subject:"\[Git\]\[security\-tracker\-team\/security\-tracker\]\[master\] 2 commits\: NFUs"

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2023-08-09 Thread Moritz Muehlenhoff (@jmm)



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5044562a by Moritz Muehlenhoff at 2023-08-09T20:07:53+02:00
NFUs

- - - - -
1b4d0128 by Moritz Muehlenhoff at 2023-08-09T20:07:54+02:00
bullseye/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -100,7 +100,7 @@ CVE-2023-39532 (SES is a JavaScript environment that allows 
safe execution of ar
 CVE-2023-39518 (social-media-skeleton is an uncompleted social media project 
implement ...)
TODO: check
 CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39342 (Dangerzone is software for converting potentially dangerous 
PDFs, offi ...)
TODO: check
 CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, 
RUGGEDCOM i800N ...)
@@ -112,21 +112,21 @@ CVE-2023-39217 (Improper input validation in Zoom 
SDK\u2019s before 5.14.10 may
 CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows 
before 5. ...)
NOT-FOR-US: Zoom
 CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit 
sensitiv ...)
NOT-FOR-US: ASUS
 CVE-2023-38815
@@ -164,37 +164,37 @@ CVE-2023-38759 (Cross Site Request Forgery (CSRF) 
vulnerability in wger Project
 CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger 
Workout Manage ...)
TODO: check
 CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < 
V14.2.0.5 ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < 
V14.2.0.5 ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant 
Simulation V22 ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant 
Simulation V22 ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant 
Simulation V22 ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All 
versions  ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All 
versions < ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Syntacti ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2023-38254 (Microsoft Message

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2021-03-16 Thread Moritz Muehlenhoff



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1dc92906 by Moritz Muehlenhoff at 2021-03-16T14:22:40+01:00
NFUs

- - - - -
2326b6c9 by Moritz Muehlenhoff at 2021-03-16T14:23:39+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1577,7 +1577,7 @@ CVE-2021-27819
 CVE-2021-27818
RESERVED
 CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 
allows an att ...)
-   TODO: check
+   NOT-FOR-US: shopxo
 CVE-2021-27816
RESERVED
 CVE-2021-27815
@@ -2520,9 +2520,9 @@ CVE-2021-27383
 CVE-2021-27382
RESERVED
 CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All 
Versions ...)
-   TODO: check
+   NOT-FOR-US: Solid Edge SE2020
 CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All 
Versions ...)
-   TODO: check
+   NOT-FOR-US: Solid Edge SE2020
 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 
Intel HVM  ...)
- xen 4.14.0+80-gd101b417b7-1
[stretch] - xen  (Incomplete fix for CVE-2020-15565 not 
applied)
@@ -2840,7 +2840,7 @@ CVE-2021-27232 (The RTSPLive555.dll ActiveX control in 
Pelco Digital Sentry Serv
 CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting 
environment, s ...)
NOT-FOR-US: Hestia Control Panel
 CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP 
Code Inj ...)
-   TODO: check
+   NOT-FOR-US: ExpressionEngine
 CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim 
navigates ...)
{DLA-2562-1}
- mumble 1.3.4-1 (bug #982904)
@@ -3380,7 +3380,7 @@ CVE-2021-26989 (Clustered Data ONTAP versions prior to 
9.3P21, 9.5P16, 9.6P12, 9
 CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 
9.7P8 a ...)
NOT-FOR-US: Clustered Data ONTAP
 CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot 
Framework.  ...)
-   TODO: check
+   NOT-FOR-US: Element Plug-in for vCenter Server
 CVE-2021-26986
RESERVED
 CVE-2021-26985
@@ -3560,9 +3560,9 @@ CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via 
crafted Cascading Style S
NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11
NOTE: 
https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
 CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS 
protectio ...)
-   TODO: check
+   NOT-FOR-US: Argo CD
 CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the 
endpoin ...)
-   TODO: check
+   NOT-FOR-US: Argo CD
 CVE-2021-26922
RESERVED
 CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, 
tokens cont ...)
@@ -6767,13 +6767,13 @@ CVE-2021-25678
 CVE-2021-25677
RESERVED
 CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 
(V6.3), SCALAN ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 
(All ver ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 
(All ver ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 
(All ver ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password 
Appstore ...)
NOT-FOR-US: Mendix Forgot Password Appstore module
 CVE-2021-25671
@@ -6785,7 +6785,7 @@ CVE-2021-25669
 CVE-2021-25668
RESERVED
 CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All 
versions  ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 
(IEEE 80 ...)
NOT-FOR-US: Siemens
 CVE-2021-25665
@@ -7915,7 +7915,7 @@ CVE-2021-3152 (** DISPUTED ** Home Assistant before 
2021.1.3 does not have a pro
 CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting 
(XSS)  ...)
NOT-FOR-US: i-doit
 CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete 
Personal Data ...)
-   TODO: check
+   NOT-FOR-US: Cryptshare Server
 CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, 
/usr/local/webmin/System/manual_ ...)
NOT-FOR-US: Netshield NANO devices
 CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. 
Sending craft ...)
@@ -10299,7 +10299,7 @@ CVE-2021-24033 (react-dev-utils prior to v11.0.4 
exposes a function, getProcessF
 CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook 
Gameroom d ...)
NOT-FOR-US: Facebook Gameroom
 CVE-2021-24029 (A packet of death scenario is possible in mvfst via

