[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3ffd0c2c by Salvatore Bonaccorso at 2018-04-13T15:17:05+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,17 +1,17 @@
 CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary 
code ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object 
injection ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege 
escalation ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary 
file ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path 
leakage via ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin 
password reset ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
-   TODO: check
+   NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
 CVE-2018-10079
RESERVED
 CVE-2018-10078
@@ -8058,9 +8058,9 @@ CVE-2018-6937
 CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 
3.01 via ...)
NOT-FOR-US: D-Link
 CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script 
v2.0.6 has ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Student Profile Management System Script
 CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online 
...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Online Tutoring Script
 CVE-2018-6933
RESERVED
 CVE-2018-6932
@@ -8204,15 +8204,15 @@ CVE-2018-6906
 CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via 
...)
- typo3-src 
 CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User 
Name ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Car Rental Script
 CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses 
the ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
 CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the 
Full Name ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Image Sharing Script
 CVE-2018-6901
RESERVED
 CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the 
Last Name ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Website Broker Script
 CVE-2018-6899
RESERVED
 CVE-2018-6898
@@ -8264,7 +8264,7 @@ CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to 
discover the full path v
 CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover 
the full ...)
NOT-FOR-US: EmpireCMS
 CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client 
side to ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP 
Scripts ...)
NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
 CVE-2018-6877
@@ -8290,7 +8290,7 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 
6.0.1 allows remote attac
[wheezy] - libreoffice  (Vulnerable code not present)
NOTE: 
https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
 CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 
2.0.3 ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation 
and a ...)
{DLA-1287-1}
- zziplib 
@@ -12921,7 +12921,7 @@ CVE-2014-10069 (Hitron CVE-30360 devices use a 
578A958E3DD933FC DES key that is 
 CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 
before ...)
NOT-FOR-US: Arista
 CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a 
denial of ...)
-   TODO: check
+   NOT-FOR-US: Arista EOS
 CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 
1.5.1.0 has an ...)
NOT-FOR-US: Bento4
 CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is 
used, has ...)
@@ -16059,7 +16059,7 @@ CVE-2018-3891
 CVE-2018-3890
RESERVED
 CVE-2018-3889 (A specially crafted PCX image processed via the application can 
lead ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
NOT-FOR-US: Computerinsel 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
14ba3986 by Salvatore Bonaccorso at 2018-04-12T22:36:10+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,17 +3,17 @@ CVE-2018-10076
 CVE-2018-10075
RESERVED
 CVE-2018-10073 (joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the 
keyword ...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-10072 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows 
attackers ...)
-   TODO: check
+   NOT-FOR-US: WinDriver
 CVE-2018-10071 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows 
attackers ...)
-   TODO: check
+   NOT-FOR-US: WinDriver
 CVE-2018-10070
RESERVED
 CVE-2018-10069
RESERVED
 CVE-2018-10068 (The jDownloads extension before 3.2.59 for Joomla! has XSS. 
...)
-   TODO: check
+   NOT-FOR-US: jDownloads extension for Joomla!
 CVE-2018-10067
RESERVED
 CVE-2018-10066
@@ -23,7 +23,7 @@ CVE-2018-10065
 CVE-2018-10064
RESERVED
 CVE-2018-10063 (The Convert Forms extension before 2.0.4 for Joomla! is 
vulnerable to ...)
-   TODO: check
+   NOT-FOR-US: Convert Forms extension for Joomla!
 CVE-2018-10062
RESERVED
 CVE-2018-10074 (The hi3660_stub_clk_probe function in ...)
@@ -515,9 +515,9 @@ CVE-2018-9845
 CVE-2018-9844 (The Iptanus WordPress File Upload plugin before 4.3.4 for 
WordPress ...)
NOT-FOR-US: Iptanus WordPress File Upload plugin for WordPress
 CVE-2018-9843 (The REST API in CyberArk Password Vault Web Access before 9.9.5 
and ...)
-   TODO: check
+   NOT-FOR-US: CyberArk Password Vault Web Access
 CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to 
obtain ...)
-   TODO: check
+   NOT-FOR-US: CyberArk Password Vault
 CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg 
through ...)
- ffmpeg  (low)
[stretch] - ffmpeg  (Can wait until the next ffmpeg 3.2.x 
release)
@@ -2082,7 +2082,7 @@ CVE-2018-9157 (** DISPUTED ** An issue was discovered on 
AXIS M1033-W (IP camera
 CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP 
camera) ...)
NOT-FOR-US: AXIS
 CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT 
Professional ...)
-   TODO: check
+   NOT-FOR-US: Open-AudIT Professional
 CVE-2018-9154
RESERVED
 CVE-2018-9153
@@ -2186,7 +2186,7 @@ CVE-2018-9120 (In Crea8social 2018.2, there is Stored 
Cross-Site Scripting via a
 CVE-2018-9119 (An attacker with physical access to a BrilliantTS FUZE card 
(MCU ...)
NOT-FOR-US: BrilliantTS FUZE card
 CVE-2018-9118 (exports/download.php in the 99 Robots WP Background Takeover 
...)
-   TODO: check
+   NOT-FOR-US: 99 Robots WP Background Takeover Advertisements plugin for 
WordPress
 CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a 
remote ...)
NOT-FOR-US: WireMock
 CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a 
remote ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14ba3986c34172327474b8b894e8ae7b18dfeffd

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14ba3986c34172327474b8b894e8ae7b18dfeffd
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
27759e77 by Salvatore Bonaccorso at 2018-04-12T11:02:01+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,15 +11,15 @@ CVE-2018-10054 (H2 1.4.197, as used in Datomic before 
0.9.5697 and other product
 CVE-2018-10053
RESERVED
 CVE-2018-10052 (iScripts SupportDesk v4.3 has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: iScripts SupportDesk
 CVE-2018-10051 (iScripts SupportDesk v4.3 has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: iScripts SupportDesk
 CVE-2018-10050 (iScripts eSwap v2.4 has SQL injection via the ...)
-   TODO: check
+   NOT-FOR-US: iScripts eSwap
 CVE-2018-10049 (iScripts eSwap v2.4 has XSS via the 
registration_settings.php txtDate ...)
-   TODO: check
+   NOT-FOR-US: iScripts eSwap
 CVE-2018-10048 (iScripts eSwap v2.4 has CSRF via 
registration_settings.php in the ...)
-   TODO: check
+   NOT-FOR-US: iScripts eSwap
 CVE-2018-10047
RESERVED
 CVE-2018-10046
@@ -4443,7 +4443,7 @@ CVE-2018-8118
 CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft 
...)
TODO: check
 CVE-2018-8116 (A denial of service vulnerability exists in the way that 
Windows ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8115
RESERVED
 CVE-2018-8114
@@ -15988,11 +15988,11 @@ CVE-2018-3890
 CVE-2018-3889
RESERVED
 CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3885
RESERVED
 CVE-2018-3884
@@ -24355,7 +24355,7 @@ CVE-2017-17310
 CVE-2017-17309
RESERVED
 CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 
have an ...)
NOT-FOR-US: Huawei
 CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, 
...)
@@ -24834,103 +24834,103 @@ CVE-2018-1039
 CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 
SP1 ...)
NOT-FOR-US: Microsoft
 CVE-2018-1037 (An information disclosure vulnerability exists when Visual 
Studio ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1036
RESERVED
 CVE-2018-1035
RESERVED
 CVE-2018-1034 (An elevation of privilege vulnerability exists when Microsoft 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1033
RESERVED
 CVE-2018-1032 (An elevation of privilege vulnerability exists when Microsoft 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1031
RESERVED
 CVE-2018-1030 (A remote code execution vulnerability exists in Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1029 (A remote code execution vulnerability exists in Microsoft Excel 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1028 (A remote code execution vulnerability exists when the Office 
graphics ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1027 (A remote code execution vulnerability exists in Microsoft Excel 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1026 (A remote code execution vulnerability exists in Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1025
RESERVED
 CVE-2018-1024
RESERVED
 CVE-2018-1023 (A remote code execution vulnerability exists in the way that 
Microsoft ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1022
RESERVED
 CVE-2018-1021
RESERVED
 CVE-2018-1020 (A remote code execution vulnerability exists when Internet 
Explorer ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1019 (A remote code execution vulnerability exists in the way that 
the ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1018 (A remote code execution vulnerability exists when Internet 
Explorer ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1017
RESERVED
 CVE-2018-1016 (A remote code execution vulnerability exists when the Windows 
font ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1015 (A remote code execution vulnerability exists when the Windows 
font ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-1014 (An elevation of privilege vulnerability exists when Microsoft 
...)
-   TODO: check
+   

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3a3e2c28 by Salvatore Bonaccorso at 2018-04-11T22:19:23+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27,27 +27,27 @@ CVE-2018-10035
 CVE-2018-10034
RESERVED
 CVE-2018-10033 (CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in 
admin/siteprefs.php ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10032 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10031 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10030 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in 
admin/siteprefs.php. ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10029 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10028 (joyplus-cms 1.6.0 allows remote attackers to obtain sensitive 
...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-10027
RESERVED
 CVE-2018-10026 (The WeChat module in YzmCMS 3.7.1 has reflected XSS via the 
...)
-   TODO: check
+   NOT-FOR-US: WeChat module in YzmCMS
 CVE-2018-10025
RESERVED
 CVE-2018-10024 (ubiQuoss Switch VP5208A creates a bcm_password file at 
/cgi-bin/ with ...)
-   TODO: check
+   NOT-FOR-US: ubiQuoss Switch VP5208A
 CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the pinglun parameter to 
...)
-   TODO: check
+   NOT-FOR-US: Catfish CMS
 CVE-2018-10022
RESERVED
 CVE-2018-10021 (drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 
4.16 ...)
@@ -2511,9 +2511,9 @@ CVE-2018-8956
 CVE-2018-8955
RESERVED
 CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: CA Workload Control Center
 CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: CA Workload Automation AE
 CVE-2018-8952
RESERVED
 CVE-2018-8951
@@ -4923,7 +4923,7 @@ CVE-2018-7932
 CVE-2018-7931
RESERVED
 CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei 
mobile ...)
-   TODO: check
+   NOT-FOR-US: Mate 9 Huawei mobile phones
 CVE-2018-7929
RESERVED
 CVE-2018-7928
@@ -22162,7 +22162,7 @@ CVE-2018-1485
 CVE-2018-1484
RESERVED
 CVE-2018-1483 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Portal
 CVE-2018-1482
RESERVED
 CVE-2018-1481



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a3e2c2844f1164ba8e611ef91d7d248b872e33f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a3e2c2844f1164ba8e611ef91d7d248b872e33f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e8dab22e by Salvatore Bonaccorso at 2018-04-11T22:03:58+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5581,9 +5581,9 @@ CVE-2018-7662 (Couch through 2.0 allows remote attackers 
to discover the full pa
 CVE-2018-7661 (Papenmeier WiFi Baby Monitor Free  Lite before 2.02.2 
allows remote ...)
NOT-FOR-US: Papenmeier WiFi Baby Monitor Free & Lite
 CVE-2018-7660 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a 
Reflected ...)
-   TODO: check
+   NOT-FOR-US: OpenText Documentum D2 Webtop
 CVE-2018-7659 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored 
...)
-   TODO: check
+   NOT-FOR-US: OpenText Documentum D2 Webtop
 CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 
1.15.4 ...)
{DLA-1314-1}
- simplesamlphp 1.15.4-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8dab22e3bf1bc3bcb59f68a9187236fcf1a6a07

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8dab22e3bf1bc3bcb59f68a9187236fcf1a6a07
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2bb7ee72 by Salvatore Bonaccorso at 2018-04-11T08:20:31+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13574,16 +13574,22 @@ CVE-2018-4938
RESERVED
 CVE-2018-4937
RESERVED
+   NOT-FOR-US: Adobe
 CVE-2018-4936
RESERVED
+   NOT-FOR-US: Adobe
 CVE-2018-4935
RESERVED
+   NOT-FOR-US: Adobe
 CVE-2018-4934
RESERVED
+   NOT-FOR-US: Adobe
 CVE-2018-4933
RESERVED
+   NOT-FOR-US: Adobe
 CVE-2018-4932
RESERVED
+   NOT-FOR-US: Adobe
 CVE-2018-4931
RESERVED
 CVE-2018-4930



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bb7ee72b1bfcb56a9ce77e2218e44632531cbda

