Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d9e975a by Moritz Muehlenhoff at 2018-12-21T12:37:54Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,17 +25,17 @@ CVE-2018-20320
CVE-2018-20319
RESERVED
CVE-2018-20318 (An issue was discovered in weixin-java-tools v3.2.0. There is
an XXE ...)
- TODO: check
+ NOT-FOR-US: weixin-java-tools
CVE-2018-1000886 (nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow
vulnerability ...)
- nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392514
NOTE: Crash in CLI, no security impact
CVE-2018-1000885 (PHKP version including commit
88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b ...)
- TODO: check
+ NOT-FOR-US: PHKP
CVE-2018-1000884 (Vesta CP version Prior to commit ...)
- TODO: check
+ NOT-FOR-US: Vesta CP
CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Elixir Plug, different from src:elixir-lang
CVE-2018-20317
RESERVED
CVE-2018-20316
@@ -119,13 +119,13 @@ CVE-2018-1000860 (phpipam version 1.3.2 and earlier
contains a Cross Site Script
CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request
Forgery ...)
TODO: check
CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a
Directory ...)
- TODO: check
+ NOT-FOR-US: log-user-session
CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the
latest ...)
NOT-FOR-US: DomainMOD
CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: easymon
CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a
CWE-74: ...)
- TODO: check
+ NOT-FOR-US: esigate
CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit ...)
- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
- freerdp <removed>
@@ -133,25 +133,25 @@ CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released
version before commit ...)
NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871
NOTE:
https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included.
contains a ...)
- TODO: check
+ NOT-FOR-US: Copay Bitcoin Wallet
CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and
2.5.0 ...)
- TODO: check
+ NOT-FOR-US: Square Retrofit
CVE-2018-1000849 (Alpine Linux version Versions prior to 2.6.10, 2.7.6, and
2.10.1 ...)
- TODO: check
+ NOT-FOR-US: Alpine Linux
CVE-2018-1000848 (Wampserver version prior to version 3.1.5 contains a Cross
Site ...)
- TODO: check
+ NOT-FOR-US: Wampserver
CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: FreshDNS
CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite
Request ...)
- TODO: check
+ NOT-FOR-US: FreshDNS
CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control
vulnerability in ...)
TODO: check
CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
- TODO: check
+ NOT-FOR-US: Square Retrofit
CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
TODO: check
CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1,
>=0.16.0 <=0.16.3, ...)
- TODO: check
+ NOT-FOR-US: FatFreeCRM
CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site
Scripting (XSS) ...)
TODO: check
CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier
contains a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d9e975ab4f2d54dfa9865a98a0eac25ae879729
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d9e975ab4f2d54dfa9865a98a0eac25ae879729
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