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2020-11-25 Thread Moritz Muehlenhoff



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1babc0a8 by Moritz Muehlenhoff at 2020-11-25T09:34:09+01:00
NFUs

- - - - -
b2204944 by Moritz Muehlenhoff at 2020-11-25T09:34:45+01:00
Merge branch master of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,13 +1,13 @@
 CVE-2020-29073
RESERVED
 CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on 
LiquidFiles b ...)
-   TODO: check
+   NOT-FOR-US: LiquidFiles
 CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles 
before 3.3 ...)
-   TODO: check
+   NOT-FOR-US: LiquidFiles
 CVE-2020-29070
RESERVED
 CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey 
Network ...)
-   TODO: check
+   NOT-FOR-US: Modern Honey Network
 CVE-2020-29068
RESERVED
 CVE-2020-29067
@@ -19,27 +19,27 @@ CVE-2020-29065
 CVE-2020-29064
RESERVED
 CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29062 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29061 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29060 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29059 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29058 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29057 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29056 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29055 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29054 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 
92416A, ...)
-   TODO: check
+   NOT-FOR-US: CDATA
 CVE-2020-29053 (HRSALE 2.0.0 allows XSS via the 
admin/project/projects_calendar set_da ...)
-   TODO: check
+   NOT-FOR-US: HRSALE
 CVE-2020-29052
RESERVED
 CVE-2020-29051
@@ -47,9 +47,9 @@ CVE-2020-29051
 CVE-2020-29050
RESERVED
 CVE-2015-9551 (An issue was discovered on TOTOLINK A850R-V1 through 
1.0.1-B20150707.1 ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2015-9550 (An issue was discovered on TOTOLINK A850R-V1 through 
1.0.1-B20150707.1 ...)
-   TODO: check
+   NOT-FOR-US: TOTOLINK
 CVE-2020-29049
RESERVED
 CVE-2020-29048
@@ -147,9 +147,9 @@ CVE-2020-29005
 CVE-2020-29004
RESERVED
 CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via 
an answ ...)
-   TODO: check
+   NOT-FOR-US: PollNY MediaWiki extension
 CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for 
MediaWiki ...)
-   TODO: check
+   NOT-FOR-US: CologneBlue MediaWiki skin
 CVE-2020-29001
RESERVED
 CVE-2020-29000
@@ -4241,7 +4241,7 @@ CVE-2020-28331 (Barco wePresent WiPG-1600W devices have 
Improper Access Control.
 CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport 
of Crede ...)
NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28329 (Barco wePresent WiPG-1600W firmware includes a hardcoded API 
account a ...)
-   TODO: check
+   NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution 
via the ...)
NOT-FOR-US: SuiteCRM
 CVE-2020-28327 (A res_pjsip_session crash was discovered in Asterisk Open 
Source 13.x  ...)
@@ -9443,11 +9443,11 @@ CVE-2020-26231 (October is a free, open-source, 
self-hosted CMS platform based o
 CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app 
for Spa ...)
NOT-FOR-US: Radar COVID
 CVE-2020-26229 (TYPO3 is an open source PHP based web content management 
system. In TY ...)
-   TODO: check
+   NOT-FOR-US: TYPO3
 CVE-2020-26228 (TYPO3 is an open source PHP based web content management 
system. In TY ...)
-   TODO: check
+   NOT-FOR-US: TYPO3
 CVE-2020-26227 (TYPO3 is an open source PHP based web content management 
system. In TY ...)
-   TODO: check
+   NOT-FOR-US: TYPO3
 CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, 
secrets tha ...)
NOT-FOR-US: semantic-release nodejs module
 CVE-2020-26225 (In