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2bb7ee72b1bfcb56a9ce77e2218e44632531cbda
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d41ebca by Salvatore Bonaccorso at 2018-04-10T22:35:17+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-9987
 CVE-2018-9986
RESERVED
 CVE-2018-9985 (The front page of MetInfo 6.0 allows XSS by sending a feedback 
message ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-9984
RESERVED
 CVE-2018-9983
@@ -2129,9 +2129,9 @@ CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, 
the driver file ...)
 CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an 
authenticated user, ...)
NOT-FOR-US: Octopus Deploy
 CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via 
an ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an 
upload_file ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-9036
RESERVED
 CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the 
Contact Form ...)
@@ -2851,7 +2851,7 @@ CVE-2018-8774
 CVE-2018-8773
RESERVED
 CVE-2018-8772 (Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID 
field on ...)
-   TODO: check
+   NOT-FOR-US: Coship RT3052 4.0.0.48 devices
 CVE-2018-8771
RESERVED
 CVE-2018-8770 (Physical path Leakage exists in Western Bridge Cobub Razor 
0.8.0 via ...)
@@ -9213,9 +9213,9 @@ CVE-2017-18103
 CVE-2017-18102
RESERVED
 CVE-2017-18101 (Various administrative external system import resources in 
Atlassian ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 
7.8.1 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2017-18099
RESERVED
 CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before 
version 7.6.1 ...)
@@ -12064,7 +12064,7 @@ CVE-2018-5465 (A Session Fixation issue was discovered 
in Belden Hirschmann RS, 
 CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x 
have an ...)
NOT-FOR-US: Philips Intellispace Portal
 CVE-2018-5463 (A structured exception handler overflow vulnerability in Leao 
...)
-   TODO: check
+   NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA 
ME LAquis SCADA
 CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x 
have an ...)
NOT-FOR-US: Philips Intellispace Portal
 CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in 
Belden ...)
@@ -12735,7 +12735,7 @@ CVE-2018-5229
 CVE-2018-5228
RESERVED
 CVE-2018-5227 (Various administrative application link resources in Atlassian 
...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2018-5226
RESERVED
 CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 
4.13.0 ...)
@@ -23304,7 +23304,7 @@ CVE-2018-1219 (EMC RSA Archer, versions prior to 
6.2.0.8, contains an improper a
 CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior 
to ...)
NOT-FOR-US: EMC NetWorker
 CVE-2018-1217 (Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 
7.4.1, ...)
-   TODO: check
+   NOT-FOR-US: EMC Avamar Server
 CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp 
Manager ...)
NOT-FOR-US: EMC
 CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp 
Manager ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d41ebca906a313450ecf37f4a3b4c5dbc6f0da1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d41ebca906a313450ecf37f4a3b4c5dbc6f0da1
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
86ea50bd by Salvatore Bonaccorso at 2018-04-10T10:24:52+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-9933
RESERVED
 CVE-2018-9932
@@ -11,19 +11,19 @@ CVE-2018-9930
 CVE-2018-9929
RESERVED
 CVE-2018-9928 (Cross-site scripting (XSS) vulnerability in save.php in MetInfo 
6.0 ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-9927 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-9926 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-9925 (An issue was discovered in idreamsoft iCMS through 7.0.7. XSS 
exists ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-9924 (An issue was discovered in idreamsoft iCMS through 7.0.7. SQL 
injection ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF 
exists ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. 
Physical path ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-9921
RESERVED
 CVE-2018-9920
@@ -195,7 +195,7 @@ CVE-2018-9841 (The export function in 
libavfilter/vf_signature.c in FFmpeg throu
[stretch] - ffmpeg  (Can wait until the next ffmpeg 3.2.x 
release)
NOTE: 
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
 CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows 
physically ...)
-   TODO: check
+   NOT-FOR-US: Open Whisper Signal app for iOS
 CVE-2018-9839
RESERVED
 CVE-2018-1000166 [Unsafe use of sprintf() can allow a remote unauthenticated 
attacker to execute arbitrary code]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86ea50bda4d081a759fa4eb25088c10c411167b3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/86ea50bda4d081a759fa4eb25088c10c411167b3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3559c96c by Salvatore Bonaccorso at 2018-04-09T22:15:53+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -101,7 +101,7 @@ CVE-2018-9866
 CVE-2018-9865
RESERVED
 CVE-2018-9864 (The WP Live Chat Support plugin before 8.0.06 for WordPress has 
stored ...)
-   TODO: check
+   NOT-FOR-US: WP Live Chat Support plugin for WordPress
 CVE-2018-9863
RESERVED
 CVE-2018-9862 (util.c in runV 1.0.0 for Docker mishandles a numeric username, 
which ...)
@@ -117,9 +117,9 @@ CVE-2018-1000168
 CVE-2018-9858
RESERVED
 CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the 
search field ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Match Clone Script
 CVE-2018-9856 (Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local 
roles ...)
-   TODO: check
+   NOT-FOR-US: Kotti
 CVE-2018-9855
RESERVED
 CVE-2018-9854
@@ -25641,13 +25641,13 @@ CVE-2018-0558
 CVE-2018-0557
RESERVED
 CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to 
...)
-   TODO: check
+   NOT-FOR-US: Buffalo WZR-1750DHP2
 CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier 
allows an ...)
-   TODO: check
+   NOT-FOR-US: Buffalo WZR-1750DHP2
 CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to 
bypass ...)
-   TODO: check
+   NOT-FOR-US: Buffalo WZR-1750DHP2
 CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does 
not ...)
-   TODO: check
+   NOT-FOR-US: iRemoconWiFi App for Android
 CVE-2018-0552 (Untrusted search path vulnerability in The installer of 
PhishWall ...)
NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition 
for Windows)
 CVE-2018-0551



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3559c96c877118421d813d032be575e2a828504e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3559c96c877118421d813d032be575e2a828504e
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
544970a2 by Salvatore Bonaccorso at 2018-04-08T10:19:21+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,17 +1,17 @@
 CVE-2018-9853
RESERVED
 CVE-2018-9852 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Home\HitsAction.class.php allows ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms QY
 CVE-2018-9851 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Admin\TplAction.class.php allows ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms QY
 CVE-2018-9850 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Admin\DataAction.class.php ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms QY
 CVE-2018-9849
RESERVED
 CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms QY
 CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms QY
 CVE-2018-9846 (In Roundcube from versions 1.2.0 to 1.3.5, with the archive 
plugin ...)
TODO: check
 CVE-2018-9845



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/544970a2759b68f082f10e0e58ad5f50c226df95

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/544970a2759b68f082f10e0e58ad5f50c226df95
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0215754a by Salvatore Bonaccorso at 2018-04-07T10:16:05+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-9845
RESERVED
 CVE-2018-9844 (The Iptanus WordPress File Upload plugin before 4.3.4 for 
WordPress ...)
-   TODO: check
+   NOT-FOR-US:  Iptanus WordPress File Upload plugin for WordPress
 CVE-2018-9843
RESERVED
 CVE-2018-9842
@@ -1043,7 +1043,7 @@ CVE-2018-9333
 CVE-2018-9332
RESERVED
 CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2016-10720
RESERVED
 CVE-2016-10719



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0215754a64f929606b459f41256eaf82d9a0bb7a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0215754a64f929606b459f41256eaf82d9a0bb7a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bb9a5a7 by Salvatore Bonaccorso at 2018-04-07T09:07:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5681,7 +5681,7 @@ CVE-2018-7508 (A Cross-site Scripting issue was 
discovered in OSIsoft PI Web API
 CVE-2018-7507
RESERVED
 CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 
and ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-7505
RESERVED
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft 
PI ...)
@@ -8853,9 +8853,9 @@ CVE-2017-18100
 CVE-2017-18099
RESERVED
 CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before 
version 7.6.1 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2017-18097 (The Trello board importer resource in Atlassian Jira before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian
 CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links 
before ...)
NOT-FOR-US: Atlassian Application Links
 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before 
version ...)
@@ -70283,11 +70283,11 @@ CVE-2017-2870 (An exploitable integer overflow 
vulnerability exists in the ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
NOTE: Built with GCC in Debian, which doesn't remove the check
 CVE-2017-2869 (An exploitable code execution vulnerability exists in the 
OpenProducer ...)
-   TODO: check
+   NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2868 (An exploitable code execution vulnerability exists in the ...)
-   TODO: check
+   NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2867 (An exploitable code execution vulnerability exists in the ...)
-   TODO: check
+   NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup 
...)
NOT-FOR-US: Circle with Disney
 CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
@@ -70304,7 +70304,7 @@ CVE-2017-2862 (An exploitable heap overflow 
vulnerability exists in the ...)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866
NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
 CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the 
use of a ...)
-   TODO: check
+   NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2860
RESERVED
 CVE-2017-2859
@@ -70320,7 +70320,7 @@ CVE-2017-2855
 CVE-2017-2854
RESERVED
 CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
-   TODO: check
+   NOT-FOR-US: Natus Xltek NeuroWorks
 CVE-2017-2852
RESERVED
 CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras 
with ...)
@@ -80748,7 +80748,7 @@ CVE-2016-8382
 CVE-2016-8381
RESERVED
 CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to 
read and ...)
-   TODO: check
+   NOT-FOR-US: web server in Phoenix Contact ILC PLCs
 CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version 
V2.4 ...)
NOT-FOR-US: Moxa
 CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge 
versions 1.1.8 ...)
@@ -80766,7 +80766,7 @@ CVE-2016-8373
 CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version 
V2.4 ...)
NOT-FOR-US: Moxa
 CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed 
without ...)
-   TODO: check
+   NOT-FOR-US: web server in Phoenix Contact ILC PLCs
 CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation 
MELSEC-Q ...)
NOT-FOR-US: Mitsubishi
 CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge 
versions 1.1.8 ...)
@@ -80776,7 +80776,7 @@ CVE-2016-8368 (An issue was discovered in Mitsubishi 
Electric Automation MELSEC-
 CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI 
Magelis GTO ...)
NOT-FOR-US: Schneider
 CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to 
...)
-   TODO: check
+   NOT-FOR-US: Phoenix Contact ILC PLCs
 CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset 
Framework (AF) ...)
NOT-FOR-US: OSIsoft PI
 CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. 
Object ...)
@@ -145146,7 +145146,7 @@ CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices 
with firmware before 1.6 allo
 CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 
28657 ...)
NOT-FOR-US: VMTurbo Operations Manager
 CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security 
Audit ...)
-   TODO: check
+   NOT-FOR-US: WP Security Audit Log 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7e2c3f39 by Salvatore Bonaccorso at 2018-04-05T22:16:22+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-9330
 CVE-2018-9329
RESERVED
 CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the 
ter_from ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
 CVE-2018-9327
RESERVED
 CVE-2018-9326
@@ -41,7 +41,7 @@ CVE-2018-9311
 CVE-2018-1000155
RESERVED
 CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a 
Improper ...)
-   TODO: check
+   NOT-FOR-US: Zammad GmbH Zammad
 CVE-2018-1000142 (An exposure of sensitive information vulnerability exists in 
Jenkins ...)
NOT-FOR-US: Jenkins plugin
 CVE-2018-1000143 (An exposure of sensitive information vulnerability exists in 
Jenkins ...)
@@ -325,7 +325,7 @@ CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL 
pointer dereference flaw. I
[jessie] - ncmpc  (Minor issue)
[wheezy] - ncmpc  (Minor issue)
 CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for 
...)
-   TODO: check
+   NOT-FOR-US: Sophos
 CVE-2018-9232
RESERVED
 CVE-2018-9231
@@ -6164,7 +6164,7 @@ CVE-2018-7037
 CVE-2018-7036
RESERVED
 CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 
2.0 ...)
-   TODO: check
+   NOT-FOR-US: Gleez CMS
 CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR 
v1.03B01 ...)
NOT-FOR-US: TRENDnet devices
 CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows 
SQL ...)
@@ -12380,7 +12380,7 @@ CVE-2018-4865
 CVE-2018-4864
RESERVED
 CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an 
...)
-   TODO: check
+   NOT-FOR-US: Sophos
 CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an 
...)
NOT-FOR-US: Octopus Deploy
 CVE-2018-4861



