GIG Technology NV JumpScale Portal 7 version before commit 
...)
-       TODO: check
+       NOT-FOR-US: GIG Technology NV JumpScale Portal
 CVE-2018-1000665 (Dojo Dojo Objective Harness (DOH) version prior to version 
1.14 ...)
        - dojo 1.14.1+dfsg1-1 (unimportant)
        NOTE: https://github.com/dojo/dojo/pull/307
 CVE-2018-1000664 (daneren2005 DSub for Subsonic (Android client) version 5.4.1 
contains ...)
-       TODO: check
+       NOT-FOR-US: daneren2005 DSub for Subsonic
 CVE-2018-1000663 (jsish version 2.4.70 2.047 contains a Buffer Overflow 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2018-1000661 (jsish version 2.4.67 contains a CWE-476: NULL Pointer 
Dereference ...)
-       TODO: check
+       NOT-FOR-US: jsish
 CVE-2018-1000660 (TOCK version prior to commit 
42f7f36e74088036068d62253e1d8fb26605feed. ...)
-       TODO: check
+       NOT-FOR-US: TOCK
 CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory 
traversal ...)
        - limesurvey <itp> (bug #472802)
 CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload 
...)
@@ -446,7 +446,7 @@ CVE-2018-16461
 CVE-2018-16460
        RESERVED
 CVE-2018-16459 (An unescaped payload in exceljs &lt;v1.6 allows a possible XSS 
via cell ...)
-       TODO: check
+       NOT-FOR-US: exceljs
 CVE-2018-1000672
        REJECTED
 CVE-2018-1000662
@@ -863,7 +863,7 @@ CVE-2018-16312
 CVE-2018-16311
        RESERVED
 CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause 
a denial ...)
-       TODO: check
+       NOT-FOR-US: Technicolor
 CVE-2018-16309
        RESERVED
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows 
CSV ...)
@@ -913,7 +913,7 @@ CVE-2018-16287
 CVE-2018-16286
        RESERVED
 CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via 
the ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2018-16284
        RESERVED
 CVE-2018-16283
@@ -962,7 +962,7 @@ CVE-2018-16263
 CVE-2018-16262
        RESERVED
 CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 
9.0R1, ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Pulse Desktop Client
 CVE-2018-16260
        RESERVED
 CVE-2018-16259
@@ -1928,7 +1928,7 @@ CVE-2018-15867
 CVE-2018-15866
        RESERVED
 CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation 
...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in 
xkbcomp/parser.y in ...)
        - libxkbcommon 0.8.2-1 (low; bug #907302)
        [stretch] - libxkbcommon <no-dsa> (Minor issue)
@@ -2206,7 +2206,7 @@ CVE-2018-15751
 CVE-2018-15750
        RESERVED
 CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 
has a ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 
2.70.05.02, ...)
        NOT-FOR-US: Dell 2335dn printers
 CVE-2018-15747
@@ -2269,7 +2269,7 @@ CVE-2018-1999043 (A denial of service vulnerability 
exists in Jenkins 2.137 and
 CVE-2018-1999042 (A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 
and ...)
        - jenkins <removed>
 CVE-2018-15726 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 
has a ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15725
        RESERVED
 CVE-2018-15724
@@ -5608,7 +5608,7 @@ CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 
2.4.7, the CoAP protoco
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
        NOTE: https://www.wireshark.org/security/wnpa-sec-2018-42.html
 CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 
8.1R13 ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2018-14365
        RESERVED
 CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x 
before ...)
@@ -10971,7 +10971,7 @@ CVE-2018-12236
 CVE-2018-12235
        RESERVED
 CVE-2018-12234 (A Reflected Cross Site Scripting (XSS) Vulnerability was 
discovered in ...)
-       TODO: check
+       NOT-FOR-US: Adrenalin HRMS Software
 CVE-2018-12231
        RESERVED
 CVE-2018-12230 (An wrong logical check identified in the transferFrom function 
of a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5151dd4989ee9a8fc9aaf2bd5cda4af9687d8fb6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5151dd4989ee9a8fc9aaf2bd5cda4af9687d8fb6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to