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2018-10-11 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b110200c by Moritz Muehlenhoff at 2018-10-11T08:26:14Z
NFUs

- - - - -
a5e68bbf by Moritz Muehlenhoff at 2018-10-11T08:30:26Z
Merge branch master of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,7 @@
 CVE-2018-18241
RESERVED
 CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a 
command to ...)
-   TODO: check
+   NOT-FOR-US: Pippo
 CVE-2018-18239
RESERVED
 CVE-2018-18238
@@ -107,7 +107,7 @@ CVE-2018-18192 (An issue was discovered in libgig 4.1.0. 
There is a NULL pointer
 CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: FineCms
 CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. 
There is a ...)
-   TODO: check
+   NOT-FOR-US: GoPro gpmf-parser
 CVE-2018-18189
RESERVED
 CVE-2018-18188
@@ -384,9 +384,9 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds 
stack-memory write du
 CVE-2018-18063
RESERVED
 CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive 
...)
-   TODO: check
+   NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive 
...)
-   TODO: check
+   NOT-FOR-US: tecrail Responsive FileManager
 CVE-2018-18060
RESERVED
 CVE-2018-18059
@@ -737,7 +737,7 @@ CVE-2018-17927
 CVE-2018-17926
RESERVED
 CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX 
Control ...)
-   TODO: check
+   NOT-FOR-US: Gigasoft
 CVE-2018-17924
RESERVED
 CVE-2018-17923
@@ -1056,7 +1056,7 @@ CVE-2018-17786 (On D-Link DIR-823G devices, 
ExportSettings.sh, upload_settings.c
 CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal 
exists via ...)
NOT-FOR-US: blynk-server in Blynk
 CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in 
SugarCRM ...)
-   TODO: check
+   NOT-FOR-US: SugarCRM
 CVE-2018-17783
RESERVED
 CVE-2018-17782
@@ -2012,7 +2012,7 @@ CVE-2018-17339
 CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a 
heap-based ...)
NOT-FOR-US: pdfalto
 CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID 
that is ...)
-   TODO: check
+   NOT-FOR-US: Intelbras NPLUG
 CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log 
in ...)
- udisks2 2.8.1-1 (bug #909607)
[stretch] - udisks2  (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2018-09-06 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9fde4232 by Moritz Muehlenhoff at 2018-09-06T13:19:06Z
NFUs