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e2c3f39da216eb869faebe2e3e0f452b9ce21b9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e2c3f39da216eb869faebe2e3e0f452b9ce21b9
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
396ab576 by Salvatore Bonaccorso at 2018-03-29T23:37:35+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -201,7 +201,7 @@ CVE-2018-9033
 CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L 
Wireless ...)
NOT-FOR-US: D-Link
 CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x 
devices ...)
-   TODO: check
+   NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
 CVE-2018-9030
RESERVED
 CVE-2018-9029
@@ -595,7 +595,7 @@ CVE-2018-8887
 CVE-2018-8886
RESERVED
 CVE-2018-8885 (screenresolution-mechanism in screen-resolution-extra 0.17.2 
does not ...)
-   TODO: check
+   NOT-FOR-US: screen-resolution-extra
 CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 
up to ...)
- electron  (bug #842420)
 CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local 
users to ...)
@@ -3425,11 +3425,11 @@ CVE-2018-7678 (A cross site scripting vulnerability 
exist in the Administration 
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 
Identity ...)
NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp 
with log ...)
-   TODO: check
+   NOT-FOR-US: NetIQ Identity Manager
 CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into 
the ...)
NOT-FOR-US: NetIQ Sentinel
 CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 
4.7, is ...)
-   TODO: check
+   NOT-FOR-US: NetIQ Identity Manager
 CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions 
prior to ...)
NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux 
kernel ...)
@@ -6716,7 +6716,7 @@ CVE-2018-6610 (Information Leakage exists in the jLike 
1.0 component for Joomla!
 CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for 
Joomla! via ...)
NOT-FOR-US: JSP Tickets component for Joomla!
 CVE-2018-6608 (In the WebRTC component in Opera 51.0.2830.55, after visiting a 
web ...)
-   TODO: check
+   NOT-FOR-US: WebRTC component in Opera
 CVE-2018-6607
RESERVED
 CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. 
Improper ...)
@@ -6768,11 +6768,11 @@ CVE-2018-6590
 CVE-2018-6589
RESERVED
 CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a 
...)
-   TODO: check
+   NOT-FOR-US: CA API Developer Portal
 CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a 
...)
-   TODO: check
+   NOT-FOR-US: CA API Developer Portal
 CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a 
stored ...)
-   TODO: check
+   NOT-FOR-US: CA API Developer Portal
 CVE-2018-140
RESERVED
 CVE-2018-139
@@ -58864,7 +58864,7 @@ CVE-2017-5949 (JavaScriptCore in WebKit, as distributed 
in Safari Technology Pre
 CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T 
devices. ...)
NOT-FOR-US: OnePlus One
 CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 
devices ...)
-   TODO: check
+   NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS
 CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for 
Ruby has a ...)
{DSA-3801-1 DLA-846-1}
- ruby-zip 1.2.0-1.1 (bug #856269)
@@ -116749,9 +116749,9 @@ CVE-2015-4955 (Cross-site scripting (XSS) 
vulnerability in IBM Business Process 
 CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
NOT-FOR-US: IBM
 CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 
9.0.1 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum 
Protect ...)
NOT-FOR-US: IBM Spectrum Protect
 CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for 
Mail: ...)
@@ -125535,7 +125535,7 @@ CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM 
QRadar SIEM 7.1 MR2 before Pa
 CVE-2015-2010
REJECTED
 CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the 
xmlrpc.cgi ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 
7.2.x ...)
NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 
7.2.x ...)
@@ -139641,7 +139641,7 @@ CVE-2014-6606
 CVE-2014-6605
RESERVED
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
060aac82 by Salvatore Bonaccorso at 2018-03-29T22:21:08+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,13 +3,13 @@ CVE-2018-9125
 CVE-2018-9124
RESERVED
 CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via 
a User ...)
-   TODO: check
+   NOT-FOR-US: Crea8social
 CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting 
via the ...)
-   TODO: check
+   NOT-FOR-US: Crea8social
 CVE-2018-9121 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via 
a post ...)
-   TODO: check
+   NOT-FOR-US: Crea8social
 CVE-2018-9120 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via 
a post. ...)
-   TODO: check
+   NOT-FOR-US: Crea8social
 CVE-2018-9119
RESERVED
 CVE-2018-9118



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/060aac82e65b34298963cfbc9ba840a6b8bf1a44

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/060aac82e65b34298963cfbc9ba840a6b8bf1a44
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9a4e546 by Salvatore Bonaccorso at 2018-03-29T08:40:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-9112
 CVE-2018-9111
RESERVED
 CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory 
Traversal via ...)
-   TODO: check
+   NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via 
the ...)
NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 
allows an ...)
@@ -4013,7 +4013,7 @@ CVE-2018-7500 (A Permissions, Privileges, and Access 
Controls issue was discover
 CVE-2018-7499
RESERVED
 CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of 
proper ...)
-   TODO: check
+   NOT-FOR-US: Philips Alice 6 System
 CVE-2018-7497
RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI 
Vision ...)
@@ -5072,15 +5072,15 @@ CVE-2018-7198 (October CMS through 1.0.431 allows XSS 
by entering HTML on the Ad
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored 
cross-site ...)
NOT-FOR-US: Pluck CMS
 CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in 
...)
-   TODO: check
+   NOT-FOR-US: osTicket
 CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to 
reset ...)
-   TODO: check
+   NOT-FOR-US: osTicket
 CVE-2018-7194 (Integer format vulnerability in the ticket number generator in 
...)
-   TODO: check
+   NOT-FOR-US: osTicket
 CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php 
in ...)
-   TODO: check
+   NOT-FOR-US: osTicket
 CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in 
/ajax.php/form/help-topic ...)
-   TODO: check
+   NOT-FOR-US: osTicket
 CVE-2018-7191
RESERVED
 CVE-2018-7190
@@ -5904,7 +5904,7 @@ CVE-2018-6884
 CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the 
...)
- piwigo 
 CVE-2018-6882 (Cross-site scripting (XSS) vulnerability in the ...)
-   TODO: check
+   NOT-FOR-US: Zimbra
 CVE-2018-162 (WonderCMS version 2.4.0 contains a Stored Cross-Site 
Scripting on File ...)
NOT-FOR-US: WonderCMS
 CVE-2018-161 (ARM mbedTLS version development branch, 2.7.0 and earlier 
contains a ...)
@@ -9965,7 +9965,7 @@ CVE-2018-5453 (An Improper Handling of Length Parameter 
Inconsistency issue was 
 CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson 
Process ...)
NOT-FOR-US: Emerson Process Management ControlWave Micro Process 
Automation Controller
 CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an 
actor ...)
-   TODO: check
+   NOT-FOR-US: Philips Alice 6 System
 CVE-2018-5450
RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell 
...)
@@ -21058,9 +21058,9 @@ CVE-2018-1240
 CVE-2018-1239
RESERVED
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command 
injection ...)
-   TODO: check
+   NOT-FOR-US: EMC ScaleIO
 CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper 
restriction ...)
-   TODO: check
+   NOT-FOR-US: EMC ScaleIO
 CVE-2018-1236
RESERVED
 CVE-2018-1235
@@ -21124,7 +21124,7 @@ CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior 
to 2.52.52.52, contain CGI
 CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 
159 and ...)
NOT-FOR-US: EMC Data Protection Advisor
 CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle 
some ...)
-   TODO: check
+   NOT-FOR-US: EMC ScaleIO
 CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 
8.0.1.0 - ...)
NOT-FOR-US: Dell
 CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump 
binary ...)
@@ -37741,7 +37741,7 @@ CVE-2017-12817 (In Kaspersky Internet Security for 
Android 11.12.4.1622, some of
 CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some 
of ...)
NOT-FOR-US: Kaspersky Internet Security for Android
 CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar 
Applet ...)
-   TODO: check
+   NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet
 CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in 
...)
- perl  (Windows specific issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet 
public)
@@ -41451,7 +41451,7 @@ CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 
is vulnerable to arbitrary
 CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e14a1ed8 by Salvatore Bonaccorso at 2018-03-28T10:52:21+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via 
the ...)
-   TODO: check
+   NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QuickAppsCMS
 CVE-2018-9107 (CSV Injection (aka Excel Macro Injection or Formula Injection) 
exists ...)
-   TODO: check
+   NOT-FOR-US: Acyba AcyMailing extension for Joomla!
 CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection) 
exists ...)
-   TODO: check
+   NOT-FOR-US: Acyba AcyMailing extension for Joomla!
 CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege 
escalation ...)
-   TODO: check
+   NOT-FOR-US: NordVPN
 CVE-2018-9104
RESERVED
 CVE-2018-9103
@@ -33,7 +33,7 @@ CVE-2018-9094
 CVE-2018-9093
RESERVED
 CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 
1.10 that ...)
-   TODO: check
+   NOT-FOR-US: MiniCMS
 CVE-2018-9091
RESERVED
 CVE-2018-9090
@@ -699,7 +699,7 @@ CVE-2018-8825
 CVE-2018-8824
RESERVED
 CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu 
...)
-   TODO: check
+   NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
 CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel 
function in ...)
- linux 
 CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a 
Information ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e14a1ed8b3c6da31e4cac69cb8cfb2ab2bb8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e14a1ed8b3c6da31e4cac69cb8cfb2ab2bb8
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6922d3ee by Salvatore Bonaccorso at 2018-03-27T22:28:40+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp 
Terraform ...)
-   TODO: check
+   NOT-FOR-US: HashiCorp Terraform Amazon Web Services
 CVE-2018-9056 (Systems with microprocessors utilizing speculative execution 
may allow ...)
TODO: check
 CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable 
assertion in the ...)
@@ -36,7 +36,7 @@ CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the 
driver file ...)
 CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an 
authenticated user, ...)
-   TODO: check
+   NOT-FOR-US: Octopus Deploy
 CVE-2018-9038
RESERVED
 CVE-2018-9037
@@ -644,7 +644,7 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 
7.0.7-25 Q16 allows 
 CVE-2018-8803
RESERVED
 CVE-2018-8802 (SQL injection vulnerability in the management interface in 
ePortal ...)
-   TODO: check
+   NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
 CVE-2018-8801
RESERVED
- gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -3211,7 +3211,7 @@ CVE-2017-18219 (An issue was discovered in GraphicsMagick 
1.3.26. An allocation 
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
 CVE-2018-7700 (DedeCMS 5.7 has CSRF with an impact of arbitrary code 
execution, ...)
-   TODO: check
+   NOT-FOR-US: DedeCMS
 CVE-2018-7699
RESERVED
 CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for 
DCS-933L ...)
@@ -3325,7 +3325,7 @@ CVE-2018-7711 (HTTPRedirect.php in the saml2 library in 
SimpleSAMLphp before 1.1
NOTE: https://simplesamlphp.org/security/201803-01
NOTE: 
https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
 CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 
2.3.4 ...)
-   TODO: check
+   NOT-FOR-US: Softros Network Time System
 CVE-2018-7657
RESERVED
 CVE-2018-7656
@@ -6046,9 +6046,9 @@ CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the 
driver file (KrnlCall.sys) 
 CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6766 (Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that 
could ...)
-   TODO: check
+   NOT-FOR-US: Swisscom TVMediaHelper
 CVE-2018-6765 (Swisscom MySwisscomAssistant 2.17.1.1065 contains a 
vulnerability that ...)
-   TODO: check
+   NOT-FOR-US: Swisscom MySwisscomAssistant
 CVE-2018-6763
RESERVED
 CVE-2018-6762
@@ -24264,7 +24264,7 @@ CVE-2018-0200 (A vulnerability in the web-based 
interface of Cisco Prime Service
 CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could 
allow an ...)
NOT-FOR-US: Cisco
 CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0197
RESERVED
 CVE-2018-0196
@@ -38796,7 +38796,7 @@ CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 
2.0.0 allows context-depend
 CVE-2017-12411
RESERVED
 CVE-2017-12410 (It is possible to exploit a Time of Check  Time of Use 
(TOCTOU) ...)
-   TODO: check
+   NOT-FOR-US: Kaseya Virtual System Administrator agent
 CVE-2017-12409
RESERVED
 CVE-2017-12408
@@ -39022,7 +39022,7 @@ CVE-2017-12321 (Multiple vulnerabilities in the web 
interface of the Cisco Regis
 CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco 
Registered ...)
NOT-FOR-US: Cisco
 CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an 
Ethernet ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 
devices ...)
NOT-FOR-US: Cisco
 CVE-2017-12317 (The Cisco AMP For Endpoints application allows an 
authenticated, local ...)
@@ -39040,7 +39040,7 @@ CVE-2017-12312 (An untrusted search path (aka DLL 
Preloading) vulnerability in t
 CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting 
Server ...)
NOT-FOR-US: Cisco
 CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark 
Hybrid ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) 
could allow ...)
NOT-FOR-US: Cisco
 CVE-2017-12308 (A 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fb1b8eeb by Salvatore Bonaccorso at 2018-03-25T09:43:56+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
 CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php 
allows ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection 
via the ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code 
injection via ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service 
Pack 2 ...)
-   TODO: check
+   NOT-FOR-US: BMC Remedy Action Request (AR) System
 CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c 
has a ...)
- ming 
NOTE: https://github.com/libming/libming/issues/130
@@ -14933,11 +14933,11 @@ CVE-2017-17753 (Multiple cross-site scripting (XSS) 
vulnerabilities in the ...)
 CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via 
the body ...)
NOT-FOR-US: Ability Mail Server
 CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve 
remote ...)
-   TODO: check
+   NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public 
playlist from ...)
-   TODO: check
+   NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a 
music ...)
-   TODO: check
+   NOT-FOR-US: Bose SoundTouch devices
 CVE-2017-17748
RESERVED
 CVE-2017-17747 (Weak access controls in the Device Logout functionality on the 
TP-Link ...)
@@ -23134,7 +23134,7 @@ CVE-2018-0554
 CVE-2018-0553
RESERVED
 CVE-2018-0552 (Untrusted search path vulnerability in The installer of 
PhishWall ...)
-   TODO: check
+   NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition 
for Windows)
 CVE-2018-0551
RESERVED
 CVE-2018-0550
@@ -23158,19 +23158,19 @@ CVE-2018-0542 (Directory traversal vulnerability in 
WebProxy version 1.7.8 allow
 CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker 
to ...)
TODO: check
 CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 
allows ...)
-   TODO: check
+   NOT-FOR-US: ViX
 CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 
allows an ...)
-   TODO: check
+   NOT-FOR-US: QQQ SYSTEMS
 CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c 
allows ...)
-   TODO: check
+   NOT-FOR-US: PHP 2chBBS
 CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 
allows an ...)
-   TODO: check
+   NOT-FOR-US: ArsenoL
 CVE-2018-0533
RESERVED
 CVE-2018-0532
@@ -25317,9 +25317,9 @@ CVE-2017-16774
 CVE-2017-16773
RESERVED
 CVE-2017-16772 (Improper input validation vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: Synology Photo Station
 CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in 
Synology ...)
-   TODO: check
+   NOT-FOR-US: Synology Photo Station
 CVE-2017-16770 (File and directory information exposure vulnerability in ...)
NOT-FOR-US: Synology Surveillance Station
 CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer 
in ...)
@@ -29388,7 +29388,7 @@ CVE-2017-15327
 CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak 
encryption ...)
TODO: check
 CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions 
earlier ...)
-   TODO: check
+   NOT-FOR-US: Bdat driver of Prague smart phones
 CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS 
...)
NOT-FOR-US: Huawei
 CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, 
...)
@@ -70581,9 +70581,9 @@ CVE-2017-1791
 CVE-2017-1790
RESERVED
 CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
197de423 by Salvatore Bonaccorso at 2018-03-21T10:18:05+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18,13 +18,13 @@ CVE-2018-8878
 CVE-2018-8877
RESERVED
 CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file 
(2345NetFirewall.sys) ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-8872
RESERVED
 CVE-2018-8871
@@ -109199,13 +109199,13 @@ CVE-2015-7463 (IBM Business Process Manager 7.5.x, 
8.0.x, 8.5.0, 8.5.5, and 8.5.
 CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users 
to ...)
NOT-FOR-US: IBM
 CVE-2015-7461 (XML external entity (XXE) vulnerability in IBM Connections 
3.0.1.1 and ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-7460 (Cross-site scripting (XSS) vulnerability in IBM Connections 
3.0.1.1 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-7459 (Cross-site scripting (XSS) vulnerability in IBM Connections 
3.0.1.1 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-7458 (Cross-site scripting (XSS) vulnerability in IBM Connections 
3.0.1.1 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere 
Portal 8.0.x ...)
NOT-FOR-US: IBM
 CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows 
remote ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/197de42334051472f47725586e6d645c687392ae

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/197de42334051472f47725586e6d645c687392ae
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6863fa6c by Salvatore Bonaccorso at 2018-03-20T22:55:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3225,7 +3225,7 @@ CVE-2018-7513
 CVE-2018-7512
RESERVED
 CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple 
cases ...)
-   TODO: check
+   NOT-FOR-US: Eaton ELCSoft
 CVE-2018-7510
RESERVED
 CVE-2018-7509
@@ -8398,11 +8398,11 @@ CVE-2018-5772 (In Exiv2 0.26, there is a segmentation 
fault caused by uncontroll
 CVE-2018-5771
RESERVED
 CVE-2018-5770 (An issue was discovered on Tenda AC15 devices. A remote, ...)
-   TODO: check
+   NOT-FOR-US: Tenda AC15 devices
 CVE-2018-5769
RESERVED
 CVE-2018-5768 (A remote, unauthenticated attacker can gain remote code 
execution on ...)
-   TODO: check
+   NOT-FOR-US: Tenda AC15 router
 CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi 
devices. A ...)
NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices
 CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the 
av_packet_ref ...)
@@ -8574,7 +8574,7 @@ CVE-2018-5719
 CVE-2018-5718
RESERVED
 CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before 
firmware ...)
-   TODO: check
+   NOT-FOR-US: NCR S2 Dispenser controller
 CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This 
...)
NOT-FOR-US: Reprise License Manager
 CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in 
the query ...)
@@ -9209,7 +9209,7 @@ CVE-2018-5440 (A Stack-based Buffer Overflow issue was 
discovered in 3S-Smart CO
 CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear 
eMerge E3 ...)
NOT-FOR-US: Nortek Linear eMerge E3 series
 CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an 
insufficient ...)
-   TODO: check
+   NOT-FOR-US: Philips ISCV application
 CVE-2018-5437
RESERVED
 CVE-2018-5436
@@ -10912,9 +10912,9 @@ CVE-2018-4846
 CVE-2018-4845
RESERVED
 CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for 
Android ...)
-   TODO: check
+   NOT-FOR-US: SIMATIC
 CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 
Advanced (All ...)
-   TODO: check
+   NOT-FOR-US: SIMATIC
 CVE-2018-4842
RESERVED
 CVE-2018-4841
@@ -19313,7 +19313,7 @@ CVE-2017-17669 (There is a heap-based buffer over-read 
in the ...)
[wheezy] - exiv2  (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/187
 CVE-2017-17668 (Memory write mechanism in NCR S1 Dispenser controller before 
firmware ...)
-   TODO: check
+   NOT-FOR-US: NCR S1 Dispenser controller
 CVE-2017-17667
RESERVED
 CVE-2017-17666
@@ -21042,9 +21042,9 @@ CVE-2017-17322 (Huawei Honor Smart Scale Application 
with software of 1.1.1 has 
 CVE-2017-17321 (Huawei eNSP software with software of versions earlier than 
...)
NOT-FOR-US: Huawei
 CVE-2017-17320 (Huawei Mate 9 Pro smartphones with software of 
LON-AL00BC00B139D, ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17319 (Huawei P9 smartphones with the versions before 
EVA-AL10C00B399SP02 ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17318
RESERVED
 CVE-2017-17317
@@ -21068,9 +21068,9 @@ CVE-2017-17309
 CVE-2017-17308
RESERVED
 CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 
have an ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17305
RESERVED
 CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; 
V500R002C00B010; ...)
@@ -21252,7 +21252,7 @@ CVE-2017-17217 (Media Gateway Control Protocol (MGCP) 
in Huawei DP300 V500R002C0
 CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300 
V500R002C00; ...)
NOT-FOR-US: Huawei
 CVE-2017-17215 (Huawei HG532 with some customized versions has a remote code 
execution ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17214
RESERVED
 CVE-2017-17213
@@ -32585,7 +32585,7 @@ CVE-2017-14193 (The oauth function in 
controllers/member/api.php in dayrui FineC
 CVE-2017-14192 (The checktitle function in controllers/member/api.php in 
dayrui FineCms ...)
NOT-FOR-US: dayrui FineCms
 CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 
5.6.0 ...)
-   TODO: check
+   NOT-FOR-US: Fortinet
 CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 
to ...)
NOT-FOR-US: Fortinet FortiOS
 CVE-2017-14189 (An improper access control vulnerability in 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7110ba29 by Salvatore Bonaccorso at 2018-03-20T10:16:14+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows 
attackers ...)
-   TODO: check
+   NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
 CVE-2018-8820
RESERVED
 CVE-2018-8819
@@ -11,7 +11,7 @@ CVE-2018-8817
 CVE-2018-8816
RESERVED
 CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery 
function in ...)
-   TODO: check
+   NOT-FOR-US: Alkacon OpenCMS
 CVE-2018-8814
RESERVED
 CVE-2018-8813
@@ -19,7 +19,7 @@ CVE-2018-8813
 CVE-2018-8812
RESERVED
 CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenCMS
 CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the 
...)
TODO: check
 CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7110ba296fcb4746d982fa30acf14ba49c951e02

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7110ba296fcb4746d982fa30acf14ba49c951e02
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
231df404 by Salvatore Bonaccorso at 2018-03-19T22:44:39+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -86,7 +86,7 @@ CVE-2018-8763
 CVE-2018-8762
RESERVED
 CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms 
...)
-   TODO: check
+   NOT-FOR-US: Yxcms
 CVE-2018-8760
RESERVED
 CVE-2018-8759
@@ -127,7 +127,7 @@ CVE-2018-8743
 CVE-2018-8742
RESERVED
 CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the 
...)
-   TODO: check
+   NOT-FOR-US: authentikat-jwt
 CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook 
file ...)
- jupyter-notebook  (bug #893436)
- ipython 5.1.0-2
@@ -169,7 +169,7 @@ CVE-2018-8734
 CVE-2018-8733
RESERVED
 CVE-2018-8732 (Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 
allows ...)
-   TODO: check
+   NOT-FOR-US: WampServer
 CVE-2018-8731
RESERVED
 CVE-2018-8730
@@ -3425,7 +3425,7 @@ CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have 
Missing SSL Certificate 
NOTE: src:links2 upstream in 2.11 adds support for verifying SSL 
certificates.
TODO: double check links2 again, since #694658 claims not all issues 
are fixed
 CVE-2018-7422 (A Local File Inclusion vulnerability in the Site Editor plugin 
through ...)
-   TODO: check
+   NOT-FOR-US: Site Editor plugin for WordPress
 CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP 
dissector ...)
- wireshark 2.4.5-1 (low)
[stretch] - wireshark  (Minor issue)
@@ -5154,9 +5154,9 @@ CVE-2018-6845 (PHP Scripts Mall Multi Language Olx Clone 
Script 2.0.6 has XSS vi
 CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the 
Edit ...)
NOT-FOR-US: MyBB
 CVE-2018-6843 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL 
injection in the ...)
-   TODO: check
+   NOT-FOR-US: Kentico CMS
 CVE-2018-6842 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which 
a ...)
-   TODO: check
+   NOT-FOR-US: Kentico CMS
 CVE-2018-6841
RESERVED
 CVE-2018-6840
@@ -8896,9 +8896,9 @@ CVE-2018-5554
 CVE-2018-5553
RESERVED
 CVE-2018-5552 (Versions of DocuTrac QuicDoc and Office Therapy that ship with 
...)
-   TODO: check
+   NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
 CVE-2018-5551 (Versions of DocuTrac QuicDoc and Office Therapy that ship with 
...)
-   TODO: check
+   NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
 CVE-2018-5550 (Versions of Epson AirPrint released prior to January 19, 2018 
contain ...)
NOT-FOR-US: Epson AirPrint
 CVE-2015-9250 (An issue was discovered in Skybox Platform before 7.5.201. 
Directory ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/231df404513f84e994f86314e52389277f90d8b7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/231df404513f84e994f86314e52389277f90d8b7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
99951e04 by Salvatore Bonaccorso at 2018-03-19T08:18:07+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43,7 +43,7 @@ CVE-2018-8758
 CVE-2018-8757
RESERVED
 CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in 
YzmCMS v3.7.1 ...)
-   TODO: check
+   NOT-FOR-US: YzmCMS
 CVE-2018-8755
RESERVED
 CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
@@ -106,7 +106,7 @@ CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 
revision 1914 for Atlassian 
 CVE-2018-8738
RESERVED
 CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored 
XSS within ...)
-   TODO: check
+   NOT-FOR-US: Bookme Control Panel Application
 CVE-2018-8736
RESERVED
 CVE-2018-8735



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/99951e04321c118e153fa7a301fac5c6e8daa7e4

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/99951e04321c118e153fa7a301fac5c6e8daa7e4
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bb389c22 by Salvatore Bonaccorso at 2018-03-18T16:57:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,11 +11,11 @@ CVE-2018-8769 (elfutils 0.170 has a buffer over-read in the 
ebl_dynamic_tag_name
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22976
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q1/msg00078.html
 CVE-2018-8767 (joyplus-cms 1.6.0 has XSS in ...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code Execution because of an 
Arbitrary ...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file 
(2345NetFirewall.sys) ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-8764
RESERVED
 CVE-2018-8763