- - - - -
0a8fdcdd by Moritz Muehlenhoff at 2018-09-06T13:55:35Z
Merge branch master of 
https://salsa.debian.org/security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3,7 +3,7 @@ CVE-2018-16554
 CVE-2018-16553
RESERVED
 CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, 
...)
-   TODO: check
+   NOT-FOR-US: MicroPyramid Django-CRM
 CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...)
NOT-FOR-US: LavaLite
 CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass 
the ...)
@@ -16,9 +16,9 @@ CVE-2018-16548 (An issue was discovered in ZZIPlib through 
0.13.69. There is a m
 CVE-2018-16547
RESERVED
 CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private 
key across ...)
-   TODO: check
+   NOT-FOR-US: Amcrest
 CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager 
...)
-   TODO: check
+   NOT-FOR-US: Kaizen Asset Manager
 CVE-2018-16544
RESERVED
 CVE-2018-16538
@@ -56,17 +56,17 @@ CVE-2018-16523
 CVE-2018-16522
RESERVED
 CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form 
Entry ...)
-   TODO: check
+   NOT-FOR-US: OpenMRS
 CVE-2018-16520
RESERVED
 CVE-2018-16519
RESERVED
 CVE-2018-16518 (A directory traversal vulnerability with remote code execution 
in ...)
-   TODO: check
+   NOT-FOR-US: Prim'X Zed! FREE
 CVE-2018-16517
RESERVED
 CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a 
crafted URL. ...)
-   TODO: check
+   - python-flask-admin  (bug #765509)
 CVE-2018-16514
RESERVED
 CVE-2018- [Interger overflow while running jhead]
@@ -183,7 +183,7 @@ CVE-2018-1000672
 CVE-2018-1000662
REJECTED
 CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, 
airGateway ...)
-   TODO: check
+   NOT-FOR-US: Ubiquiti
 CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...)
NOT-FOR-US: baigo CMS
 CVE-2018-16457
@@ -457,7 +457,7 @@ CVE-2018-16363
 CVE-2018-16362 (An issue was discovered in the Source Integration plugin 
before 1.5.9 ...)
NOT-FOR-US: Mantis plugin
 CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php 
allows XSS ...)
-   TODO: check
+   NOT-FOR-US: BTITeam XBTIT
 CVE-2018-16360
RESERVED
 CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, 
permits ...)
@@ -586,7 +586,7 @@ CVE-2018-16309
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows 
CSV ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-16307 (An Out-of-band resource load issue was discovered 
on Xiaomi MIWiFi ...)
-   TODO: check
+   NOT-FOR-US: Xiaomi
 CVE-2018-16306
RESERVED
 CVE-2018-16305
@@ -697,7 +697,7 @@ CVE-2018-16254
 CVE-2018-16253
RESERVED
 CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has .elx 
FileType XML ...)
-   TODO: check
+   NOT-FOR-US: FsPro Labs Event Log Explorer
 CVE-2018-16251
RESERVED
 CVE-2018-16250
@@ -925,15 +925,15 @@ CVE-2018-16150
 CVE-2018-16149
RESERVED
 CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in 
Opsview ...)
-   TODO: check
+   NOT-FOR-US: Opsview Monitor
 CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in 
Opsview ...)
-   TODO: check
+   NOT-FOR-US: Opsview Monitor
 CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 
5.4.2 ...)
-   TODO: check
+   NOT-FOR-US: Opsview Monitor
 CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at 
boot time ...)
-   TODO: check
+   NOT-FOR-US: Opsview Monitor
 CVE-2018-16144 (The test connection functionality in the NetAudit section of 
Opsview ...)
-   TODO: check
+   NOT-FOR-US: Opsview Monitor
 CVE-2018-16143
RESERVED
 CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in ...)
@@ -1449,9 +1449,9 @@ CVE-2018-15921
 CVE-2018-15920
RESERVED
 CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection 
(error-based) ...)
-   TODO: check
+   NOT-FOR-US: Jorani
 CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 
allow ...)
-   TODO: check
+   NOT-FOR-US: Jorani
 CVE-2018-15916
RESERVED
 CVE-2018-15915
@@ -2057,23 +2057,23 @@ CVE-2018-15686
 CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in 
certain ...)
- electron  (bug #842420)
 CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are 
stored in

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2018-07-14 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbcc1760 by Moritz Muehlenhoff at 2018-07-14T20:41:35+02:00
NFUs