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb389c22c0989822f4a2b7992e6024bf32bbfc1a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb389c22c0989822f4a2b7992e6024bf32bbfc1a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cb73a334 by Salvatore Bonaccorso at 2018-03-17T08:57:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20532,7 +20532,7 @@ CVE-2018-1080 [Mishandled ACL configuration in 
AAclAuthz.java reverses rules tha
 CVE-2018-1079
RESERVED
 CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: OpenDayLight
 CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing 
for the ...)
NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2018-1076
@@ -27632,7 +27632,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain 
incorrectly formatted DCC CTCP me
 CVE-2017-15720
RESERVED
 CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 
...)
-   TODO: check
+   NOT-FOR-US: Wicket jQuery UI
 CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak 
the ...)
- hadoop  (bug #793644)
 CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
@@ -31810,7 +31810,7 @@ CVE-2017-14386 (The web user interface of Dell 2335dn 
and 2355dn Multifunction L
 CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, 
versions ...)
NOT-FOR-US: EMC Data Domain DD OS
 CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the ...)
-   TODO: check
+   NOT-FOR-US: EMConfigMigration service
 CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for 
File ...)
NOT-FOR-US: EMC VNX
 CVE-2017-14382
@@ -37356,7 +37356,7 @@ CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have 
a privilege escalation .
 CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored 
cross ...)
NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
 CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a 
reflected XSS ...)
-   TODO: check
+   NOT-FOR-US: ASUS RT-N14UHP devices
 CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any 
...)
NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices
 CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 
interpreted ...)
@@ -50682,7 +50682,7 @@ CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) 
contains a SQL injection 
 CVE-2017-8014
RESERVED
 CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x 
before ...)
-   TODO: check
+   NOT-FOR-US: EMC Data Protection Adv
 CVE-2017-8012 (In EMC ViPR SRM, Storage MR, VNX MR, and MR 
(Watch4Net) for SAS ...)
NOT-FOR-US: EMC
 CVE-2017-8011 (EMC ViPR SRM, EMC Storage MR, EMC VNX MR, EMC MR 
for SAS Solution ...)
@@ -143399,7 +143399,7 @@ CVE-2014-4619 (EMC RSA Identity Management and 
Governance (IMG) 6.5.x before 6.5
 CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 
7.1 ...)
NOT-FOR-US: EMC Documentum Content Server
 CVE-2014-4612 (Cross-site scripting (XSS) vulnerability in the keywords 
manager ...)
-   TODO: check
+   NOT-FOR-US: Coppermine Photo Gallery
 CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used 
in Yann ...)
- linux 3.14.9-1 (unimportant)
[wheezy] - linux  (LZ4 support introduced in 3.11)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb73a3343ed31c435a7adacdead0f3ea95eb821a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb73a3343ed31c435a7adacdead0f3ea95eb821a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
05eb5612 by Salvatore Bonaccorso at 2018-03-16T10:28:40+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19,7 +19,7 @@ CVE-2018-8730
 CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Activity Log ...)
NOT-FOR-US: Activity Log plugin for WordPress
 CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 
allows XSS in ...)
-   TODO: check
+   NOT-FOR-US: Kontena
 CVE-2018-8727
RESERVED
 CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
@@ -59,7 +59,7 @@ CVE-2018-8722 (Zoho ManageEngine Desktop Central version 
9.1.0 build 91099 has .
 CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 
has Stored ...)
NOT-FOR-US: Zoho
 CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last 
Name ...)
-   TODO: check
+   NOT-FOR-US: ServiceNow ITSM
 CVE-2018-8719
RESERVED
 CVE-2018-8718
@@ -8890,7 +8890,7 @@ CVE-2018-5478
 CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS 
Web ...)
NOT-FOR-US: ABB netCADOPS Web Application
 CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta 
Electronics ...)
-   TODO: check
+   NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 
Line ...)
NOT-FOR-US: GE D60 Line Distance Relay devices
 CVE-2018-5474
@@ -14178,7 +14178,7 @@ CVE-2017-17775 (Piwigo 2.9.2 has XSS via the name 
parameter in an ...)
 CVE-2017-17774 (admin/configuration.php in Piwigo 2.9.2 has CSRF. ...)
- piwigo 
 CVE-2017-17773 (In Snapdragon Automobile, Snapdragon Wearable and Snapdragon 
Mobile ...)
-   TODO: check
+   NOT-FOR-US: Snapdragon Automobile, Snapdragon Wearable and Snapdragon 
Mobile
 CVE-2017-17772
RESERVED
 CVE-2017-17771
@@ -24669,19 +24669,19 @@ CVE-2017-16753 (An Improper Input Validation issue 
was discovered in Advantech .
 CVE-2017-16752
RESERVED
 CVE-2017-16751 (A Stack-based Buffer Overflow issue was discovered in Delta 
Electronics ...)
-   TODO: check
+   NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16750
RESERVED
 CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics 
Delta ...)
-   TODO: check
+   NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16748
RESERVED
 CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta 
Electronics Delta ...)
-   TODO: check
+   NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16746
RESERVED
 CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics 
Delta ...)
-   TODO: check
+   NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
 CVE-2017-16744
RESERVED
 CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX 
CONTACT FL ...)
@@ -104971,7 +104971,7 @@ CVE-2016-0225 (IBM WebSphere Commerce 6.x through 
6.0.0.11 and 7.x through 7.0.0
 CVE-2016-0224 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 
8.6.x, ...)
NOT-FOR-US: IBM
 CVE-2016-0223 (Cross-site scripting (XSS) vulnerability in the Webform 
Framework API ...)
-   TODO: check
+   NOT-FOR-US: IBM Forms Server
 CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows 
remote ...)
NOT-FOR-US: IBM
 CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as 
used in ...)
@@ -108760,7 +108760,7 @@ CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 
8.0.0.5 allows local users
 CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 
6.1.5.3 ...)
NOT-FOR-US: IBM
 CVE-2015-7471 (Cross-site scripting (XSS) vulnerability in IBM Rational 
Collaborative ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-7470 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 
...)
NOT-FOR-US: IBM
 CVE-2015-7469 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 
...)
@@ -108776,7 +108776,7 @@ CVE-2015-7465 (Cross-site request forgery (CSRF) 
vulnerability in Lifecycle Quer
 CVE-2015-7464 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 
...)
NOT-FOR-US: IBM
 CVE-2015-7463 (IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 
8.5.6.0 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users 
to ...)
NOT-FOR-US: IBM
 CVE-2015-7461
@@ -108796,7 +108796,7 @@ CVE-2015-7455 (IBM WebSphere Portal 7.x through 
7.0.0.2 CF29, 8.0.x 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1f8cec57 by Salvatore Bonaccorso at 2018-03-14T22:36:41+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1222,7 +1222,7 @@ CVE-2018-1000132 (Mercurial version 4.5 and earlier 
contains a Incorrect Access 
NOTE: 4.4: 4843835c835::7cf827e5f8af
NOTE: 4.3: db527ae12671::86f9a022ccb8
 CVE-2018-1000131 (Pradeep Makone wordpress Support Plus Responsive Ticket 
System version ...)
-   TODO: check
+   NOT-FOR-US: Pradeep Makone wordpress Support Plus Responsive Ticket 
System
 CVE-2018-1000130 (A JNDI Injection vulnerability exists in Jolokia agent 
version 1.3.7 ...)
TODO: check
 CVE-2018-1000129 (An XSS vulnerability exists in the Jolokia agent version 
1.3.7 in the ...)
@@ -1255,7 +1255,7 @@ CVE-2018-8098 (Integer overflow in the 
index.c:read_entry() function while ...)
NOTE: 
https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1
NOTE: 
https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0
 CVE-2018-8097 (io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: pyeve
 CVE-2018-8096 (Datalust Seq before 4.2.605 is vulnerable to Authentication 
Bypass ...)
TODO: check
 CVE-2018-8095
@@ -1269,7 +1269,7 @@ CVE-2018-1000127 (memcached version prior to 1.4.37 
contains an Integer Overflow
 CVE-2018-1000126 (Ajenti version 2 contains an Information Disclosure 
vulnerability in ...)
- ajenti  (bug #792019)
 CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior 
to commit ...)
-   TODO: check
+   NOT-FOR-US: inversoft prime-jwt
 CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a 
XML ...)
TODO: check
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit 
...)
@@ -2054,7 +2054,7 @@ CVE-2017-18222 (In the Linux kernel before 4.12, 
Hisilicon Network Subsystem (HN
[jessie] - linux  (Vulnerable code not present)
[wheezy] - linux  (Vulnerable code not present)
 CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) 
devices ...)
-   TODO: check
+   NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
 CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
- linux 
NOTE: https://lkml.org/lkml/2018/3/7/1116
@@ -2808,7 +2808,7 @@ CVE-2018-7543
 CVE-2018-7539
RESERVED
 CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of 
Enalean ...)
-   TODO: check
+   NOT-FOR-US: Enalean Tuleap
 CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing 
x86 PVH ...)
{DSA-4131-1}
- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f8cec5722c041a70db94c7b2df26180f72b3896

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1f8cec5722c041a70db94c7b2df26180f72b3896
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
632941b4 by Salvatore Bonaccorso at 2018-03-14T12:22:50+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17464,13 +17464,13 @@ CVE-2018-1446
 CVE-2018-1445
RESERVED
 CVE-2018-1444 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single 
sign-on ...)
NOT-FOR-US: IBM
 CVE-2018-1442 (IBM Application Performance Management - Response Time 
Monitoring ...)
NOT-FOR-US: IBM
 CVE-2018-1441 (IBM Application Performance Management - Response Time 
Monitoring ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1440
RESERVED
 CVE-2018-1439
@@ -17478,11 +17478,11 @@ CVE-2018-1439
 CVE-2018-1438
RESERVED
 CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1436
RESERVED
 CVE-2018-1435 (IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. 
A ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1434
RESERVED
 CVE-2018-1433
@@ -17580,7 +17580,7 @@ CVE-2018-1388 (GSKit V7 may disclose side channel 
information via discrepancies 
 CVE-2018-1387 (IBM Application Performance Management for Monitoring  
Diagnostics ...)
NOT-FOR-US: IBM
 CVE-2018-1386 (IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 
8.6, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1385
RESERVED
 CVE-2018-1384
@@ -68594,7 +68594,7 @@ CVE-2017-1743
 CVE-2017-1742
RESERVED
 CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, 
and ...)
NOT-FOR-US: IBM Curam Social Program Management
 CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 
7.0.1 is ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/632941b405a4a5648fb9f128b69481941ebc2563

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/632941b405a4a5648fb9f128b69481941ebc2563
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e739be85 by Salvatore Bonaccorso at 2018-03-13T22:44:07+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1921,7 +1921,7 @@ CVE-2018-7407
 CVE-2018-7406
RESERVED
 CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog 
Analyzer ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
 CVE-2018-7404
RESERVED
 CVE-2018-7403
@@ -2309,7 +2309,7 @@ CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for 
WordPress has XSS. ...)
 CVE-2018-193 (CryptoNote version version 0.8.9 and possibly later contain 
a local ...)
TODO: check
 CVE-2018-192 (CMS Made Simple version versions 2.2.5 contains a Cross ite 
Request ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-191 (KadNode version version 2.2.0 contains a Buffer Overflow 
vulnerability ...)
TODO: check
 CVE-2018-190 (textpattern version version 4.6.2 contains a XML Injection 
...)
@@ -2323,7 +2323,7 @@ CVE-2018-188 (Doorkeeper version 2.1.0 through 4.2.5 
contains a Cross Site S
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
 CVE-2018-187 (WolfCMS version version 0.8.3.1 contains a Reflected Cross 
Site ...)
-   TODO: check
+   NOT-FOR-US: WolfCMS
 CVE-2018-186 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 
contains a ...)
TODO: check
 CVE-2018-185 (ClamAV version version 0.99.3 contains a Out of bounds heap 
memory ...)
@@ -2333,7 +2333,7 @@ CVE-2018-185 (ClamAV version version 0.99.3 contains 
a Out of bounds heap me
NOTE: 
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
 CVE-2018-184 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored 
Cross-Site ...)
-   TODO: check
+   NOT-FOR-US: WolfCMS
 CVE-2018-183 (Ajenti version version 2 contains a Improper Error Handling 
...)
TODO: check
 CVE-2018-182 (Ajenti version version 2 contains a Cross ite Request 
Forgery (CSRF) ...)
@@ -5241,25 +5241,25 @@ CVE-2018-6305 (Denial of service in Gemalto's Sentinel 
LDK RTE version before 7.
 CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK 
RTE ...)
TODO: check
 CVE-2018-6303 (Denial of service by uploading malformed firmware in Hanwha 
Techwin ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6302 (Denial of service by blocking of new camera registration on the 
cloud ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6301 (Arbitrary camera access and monitoring via cloud in Hanwha 
Techwin ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6300 (Remote password change in Hanwha Techwin Smartcams ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6299 (Authentication bypass in Hanwha Techwin Smartcams ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6298 (Remote code execution in Hanwha Techwin Smartcams ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6297 (Buffer overflow in Hanwha Techwin Smartcams ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6296 (An undocumented (hidden) capability for switching the web 
interface in ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6295 (Unencrypted way of remote control and communications in Hanwha 
Techwin ...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6294 (Unsecured way of firmware update in Hanwha Techwin Smartcams 
...)
-   TODO: check
+   NOT-FOR-US: Hanwha Techwin Smartcams
 CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. 
...)
NOT-FOR-US: Saperion Web Client
 CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 
83166. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e739be85be87317c256bdafe5462afc351e2e94a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e739be85be87317c256bdafe5462afc351e2e94a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
343d4f30 by Salvatore Bonaccorso at 2018-03-12T11:21:02+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-8068
RESERVED
 CVE-2018-8067
@@ -9,9 +9,9 @@ CVE-2018-8067
 CVE-2018-8066
RESERVED
 CVE-2018-8065 (An issue was discovered in the web server in Flexense 
SyncBreeze ...)
-   TODO: check
+   NOT-FOR-US: Flexense SyncBreeze Enterprise
 CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation 
for the ...)
-   TODO: check
+   NOT-FOR-US: TitanHQ WebTitan Gateway
 CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the 
ownership of ...)
TODO: check
 CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs 
jabberd, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/343d4f308e46b79efd7d19461c2dd80f7a109865

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/343d4f308e46b79efd7d19461c2dd80f7a109865
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c94c0cf8 by Salvatore Bonaccorso at 2018-03-11T10:38:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -14,7 +14,7 @@ CVE-2018-8045
 CVE-2018-8044
RESERVED
 CVE-2017-18223 (BMC Remedy AR System before 9.1 SP3, when Remedy AR 
Authentication is ...)
-   TODO: check
+   NOT-FOR-US: BMC Remedy AR System
 CVE-2018-8043 (The unimac_mdio_probe function in 
drivers/net/phy/mdio-bcm-unimac.c in ...)
- linux 
[jessie] - linux  (Vulnerable code not present)
@@ -2469,7 +2469,7 @@ CVE-2018-7215
 CVE-2018-7214
RESERVED
 CVE-2018-7213 (The Password Manager Extension in Abine Blur 7.8.242* before 
7.8.2428 ...)
-   TODO: check
+   NOT-FOR-US: Password Manager Extension in Abine Blur
 CVE-2018-7212 (An issue was discovered in ...)
NOT-FOR-US: Sinatra
 CVE-2018-7211 (An issue was discovered in iDashboards 9.6b. The SSO 
implementation is ...)
@@ -5084,9 +5084,9 @@ CVE-2017-1000464
 CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a 
division ...)
NOT-FOR-US: ImpulseAdventure JPEGsnoop
 CVE-2018-6312 (A privileged account with a weak default password on the 
Foxconn ...)
-   TODO: check
+   NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
 CVE-2018-6311 (One can gain root access on the Foxconn femtocell FEMTO 
AP-FC4064-T ...)
-   TODO: check
+   NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
 CVE-2018-6310
RESERVED
 CVE-2018-6309
@@ -141044,7 +141044,7 @@ CVE-2014-4863 (The Arris Touchstone DG950A cable 
modem with software 7.10.131 ha
 CVE-2014-4862 (The Netmaster CBW700N cable modem with software 
81.447.392110.729.024 ...)
NOT-FOR-US: Netmaster CBW700N cable modem
 CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before 
...)
-   TODO: check
+   NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server
 CVE-2014-4860
RESERVED
- edk2  (No support for updates of hypervisor-supplied 
firmware from guests)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c94c0cf862ecd07d7f857997118f512f977ca358

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c94c0cf862ecd07d7f857997118f512f977ca358
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d2c8346 by Salvatore Bonaccorso at 2018-03-10T10:17:25+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2365,31 +2365,31 @@ CVE-2018-7241
 CVE-2018-7240
RESERVED
 CVE-2018-7239 (A DLL hijacking vulnerability exists in Schneider Electric's 
SoMove ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7238 (A buffer overflow vulnerability exist in the web-based GUI of 
...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7237 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7236 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7235 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7234 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7233 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7232 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7231 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7230 (A XML external entity (XXE) vulnerability exists in the 
import.cgi of ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7229 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7228 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7227 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2017-18191 (An issue was discovered in OpenStack Nova 15.x through 15.1.0 
and 16.x ...)
- nova 
[stretch] - nova  (Minor issue)
@@ -19142,7 +19142,7 @@ CVE-2017-17284 (Huawei DP300 V500R002C00, RP200 
V500R002C00, V600R006C00, TE30 .
 CVE-2017-17283 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 
...)
NOT-FOR-US: Huawei
 CVE-2017-17282 (SCCP (Signalling Connection Control Part) module in Huawei 
DP300 ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; 
TE30 ...)
NOT-FOR-US: Huawei
 CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones 
with ...)
@@ -26990,7 +26990,7 @@ CVE-2017-15325
 CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS 
...)
NOT-FOR-US: Huawei
 CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-15322 (Some Huawei smartphones with software of 
BGO-L03C158B003CUSTC158D001 ...)
NOT-FOR-US: Huawei
 CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an 
...)
@@ -27006,9 +27006,9 @@ CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, 
V200R008C20, V200R008C30; AR12
 CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software 
before ...)
NOT-FOR-US: Huawei
 CVE-2017-15315 (Patch module of Huawei NIP6300 V500R001C20SPC100, 
V500R001C20SPC200, ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-15314 (Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, 
V600R006C00, TE30 ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection 
vulnerability. An ...)
NOT-FOR-US: Huawei
 CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site 
scripting) ...)
@@ -40643,11 +40643,11 @@ CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 
5.72, SEIL/x86 3.20 to 5.72
 CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for 
Windows ...)
NOT-FOR-US: FENCE-Explorer for Windows
 CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker 
to ...)
-   TODO: check
+   NOT-FOR-US: Corega CG-WGR1200 firmware
 CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier 
allows ...)
-   TODO: check
+   NOT-FOR-US: Corega CG-WGR1200 firmware
 CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier 
allows ...)
-   TODO: check
+   NOT-FOR-US: Corega CG-WGR1200 firmware
 CVE-2017-10851 (Untrusted search path vulnerability in Installer for 
ContentsBridge ...)

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8a98afca by Salvatore Bonaccorso at 2018-03-09T10:21:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-7890 (A remote code execution issue was discovered in Zoho 
ManageEngine ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls 
cPickle.load on ...)
- calibre 
NOTE: https://bugs.launchpad.net/calibre/+bug/1753870



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a98afca1400bbed6970be9f81f07dc95b0bcff7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8a98afca1400bbed6970be9f81f07dc95b0bcff7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ea0d10be by Salvatore Bonaccorso at 2018-03-07T22:30:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,9 +9,9 @@ CVE-2018-7748
 CVE-2018-7747
RESERVED
 CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. 
...)
-   TODO: check
+   NOT-FOR-US: Western Bridge Cobub Razor
 CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. 
...)
-   TODO: check
+   NOT-FOR-US: Western Bridge Cobub Razor
 CVE-2018-7744
RESERVED
 CVE-2018-7743
@@ -19,7 +19,7 @@ CVE-2018-7743
 CVE-2018-7742
RESERVED
 CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the 
created ...)
-   TODO: check
+   NOT-FOR-US: Eramba
 CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier 
contains a ...)
TODO: check
 CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption 
vulnerability in the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea0d10be12924839f6991b3f69893ecc6bff7f8d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ea0d10be12924839f6991b3f69893ecc6bff7f8d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
282e9ca7 by Salvatore Bonaccorso at 2018-03-07T21:22:56+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -580,7 +580,7 @@ CVE-2018-7562
 CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
NOT-FOR-US: Tenda AC9 devices
 CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM 
package ...)
-   TODO: check
+   NOT-FOR-US: aws-lambda-multipart-parser NPM package
 CVE-2018-7559
RESERVED
 CVE-2018-7558
@@ -1378,7 +1378,7 @@ CVE-2018-7309
 CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin 
hosting ...)
NOT-FOR-US: DanWin hosting
 CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it 
mishandles ...)
-   TODO: check
+   NOT-FOR-US: Auth0 Auth0.js library
 CVE-2018-7306
RESERVED
 CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to 
...)
@@ -2769,13 +2769,13 @@ CVE-2018-6813
 CVE-2018-6812
RESERVED
 CVE-2018-6811 (Multiple cross-site scripting (XSS) vulnerabilities in Citrix 
...)
-   TODO: check
+   NOT-FOR-US: Citrix
 CVE-2018-6810 (Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 
11.1, ...)
-   TODO: check
+   NOT-FOR-US: Citrix
 CVE-2018-6809 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 
10.5, ...)
-   TODO: check
+   NOT-FOR-US: Citrix
 CVE-2018-6808 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 
10.5, ...)
-   TODO: check
+   NOT-FOR-US: Citrix
 CVE-2018-6807
RESERVED
 CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read 
arbitrary files ...)
@@ -6500,19 +6500,19 @@ CVE-2018-5473 (An Improper Restriction of Operations 
within the Bounds of a Memo
 CVE-2018-5472
RESERVED
 CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was 
discovered ...)
-   TODO: check
+   NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, 
MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5470
RESERVED
 CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts 
issue was ...)
-   TODO: check
+   NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, 
MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5468
RESERVED
 CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request 
issue was ...)
-   TODO: check
+   NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, 
MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5466
RESERVED
 CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann 
RS, RSR, ...)
-   TODO: check
+   NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, 
MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5464
RESERVED
 CVE-2018-5463
@@ -6520,7 +6520,7 @@ CVE-2018-5463
 CVE-2018-5462
RESERVED
 CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in 
Belden ...)
-   TODO: check
+   NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, 
MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5460
RESERVED
 CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 
Series ...)
@@ -7107,7 +7107,7 @@ CVE-2018-5256
 CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that 
is shared ...)
NOT-FOR-US: Hitron CVE-30360 devices
 CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 
before ...)
-   TODO: check
+   NOT-FOR-US: Arista
 CVE-2018-5254
RESERVED
 CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 
1.5.1.0 has an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/282e9ca7fd85ab659733545f5520d9ac8a424d67

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/282e9ca7fd85ab659733545f5520d9ac8a424d67
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b0811d1 by Salvatore Bonaccorso at 2018-03-07T20:27:12+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,7 +9,7 @@ CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in 
the Linux kernel
- linux 
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199037
 CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass 
...)
-   TODO: check
+   NOT-FOR-US: antsle antman
 CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path 
leakage, as ...)
NOT-FOR-US: Z-BlogPHP
 CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the 
ZC_BLOG_SUBNAME ...)
@@ -66,7 +66,7 @@ CVE-2018-7722 (The management panel in Piwigo 2.9.3 has 
stored XSS via the name 
 CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
NOT-FOR-US: MetInfo
 CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in 
Western ...)
-   TODO: check
+   NOT-FOR-US: Western Bridge Cobub Razor
 CVE-2018-7719
RESERVED
 CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer 
Overflow ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b0811d1ced1dfe2ef7af880c9b778dcf332e8ae

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b0811d1ced1dfe2ef7af880c9b778dcf332e8ae
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
61d45346 by Salvatore Bonaccorso at 2018-03-06T22:14:51+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,11 @@
 CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL 
injection ...)
-   TODO: check
+   NOT-FOR-US: Afian FileRun
 CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL 
injection ...)
-   TODO: check
+   NOT-FOR-US: Afian FileRun
 CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php 
has ...)
-   TODO: check
+   NOT-FOR-US: YxtCMF
 CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in 
...)
-   TODO: check
+   NOT-FOR-US: YxtCMF
 CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
TODO: check
 CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case 
of a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61d453465a81be5a879ac36b22e85301aafb546c

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61d453465a81be5a879ac36b22e85301aafb546c
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
673bd70a by Salvatore Bonaccorso at 2018-03-06T10:29:56+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,11 @@
 CVE-2018-7718
RESERVED
 CVE-2018-7717 (The htmlImageAddTitleAttribute function in sige.php in the 
Kubik-Rubik ...)
-   TODO: check
+   NOT-FOR-US: Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 
for Joomla!
 CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege 
escalation ...)
-   TODO: check
+   NOT-FOR-US: PrivateVPN for macOS
 CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege 
escalation ...)
-   TODO: check
+   NOT-FOR-US: PrivateVPN for macOS
 CVE-2018-7714 (The validateInputImageSize function in ...)
TODO: check
 CVE-2018-7713 (The validateInputImageSize function in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/673bd70adfba434d13b1f151077f0b504d3a2274

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/673bd70adfba434d13b1f151077f0b504d3a2274
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
244f7be6 by Salvatore Bonaccorso at 2018-03-05T22:41:05+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -612,7 +612,7 @@ CVE-2018-7495
 CVE-2018-7494
RESERVED
 CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege 
...)
-   TODO: check
+   NOT-FOR-US: CactusVPN for macOS
 CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux 
kernel ...)
- linux 4.14.2-1
[stretch] - linux 4.9.65-1
@@ -6398,7 +6398,7 @@ CVE-2018-5451
 CVE-2018-5450
RESERVED
 CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell 
...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-5448
RESERVED
 CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari 
PCS-9611 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/244f7be6df2a60c7c5131ed02fd79797d704375f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/244f7be6df2a60c7c5131ed02fd79797d704375f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ed255757 by Salvatore Bonaccorso at 2018-03-05T22:13:28+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-7700
 CVE-2018-7699
RESERVED
 CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for 
DCS-933L ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-7697
RESERVED
 CVE-2018-7696
@@ -57,7 +57,7 @@ CVE-2018-7673
 CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux 
kernel ...)
TODO: check
 CVE-2017-18217 (An issue was discovered in InvoicePlane before 1.5.5. It was 
observed ...)
-   TODO: check
+   NOT-FOR-US: InvoicePlane
 CVE-2017-18216 (In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 
4.15, ...)
TODO: check
 CVE-2017-18215 (xvpng.c in xv 3.10a has memory corruption (out-of-bounds 
write) when ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed255757518d17028c93ddcf223a296208b2eacb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ed255757518d17028c93ddcf223a296208b2eacb
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ce9aa9cd by Salvatore Bonaccorso at 2018-03-05T21:31:47+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,21 +7,21 @@ CVE-2018-7670
 CVE-2018-7669
RESERVED
 CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: TestLink
 CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
TODO: check
 CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 
4902. SQL ...)
-   TODO: check
+   NOT-FOR-US: ClipBucket
 CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 
4902. A ...)
-   TODO: check
+   NOT-FOR-US: ClipBucket
 CVE-2018-7664 (An issue was discovered in ClipBucket before 4.0.0 Release 
4902. Any OS ...)
-   TODO: check
+   NOT-FOR-US: ClipBucket
 CVE-2018-7663 (An issue was discovered in 
resources/views/layouts/app.blade.php in ...)
-   TODO: check
+   NOT-FOR-US: Voten.co
 CVE-2018-7662 (Couch through 2.0 allows remote attackers to discover the full 
path via ...)
-   TODO: check
+   NOT-FOR-US: CouchCMS
 CVE-2018-7661 (Papenmeier WiFi Baby Monitor Free  Lite before 2.02.2 
allows remote ...)
-   TODO: check
+   NOT-FOR-US: Papenmeier WiFi Baby Monitor Free & Lite
 CVE-2018-7660
RESERVED
 CVE-2018-7659