- - - - -
c4a9edfd by Moritz Muehlenhoff at 2018-07-14T20:44:48+02:00
imagemagick DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -60,15 +60,15 @@ CVE-2018-1000211 (Doorkeeper version 4.2.0 and later 
contains a Incorrect Access
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
 CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure 
Direct Object ...)
-   TODO: check
+   NOT-FOR-US: YamlDotNet
 CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 
contains a ...)
-   TODO: check
+   NOT-FOR-US: Sensu
 CVE-2018-1000208 (MODX Revolution version =2.6.4 contains a Directory 
Traversal ...)
NOT-FOR-US: MODX Revolution
 CVE-2018-1000207 (MODX Revolution version =2.6.4 contains a Incorrect 
Access Control ...)
NOT-FOR-US: MODX Revolution
 CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite 
Request ...)
-   TODO: check
+   NOT-FOR-US: JFrog Artifactory
 CVE-2018-14054 (A double free exists in the MP4StringProperty class in 
mp4property.cpp ...)
- mp4v2 
NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
@@ -8611,7 +8611,7 @@ CVE-2018-10633 (Universal Robots Robot Controllers 
Version CB 3.1, SW Version ..
 CVE-2018-10632
RESERVED
 CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision 
Clinician ...)
-   TODO: check
+   NOT-FOR-US: Medtronic
 CVE-2018-10630
RESERVED
 CVE-2018-10629
@@ -9976,7 +9976,7 @@ CVE-2018-10103
 CVE-2018-10099
RESERVED
 CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business 
...)
-   TODO: check
+   NOT-FOR-US: MicroWorld eScan
 CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...)
NOT-FOR-US: Domain Trader
 CVE-2018-1000171
@@ -10212,7 +10212,7 @@ CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the 
/admin/?/user/add Name or Username
 CVE-2018-9990 (In Zulip Server versions before 1.7.2, there was an XSS issue 
with ...)
- zulip-server  (bug #800052)
 CVE-2018-10018 (The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G 
DATA ...)
-   TODO: check
+   NOT-FOR-US: GDASPAMLib.AntiSpam ActiveX control
 CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and 
libopenmpt before ...)
- libopenmpt 0.3.8-1 (bug #895406)
[stretch] - libopenmpt  (Minor issue)
@@ -12471,13 +12471,13 @@ CVE-2018-9072
 CVE-2018-9071
RESERVED
 CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier 
than ...)
-   TODO: check
+   NOT-FOR-US: Lenovo
 CVE-2018-9069
RESERVED
 CVE-2018-9068
RESERVED
 CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 
had ...)
-   TODO: check
+   NOT-FOR-US: Lenovo
 CVE-2018-9066
RESERVED
 CVE-2018-9065
@@ -13076,7 +13076,7 @@ CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 
8840 N'Vision Clinician .
 CVE-2018-8848
RESERVED
 CVE-2018-8847 (Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based 
buffer ...)
-   TODO: check
+   NOT-FOR-US: Eaton
 CVE-2018-8846
RESERVED
 CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, 
WebAccess ...)
@@ -16551,7 +16551,7 @@ CVE-2018-7536 (An issue was discovered in Django 2.0 
before 2.0.3, 1.11 before .
NOTE: 
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
NOTE: Patch 
https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
 CVE-2018-7535 (An issue was discovered in TotalAV v4.1.7. An unprivileged user 
could ...)
-   TODO: check
+   NOT-FOR-US: TotalAV
 CVE-2018-7534 (In Stealth Authorization Server before 3.3.017.0 in Unisys 
Stealth ...)
NOT-FOR-US: Stealth Authorization Server
 CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in 
OSIsoft PI ...)
@@ -18332,7 +18332,7 @@ CVE-2018-6971
 CVE-2018-6970
RESERVED
 CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an 
out-of-bounds ...)
-   TODO: check
+   NOT-FOR-US: VMware
 CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch 
Agent ...)
NOT-FOR-US: VMware AirWatch Agent
 CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation 
(14.x ...)
@@ -34685,7 +34685,7 @@ CVE-2018-1257 (Spring Framework, versions 5.0.x prior 
to 5.0.6, versions 4.3.x p
 CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a 
regression which ...)
NOT-FOR-US: Spring