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce9aa9cd162e54b3980dda3461897f59297de4d4

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce9aa9cd162e54b3980dda3461897f59297de4d4
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e516cd90 by Salvatore Bonaccorso at 2018-03-04T11:48:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,13 +7,13 @@ CVE-2018-7656
 CVE-2018-7655
RESERVED
 CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter file in 
the request ...)
-   TODO: check
+   NOT-FOR-US: 3CX 15.5.6354.2 devices
 CVE-2018-7653
RESERVED
 CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI 
before 1.0.11 ...)
TODO: check
 CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can 
elevate ...)
-   TODO: check
+   NOT-FOR-US: Exponent CMS
 CVE-2018- [Regular Expression Denial of Service]
- node-moment 2.19.3+ds-1 (unimportant)
NOTE: fixed in 2.19.3 upstream
@@ -206,7 +206,7 @@ CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 
7.1.x through 7.1.14,
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75981
NOTE: 
https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
 CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service 
(daemon crash) ...)
-   TODO: check
+   NOT-FOR-US: Proxy.exe in DualDesk 20
 CVE-2018-7582
RESERVED
 CVE-2018-7581
@@ -656,7 +656,7 @@ CVE-2018-7451
 CVE-2018-7450
RESERVED
 CVE-2018-7449 (SEGGER embOS/IP FTP Server 3.22 allows remote attackers to 
cause a ...)
-   TODO: check
+   NOT-FOR-US: SEGGER embOS/IP FTP Server
 CVE-2018-7448 (Remote code execution vulnerability in ...)
NOT-FOR-US: CMS Made Simple
 CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent 
cross-site ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e516cd903e9e220b184c5077be70e1bb71884bfa

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e516cd903e9e220b184c5077be70e1bb71884bfa
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f9aafce9 by Salvatore Bonaccorso at 2018-03-03T10:25:14+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -652,7 +652,7 @@ CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c 
in ImageMagick 7.0.7-
 CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via 
a ...)
NOT-FOR-US: zzcms
 CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not 
...)
-   TODO: check
+   NOT-FOR-US: iThemes Security plugin for WordPress
 CVE-2018-7432
RESERVED
 CVE-2018-7431
@@ -3445,7 +3445,7 @@ CVE-2018-6492
 CVE-2018-6491
RESERVED
 CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Operations Orchestration Software
 CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project 
and ...)
NOT-FOR-US: Micro Focus Project and Portfolio Management Center
 CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal 
CMDB, ...)
@@ -16166,7 +16166,7 @@ CVE-2018-1375
 CVE-2018-1374
RESERVED
 CVE-2018-1373 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses 
an ...)
-   TODO: check
+   NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does 
not ...)
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1371
@@ -17404,9 +17404,9 @@ CVE-2018-1172
 CVE-2018-1171
RESERVED
 CVE-2018-1170 (This vulnerability allows adjacent attackers to inject 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: Volkswagen Customer-Link App and HTC Customer-Link Bridge
 CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary 
code ...)
-   TODO: check
+   NOT-FOR-US: Amazon Music Player
 CVE-2018-1168 (This vulnerability allows local attackers to escalate 
privileges on ...)
NOT-FOR-US: ABB MicroSCADA
 CVE-2018-1167
@@ -43390,7 +43390,7 @@ CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x 
before 4.5.6 has a denial o
NOTE: 
https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572
 CVE-2017-9447 (In the web interface of Parallels Remote Application Server 
(RAS) 15.5 ...)
-   TODO: check
+   NOT-FOR-US: Parallels Remote Application Server
 CVE-2017-9446
RESERVED
 CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new 
in ...)
@@ -44074,7 +44074,7 @@ CVE-2017-9289 (Bram Korsten Note through 1.2.0 is 
vulnerable to a reflected XSS 
 CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a 
reflected ...)
NOT-FOR-US: Wordpress plugin
 CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in 
an ...)
-   TODO: check
+   NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud
 CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login 
restrictions ...)
TODO: check
 CVE-2017-9284



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9aafce95043d585c9b51e09509c12e551af5ddc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9aafce95043d585c9b51e09509c12e551af5ddc
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e9c26da7 by Salvatore Bonaccorso at 2018-03-02T10:41:32+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-7636
 CVE-2018-7635
RESERVED
 CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF 
attack ...)
-   TODO: check
+   NOT-FOR-US: Enalean Tuleap
 CVE-2018-7633
RESERVED
 CVE-2018-7632
@@ -91,7 +91,7 @@ CVE-2018-7592
 CVE-2018-7591
RESERVED
 CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting 
in ...)
-   TODO: check
+   NOT-FOR-US: Hoosk
 CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in 
load_bmp in ...)
TODO: check
 CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer 
over-read in ...)
@@ -99,7 +99,7 @@ CVE-2018-7588 (An issue was discovered in CImg v.220. A 
heap-based buffer over-r
 CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading 
a ...)
TODO: check
 CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, 
gallery ...)
-   TODO: check
+   NOT-FOR-US: nextgen-gallery plugin for WordPress
 CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a 
heap-based ...)
TODO: check
 CVE-2018-7585



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c26da7449ec804dc888a825e0ec0c565a73645

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9c26da7449ec804dc888a825e0ec0c565a73645
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
23bfd857 by Salvatore Bonaccorso at 2018-02-28T21:13:42+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,7 +31,7 @@ CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a 
NULL pointer derefere
- zsh 
NOTE: 
https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
 CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to 
the ...)
-   TODO: check
+   NOT-FOR-US: lyadmin
 CVE-2018-7546
RESERVED
 CVE-2018-7545
@@ -3232,7 +3232,7 @@ CVE-2018-6483
 CVE-2018-6482
RESERVED
 CVE-2018-6481 (A buffer overflow vulnerability in the control protocol of Disk 
Savvy ...)
-   TODO: check
+   NOT-FOR-US: Disk Savvy Enterprise
 CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to 
a ...)
NOT-FOR-US: CCN-lite 2
 CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
@@ -15733,7 +15733,7 @@ CVE-2018-1418
 CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes 
for ...)
NOT-FOR-US: IBM Runtimes for Java Technology
 CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to 
...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Portal
 CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
NOT-FOR-US: IBM Maximo Asset Management
 CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL 
...)
@@ -31510,7 +31510,7 @@ CVE-2017-13275
 CVE-2017-13274
RESERVED
 CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient 
...)
-   TODO: check
+   NOT-FOR-US: Android
 CVE-2017-13272
RESERVED
 CVE-2017-13271
@@ -38875,7 +38875,7 @@ CVE-2017-10965 (An issue was discovered in Irssi before 
1.0.4. When receiving me
 CVE-2017-10964
RESERVED
 CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM 
(Enterprise ...)
-   TODO: check
+   NOT-FOR-US: Samsung
 CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
NOT-FOR-US: REDCap
 CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the 
File ...)
@@ -44729,7 +44729,7 @@ CVE-2017-8995
 CVE-2017-8994 (A input validation vulnerability in HPE Operations 
Orchestration ...)
NOT-FOR-US: HPE
 CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and 
...)
-   TODO: check
+   NOT-FOR-US: HPE Project and Portfolio Management
 CVE-2017-8992
RESERVED
 CVE-2017-8991
@@ -65819,7 +65819,7 @@ CVE-2017-2168 (Cross-site scripting vulnerability in WP 
Booking System Free vers
 CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive 
...)
NOT-FOR-US: PrimeDrive
 CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and 
earlier ...)
-   TODO: check
+   NOT-FOR-US: GroupSession
 CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote 
authenticated ...)
NOT-FOR-US: GroupSession
 CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 
1.8.12 ...)
@@ -73133,7 +73133,7 @@ CVE-2016-8743 (Apache HTTP Server, in all releases 
prior to 2.2.32 and 2.4.25, w
NOTE: Fixed in 2.4.25.
NOTE: For 2.2 preparation is done in 
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
 CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was 
...)
-   TODO: check
+   NOT-FOR-US: Windows installer for Apache CouchDB
 CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use 
different so ...)
- qpid-java  (bug #840131)
 CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 
2.4.23, ...)
@@ -81235,7 +81235,7 @@ CVE-2016-6274
 CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex 
License ...)
NOT-FOR-US: Flexera
 CVE-2016-6272 (SQL injection vulnerability in EPIC MyChart allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: EPIC MyChart
 CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
@@ -118491,7 +118491,7 @@ CVE-2015-2798 (SQL injection vulnerability in Joomla! 
Component Contact Form Mak
 CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 
5650TT, ...)
NOT-FOR-US: AirTies Air DSL modems
 CVE-2015-2796 (Multiple cross-site scripting (XSS) vulnerabilities in 
Project-Pier ...)
-   TODO: check
+   NOT-FOR-US: Project-Pier ProjectPier-Core
 CVE-2015-2795
RESERVED
 CVE-2015-2794 (The installation wizard in DotNetNuke (DNN) before 7.4.1 allows 
remote ...)
@@ 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c7480ab0 by Salvatore Bonaccorso at 2018-02-28T11:03:12+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -212,7 +212,7 @@ CVE-2018-7484 (An issue was discovered in PureVPN through 
5.19.4.0 on Windows. T
 CVE-2018-7483
RESERVED
 CVE-2018-7482 (The K2 component 2.8.0 for Joomla! has Incorrect Access Control 
with ...)
-   TODO: check
+   NOT-FOR-US: K2 component for Joomla!
 CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 
mishandles ...)
- linux  (Vulnerable code not present)
 CVE-2018-199 [AST-2018-003: Crash with an invalid SDP fmtp attribute]
@@ -238,7 +238,7 @@ CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to 
discover the full path via 
 CVE-2018-7478
RESERVED
 CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management 
Script 3.0.4 ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall School Management Script
 CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross 
Site ...)
NOT-FOR-US: FineCms
 CVE-2018-7475
@@ -263,7 +263,7 @@ CVE-2018-7469
 CVE-2018-7468
RESERVED
 CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial 
/css//..%2f ...)
-   TODO: check
+   NOT-FOR-US: AxxonSoft Axxon Next
 CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows 
remote ...)
NOT-FOR-US: TestLink
 CVE-2018-7465
@@ -1257,7 +1257,7 @@ CVE-2018-168 (An improper input validation 
vulnerability exists in Jenkins v
 CVE-2018-167 (An improper authorization vulnerability exists in Jenkins 
versions ...)
- jenkins 
 CVE-2018-7172 (In index.php in WonderCMS 2.4.0, remote attackers can delete 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: WonderCMS
 CVE-2018-7171
RESERVED
 CVE-2018-7170 [Multiple authenticated ephemeral associations]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7480ab0b93da80c6ad59283d020272952780e56