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2018-06-30 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f89170a by Moritz Muehlenhoff at 2018-06-30T13:16:02+02:00
NFUs

- - - - -
7e316eeb by Moritz Muehlenhoff at 2018-06-30T13:16:29+02:00
gosa fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -967,7 +967,7 @@ CVE-2018-1000530
 CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site 
Scripting ...)
NOT-FOR-US: Grails Fields plugin
 CVE-2018-1000528 (GONICUS GOsa version before commit ...)
-   - gosa  (low; bug #902723)
+   - gosa 2.7.4+reloaded3-5 (low; bug #902723)
NOTE: 
https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
NOTE: https://github.com/gosa-project/gosa-core/issues/14
 CVE-2018-1000527 (Froxlor version = 0.9.39.5 contains a PHP Object 
Injection ...)
@@ -38566,49 +38566,49 @@ CVE-2017-16212 (ltt is a static file server. ltt is 
vulnerable to a directory ..
 CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to 
a ...)
NOT-FOR-US: lessindex
 CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is 
vulnerable to a ...)
-   TODO: check
+   NOT-FOR-US: jn_jj_server
 CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a 
directory ...)
-   TODO: check
+   NOT-FOR-US: enserver
 CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to 
a ...)
-   TODO: check
+   NOT-FOR-US: dmmcquay.lab6
 CVE-2017-16207 (discordi.js is a malicious module based on the discord.js 
library that ...)
-   TODO: check
+   NOT-FOR-US: discordi.js
 CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a 
user's ...)
-   TODO: check
+   NOT-FOR-US: cofee-script
 CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a 
user's ...)
-   TODO: check
+   NOT-FOR-US:  coffescript
 CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's 
private ...)
-   TODO: check
+   NOT-FOR-US: jquey
 CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a 
user's ...)
-   TODO: check
+   NOT-FOR-US: coffe-script
 CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a 
user's ...)
-   TODO: check
+   NOT-FOR-US: cofeescript
 CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to 
a ...)
-   TODO: check
+   NOT-FOR-US: zjjserver
 CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable 
to a ...)
-   TODO: check
+   NOT-FOR-US: uv-tj-demo
 CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a 
...)
-   TODO: check
+   NOT-FOR-US: sus-sum
 CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory 
...)
-   TODO: check
+   NOT-FOR-US: ritp
 CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a 
...)
-   TODO: check
+   NOT-FOR-US: sinserve
 CVE-2017-16196 (quickserver is a simple static file server. quickserver is 
vulnerable ...)
-   TODO: check
+   NOT-FOR-US: quickserver
 CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to 
a ...)
-   TODO: check
+   NOT-FOR-US: pytservce
 CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a 
directory ...)
-   TODO: check
+   NOT-FOR-US: picard
 CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a 
directory ...)
-   TODO: check
+   NOT-FOR-US: mfrs
 CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is 
...)
-   TODO: check
+   NOT-FOR-US: getcityapi.yoehoehne
 CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to 
a ...)
-   TODO: check
+   NOT-FOR-US: cypserver
 CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable 
to a ...)
-   TODO: check
+   NOT-FOR-US: dcdcdcdcdc
 CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a 
directory ...)
-   TODO: check
+   NOT-FOR-US: sly07
 CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a 
directory ...)
TODO: check
 CVE-2017-16187 (open-device creates a web interface for any device. 
open-device is ...)
@@ -76115,11 +76115,11 @@ CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) 
vulnerability in the web ..
 CVE-2017-3963
REJECTED
 CVE-2017-3962 (Password recovery exploitation vulnerability in the ...)
-   TODO: check
+   NOT-FOR-US: McAfee
 CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface 
in ...)
NOT-FOR-US: McAfee
 CVE-2017-3960 (Exploitation of Authorization vulnerability in the web 
interface in ...)
-   TODO: check
+

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2018-06-27 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ae4bfd3e by Moritz Muehlenhoff at 2018-06-27T21:52:52+02:00
NFUs

- - - - -
d471b849 by Moritz Muehlenhoff at 2018-06-27T21:53:23+02:00
Merge branch master of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,9 @@ CVE-2018-12904 [KVM L1 guest escape]
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
NOTE: 
https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
 CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 
...)
-   TODO: check
+   NOT-FOR-US: CyberArk Endpoint Privilege Manager
 CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the 
search bar of ...)
-   TODO: check
+   NOT-FOR-US: Easy Magazine
 CVE-2018-12901
RESERVED
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf 
function in ...)
@@ -31,7 +31,7 @@ CVE-2018-12891
 CVE-2018-12890
RESERVED
 CVE-2018-12889 (An issue was discovered in CCN-lite 2.0.1. There is a 
heap-based buffer ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2018-12888
RESERVED
 CVE-2018-12887
@@ -41,7 +41,7 @@ CVE-2018-12886
 CVE-2018-12885
RESERVED
 CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an 
authenticated user ...)
-   TODO: check
+   NOT-FOR-US: Octopus Deploy
 CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation 
vulnerability in ...)
TODO: check
 CVE-2018- [grep-excuses: uses YAML::Syck in a unsafe way]
@@ -423,9 +423,9 @@ CVE-2018-12713 (GIMP through 2.10.2 makes g_get_tmp_dir 
calls to establish tempo
NOTE: https://gitlab.gnome.org/GNOME/gimp/issues/1689
NOTE: No security impact
 CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 
3.8.9. ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-12711 (An XSS issue was discovered in the language switcher module in 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2018-12710
RESERVED
 CVE-2016-10724
@@ -610,21 +610,21 @@ CVE-2018-1000556 (WordPress version 4.8 + contains a 
Cross Site Scripting (XSS) 
 CVE-2018-1000555
REJECTED
 CVE-2018-1000554 (Trovebox version = 4.0.0-rc6 contains a Unsafe password 
reset token ...)
-   TODO: check
+   NOT-FOR-US: Trovebox
 CVE-2018-1000553 (Trovebox version = 4.0.0-rc6 contains a Server-Side 
request forgery ...)
-   TODO: check
+   NOT-FOR-US: Trovebox
 CVE-2018-1000552 (Trovebox version = 4.0.0-rc6 contains a SQL Injection 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Trovebox
 CVE-2018-1000551 (Trovebox version = 4.0.0-rc6 contains a PHP Type 
juggling ...)
-   TODO: check
+   NOT-FOR-US: Trovebox
 CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 
contains a ...)
TODO: check
 CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration 
...)
-   TODO: check
+   NOT-FOR-US: Wekan
 CVE-2018-1000548 (Umlet version  14.3 contains a XML External Entity (XXE) 
...)
-   TODO: check
+   NOT-FOR-US: Umlet
 CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access 
Control ...)
-   TODO: check
+   NOT-FOR-US: CoreBOS
 CVE-2018-1000546 (Triplea version = 1.9.0.0.10291 contains a XML External 
Entity (XXE) ...)
TODO: check
 CVE-2018-1000545
@@ -632,31 +632,31 @@ CVE-2018-1000545
 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a 
Directory ...)
TODO: check
 CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution 
due to ...)
-   TODO: check
+   NOT-FOR-US: Akiee
 CVE-2018-1000542 (netbeans-mmd-plugin version = 1.4.3 contains a XML 
External Entity ...)
-   TODO: check
+   NOT-FOR-US: netbeans-mmd-plugin
 CVE-2018-1000541
REJECTED
 CVE-2018-1000540 (LoboEvolution version  
9b75694cedfa4825d4a2330abf2719d470c654cd ...)
-   TODO: check
+   NOT-FOR-US: LoboEvolution
 CVE-2018-1000539 (Nov json-jwt version = 0.5.0   1.9.4 
contains a CWE-347: Improper ...)
TODO: check
 CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to ...)
-   TODO: check
+   NOT-FOR-US: Minion
 CVE-2018-1000537 (Marlin Firmware Marlin version 1.1.x and earlier contains a 
Buffer ...)
-   TODO: check
+   NOT-FOR-US: Marlin
 CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability 
evolving ...)
-   TODO: check
+   NOT-FOR-US: Media
 CVE-2018-1000535 (lms version = LMS_011123 contains a Local File 
Disclosure ...)
-   TODO: check
+   NOT-FOR-US: lms
 CVE-2018-1000534 (Joplin version prior to 1.0.90

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

2018-06-22 Thread Moritz Muehlenhoff

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
48b4aae9 by Moritz Muehlenhoff at 2018-06-22T22:54:43+02:00
NFUs

- - - - -
34cee06d by Moritz Muehlenhoff at 2018-06-22T22:59:42+02:00
add slurm-llnl to dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
 CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode 
function. ...)
-   TODO: check
+   NOT-FOR-US: tinyexr
 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in 
tinyexr.h. ...)
-   TODO: check
+   NOT-FOR-US: tinyexr
 CVE-2018-12686
RESERVED
 CVE-2018-12685
RESERVED
 CVE-2018-12684 (Out-of-bounds Read in the send_ssi_file function in civetweb.c 
in ...)
-   TODO: check
+   NOT-FOR-US: CivetWeb
 CVE-2018-12683
RESERVED
 CVE-2018-12682
@@ -19,7 +19,7 @@ CVE-2018-12680
 CVE-2018-12679
RESERVED
 CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to 
the ...)
-   TODO: check
+   NOT-FOR-US: Portainer
 CVE-2018-12677
RESERVED
 CVE-2018-12676
@@ -57,17 +57,17 @@ CVE-2018-12661
 CVE-2018-12660
RESERVED
 CVE-2018-12659 (SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the 
CSRF ...)
-   TODO: check
+   NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12658 (Reflected Cross-Site Scripting (XSS) exists in the Stock Take 
module in ...)
-   TODO: check
+   NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12657 (Reflected Cross-Site Scripting (XSS) exists in the Master File 
module ...)
-   TODO: check
+   NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12656 (Reflected Cross-Site Scripting (XSS) exists in the Membership 
module in ...)
-   TODO: check
+   NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation 
module ...)
-   TODO: check
+   NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the 
Bibliography module ...)
-   TODO: check
+   NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12653
RESERVED
 CVE-2018-12652
@@ -77,7 +77,7 @@ CVE-2018-12651
 CVE-2018-12650
RESERVED
 CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php 
in MISP ...)
-   TODO: check
+   NOT-FOR-US: MISP
 CVE-2018-12648 (The WEBP::GetLE32 function in ...)
TODO: check
 CVE-2018-12647
@@ -91,7 +91,7 @@ CVE-2018-12644
 CVE-2018-12643
RESERVED
 CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for 
tickets not ...)
-   TODO: check
+   NOT-FOR-US: Floxlor
 CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU 
libiberty, as ...)
TODO: check
 CVE-2018-12640
@@ -225,7 +225,7 @@ CVE-2018-1000404
 CVE-2018-12637
RESERVED
 CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 
for ...)
-   TODO: check
+   NOT-FOR-US: Wordpress plugin
 CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via 
requests to ...)
NOT-FOR-US: CirCarLife Scada
 CVE-2018-12634 (CirCarLife Scada v4.2.4 allows remote attackers to obtain 
sensitive ...)


=
data/dsa-needed.txt
=
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -70,6 +70,8 @@ ruby-rack-protection (jmm)
 -
 ruby-sprockets
 --
+slurm-llnl
+--
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but 
update needs further testing before release.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/7005065cf71562ebe0f54190bc6f6d96ed1e6e58...34cee06de1a87bc64daac4118e389c4262549d1d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/7005065cf71562ebe0f54190bc6f6d96ed1e6e58...34cee06de1a87bc64daac4118e389c4262549d1d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

9 matches

Site Navigation

Mail list logo

Footer information