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7480ab0b93da80c6ad59283d020272952780e56
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1c675925 by Salvatore Bonaccorso at 2018-02-27T17:19:32+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5025,7 +5025,7 @@ CVE-2018-5764 (The parse_arguments function in options.c 
in rsyncd in rsync befo
 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 
5.3.7 ...)
NOT-FOR-US: OXID eShop Enterprise Edition
 CVE-2018-5762 (The TLS implementation in the TCP/IP networking module in 
Unisys ...)
-   TODO: check
+   NOT-FOR-US: Unisys ClearPath MCP systems
 CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was 
found ...)
NOT-FOR-US: Rubrik CDM
 CVE-2018-5760
@@ -7195,95 +7195,95 @@ CVE-2018-4918
 CVE-2018-4917
RESERVED
 CVE-2018-4916 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4915 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4914 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4913 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4912 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4911 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4910 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4909 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4908 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4907 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4906 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4905 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4904 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4903 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4902 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4901 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4900 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4899 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4898 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4897 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4896 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4895 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4894 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4893 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4892 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4891 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4890 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4889 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4888 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4887 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
-   TODO: 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89ada36f by Salvatore Bonaccorso at 2018-02-26T22:38:08+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-7492 (A NULL pointer dereference was found in the 
net/rds/rdma.c ...)
[stretch] - linux 4.9.80-1
NOTE: Fixed by: 
https://git.kernel.org/linus/f3069c6d33f6ae63a1668737bc7851bff7ca
 CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
-   TODO: check
+   NOT-FOR-US: PrestaShop
 CVE-2018-7490
RESERVED
 CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 
2.9.5 ...)
@@ -13,7 +13,7 @@ CVE-2018-7488
 CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function 
of ...)
TODO: check
 CVE-2018-7486 (Blue River Mura CMS before v7.0.7029 supports inline function 
calls ...)
-   TODO: check
+   NOT-FOR-US: Blue River Mura CMS
 CVE-2018-7485 (The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in 
unixODBC ...)
TODO: check
 CVE-2017-18201 (An issue was discovered in GNU libcdio before 2.0.0. There is 
a double ...)
@@ -80,7 +80,7 @@ CVE-2018-7465
 CVE-2018-7464
RESERVED
 CVE-2018-7463 (SQL injection vulnerability in files.php in the 
files component in ...)
-   TODO: check
+   NOT-FOR-US: ASANHAMAYESH CMS
 CVE-2018-7462
RESERVED
 CVE-2018-7461
@@ -122,7 +122,7 @@ CVE-2018-7450
 CVE-2018-7449
RESERVED
 CVE-2018-7448 (Remote code execution vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent 
cross-site ...)
NOT-FOR-US: mojoPortal
 CVE-2018-7446
@@ -174,7 +174,7 @@ CVE-2018-7424
 CVE-2018-7423
RESERVED
 CVE-2017-18195 (An issue was discovered in tools/conversations/view_ajax.php 
in ...)
-   TODO: check
+   NOT-FOR-US: Concrete5
 CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL 
Certificate ...)
- elinks  (bug #891575)
- links2 2.6-1 (bug #694658; bug #510417)
@@ -801,9 +801,9 @@ CVE-2018-7252
 CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. 
The error ...)
NOT-FOR-US: Anchor CMS
 CVE-2018-7250 (An issue was discovered in secdrv.sys as shipped in Microsoft 
Windows ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-7249 (An issue was discovered in secdrv.sys as shipped in Microsoft 
Windows ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the 
...)
NOT-FOR-US: "Photo,Video Locker-Calculator" application for Android
 CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain 
sensitive ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/89ada36ff5638d6e0f6ca3cda7eccde10eba3056

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/89ada36ff5638d6e0f6ca3cda7eccde10eba3056
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
38d8e1b2 by Salvatore Bonaccorso at 2018-02-26T11:14:30+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. 
The ...)
-   TODO: check
+   NOT-FOR-US: PureVPN on Windows
 CVE-2018-7483
RESERVED
 CVE-2018-7482
@@ -21,7 +21,7 @@ CVE-2018-7480 (The blkcg_init_queue function in 
block/blk-cgroup.c in the Linux 
- linux 4.11.6-1
NOTE: Fixed by: 
https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
 CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path 
via a ...)
-   TODO: check
+   NOT-FOR-US: YzmCMS
 CVE-2018-7478
RESERVED
 CVE-2018-7477
@@ -1739,11 +1739,11 @@ CVE-2018-6869 (In ZZIPlib 0.13.68, there is an 
uncontrolled memory allocation an
[jessie] - zziplib  (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/22
 CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall 
Slickdeals / ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone 
Script
 CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba 
Clone ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Alibaba Clone Script
 CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning 
and ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Learning and Examination Management System 
Script
 CVE-2018-6865
RESERVED
 CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi 
religion ...)
@@ -1757,7 +1757,7 @@ CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP 
Scripts Mall Lawyer Sear
 CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP 
Scripts ...)
NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
 CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert 
Management ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
 CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook 
Clone ...)
NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
 CVE-2018-6857



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/38d8e1b2256637d8eda995493bf7dde897e156a3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/38d8e1b2256637d8eda995493bf7dde897e156a3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41541688 by Salvatore Bonaccorso at 2018-02-25T22:18:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10,7 +10,7 @@ CVE-2018-7478
 CVE-2018-7477
RESERVED
 CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross 
Site ...)
-   TODO: check
+   NOT-FOR-US: FineCms
 CVE-2018-7475
RESERVED
 CVE-2018-7474



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/415416882a1ac3ef15e334438c11e83cea9accbc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/415416882a1ac3ef15e334438c11e83cea9accbc
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b35b0974 by Salvatore Bonaccorso at 2018-02-25T14:16:18+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of 
service ...)
-   TODO: check
+   NOT-FOR-US: INVT Studio
 CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage 
API read ...)
-   TODO: check
+   NOT-FOR-US: KingView
 CVE-2018-7470 (An issue was discovered in ImageMagick 7.0.7-22 Q16. The ...)
- imagemagick  (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/998
@@ -16,7 +16,7 @@ CVE-2018-7468
 CVE-2018-7467
RESERVED
 CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: TestLink
 CVE-2018-7465
RESERVED
 CVE-2018-7464



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b35b0974e1a728d28e221d09f3364cf2a35c18ab

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b35b0974e1a728d28e221d09f3364cf2a35c18ab
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e911701e by Salvatore Bonaccorso at 2018-02-23T15:38:22+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -170932,7 +170932,7 @@ CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, 
as distributed in Centrify
 CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java 
number ...)
TODO: check
 CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb 
before ...)
-   TODO: check
+   NOT-FOR-US: FortiWeb
 CVE-2012-6345
RESERVED
NOT-FOR-US: CyberArk Vault
@@ -186366,7 +186366,7 @@ CVE-2012-0943 (debian/guest-account in Light Display 
Manager (lightdm) 1.0.x bef
 CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and 
Helix ...)
NOT-FOR-US: RealNetworks Helix
 CVE-2012-0941 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet 
...)
-   TODO: check
+   NOT-FOR-US: Fortinet
 CVE-2012-0940
RESERVED
 CVE-2012-0939 (Multiple SQL injection vulnerabilities in TestLink 1.8.5b and 
earlier ...)
@@ -186843,7 +186843,7 @@ CVE-2012-0773 (The NetStream class in Adobe Flash 
Player before 10.3.183.18 and 
 CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash Player
 CVE-2012-0771 (Adobe Shockwave Player before 11.6.4.634 allows attackers to 
execute ...)
-   TODO: check
+   NOT-FOR-US: Adobe Flash Player
 CVE-2012-0770 (Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash 
values for ...)
NOT-FOR-US: Adobe ColdFusion
 CVE-2012-0769 (Adobe Flash Player before 10.3.183.16 and 11.x before 
11.1.102.63 on ...)
@@ -191633,9 +191633,9 @@ CVE-2011-4071
 CVE-2011-4070
RESERVED
 CVE-2011-4069 (html/admin/login.php in PacketFence before 3.0.2 allows remote 
...)
-   TODO: check
+   NOT-FOR-US: PacketFence
 CVE-2011-4068 (The check_password function in html/admin/login.php in 
PacketFence ...)
-   TODO: check
+   NOT-FOR-US: PacketFence
 CVE-2011-4067
RESERVED
 CVE-2011-4066 (SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 
and ...)
@@ -193553,7 +193553,7 @@ CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 
12.5.3, and IT Management Suit
 CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x 
through ...)
NOT-FOR-US: Symantec pcAnywhere
 CVE-2011-3477 (GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as 
used in ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2011-3476
REJECTED
 CVE-2011-3475
@@ -217126,7 +217126,7 @@ CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert 
Handler service (aka Symantec Int
 CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management 
System ...)
NOT-FOR-US: Symantec Intel Alert Handler
 CVE-2010-0109 (DBManager in Symantec Altiris Deployment Solution 6.9.x before 
DS 6.9 ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in 
the ...)
NOT-FOR-US: Symantec AntiVirus
 CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in 
Symantec N360 ...)
@@ -218045,7 +218045,7 @@ CVE-2009-4269 (The password hash generation algorithm 
in the BUILTIN authenticat
 CVE-2009-4268
REJECTED
 CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line 
feeds, ...)
-   TODO: check
+   NOT-FOR-US: Apache jUDDI
 CVE-2009- [gnome-screensaver inhibitor not removed when connection is 
closed]
- gnome-screensaver 2.28.0-2 (low; bug #560895)
[etch] - gnome-screensaver  (vulnerable code introduced 
in 2.28)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e911701e282a6443831d076b6ca38aad26ab2fc2

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e911701e282a6443831d076b6ca38aad26ab2fc2
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8327299 by Salvatore Bonaccorso at 2018-02-23T10:17:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2583,9 +2583,9 @@ CVE-2018-6491
 CVE-2018-6490
RESERVED
 CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project 
and ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Project and Portfolio Management Center
 CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal 
CMDB, ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Universal CMDB
 CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB 
...)
NOT-FOR-US: Micro Focus Universal CMDB Foundation Software
 CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify 
Audit ...)
@@ -20521,7 +20521,7 @@ CVE-2018-0017
 CVE-2018-0016
RESERVED
 CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix 
application ...)
-   TODO: check
+   NOT-FOR-US: AppFormix
 CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets 
with ...)
NOT-FOR-US: Juniper
 CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos 
Space ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83272996c001268a145f0c15a373a28dd6672a2

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83272996c001268a145f0c15a373a28dd6672a2
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
140cba52 by Salvatore Bonaccorso at 2018-02-22T22:37:19+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -153,7 +153,7 @@ CVE-2018-7340
 CVE-2018-7339
RESERVED
 CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the 
signup ...)
-   TODO: check
+   NOT-FOR-US: HamayeshNegar CMS
 CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 
mishandles ...)
- linux 4.13.4-1
NOTE: Fixed by: 
https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
@@ -208,21 +208,21 @@ CVE-2018-7321
 CVE-2018-7320
RESERVED
 CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 
component ...)
-   TODO: check
+   NOT-FOR-US: OS Property Real Estate component for Joomla!
 CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: CheckList component for Joomla!
 CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: Proclaim component for Joomla!
 CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component 
for ...)
-   TODO: check
+   NOT-FOR-US: Proclaim component for Joomla!
 CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! 
via the ...)
-   TODO: check
+   NOT-FOR-US: Ek Rishta component for Joomla!
 CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: PrayerCenter component for Joomla!
 CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! 
via the ...)
-   TODO: check
+   NOT-FOR-US: CW Tags component for Joomla!
 CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 
component for ...)
-   TODO: check
+   NOT-FOR-US: Alexandria Book Library component for Joomla!
 CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root 
...)
NOT-FOR-US: PrivateVPN for macOS
 CVE-2018-7310
@@ -244,17 +244,17 @@ CVE-2018-7303 (The Calendar component in Tiki 17.1 allows 
HTML injection. ...)
 CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG 
content, ...)
NOT-FOR-US: Tiki
 CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC 
port ...)
-   TODO: check
+   NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
 CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code 
Execution in ...)
-   TODO: check
+   NOT-FOR-US: eQ-3 AG Homematic CCU2
 CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 
AG ...)
-   TODO: check
+   NOT-FOR-US: eQ-3 AG Homematic CCU2
 CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG 
HomeMatic ...)
-   TODO: check
+   NOT-FOR-US: eQ-3 AG Homematic CCU2
 CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG 
...)
-   TODO: check
+   NOT-FOR-US: eQ-3 AG Homematic CCU2
 CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage 
method ...)
-   TODO: check
+   NOT-FOR-US: eQ-3 AG Homematic CCU2
 CVE-2018-7295
RESERVED
 CVE-2018-7294
@@ -1386,7 +1386,7 @@ CVE-2018-6892 (An issue was discovered in CloudMe before 
1.11.0. An unauthentica
 CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via 
a ...)
NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
 CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 
via the ...)
-   TODO: check
+   NOT-FOR-US: Wolf CMS
 CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a 
Host ...)
NOT-FOR-US: Typesetter CMS
 CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions 
page ...)
@@ -15139,13 +15139,13 @@ CVE-2018-1419
 CVE-2018-1418
RESERVED
 CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM Runtimes 
for ...)
-   TODO: check
+   NOT-FOR-US: IBM Runtimes for Java Technology
 CVE-2018-1416
RESERVED
 CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
-   TODO: check
+   NOT-FOR-US: IBM Maximo Asset Management
 CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL 
...)
-   TODO: check
+   NOT-FOR-US: IBM Maximo Asset Management
 CVE-2018-1413
RESERVED
 CVE-2018-1412
@@ -15189,9 +15189,9 @@ CVE-2018-1394
 CVE-2018-1393
RESERVED
 CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH 
Services for ...)
-   TODO: check
+   NOT-FOR-US: IBM Financial Transaction Manager
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25f85058 by Salvatore Bonaccorso at 2018-02-22T21:53:29+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1065,7 +1065,7 @@ CVE-2018-6938
 CVE-2018-6937
RESERVED
 CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 
3.01 via ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-6935
RESERVED
 CVE-2018-6934
@@ -33746,7 +33746,7 @@ CVE-2017-12417
 CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect 
internal ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 
4.10.x ...)
-   TODO: check
+   NOT-FOR-US: OXID eShop
 CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom 
encryption ...)
NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because 
an ...)
@@ -39032,13 +39032,13 @@ CVE-2017-9972
 CVE-2017-9971
RESERVED
 CVE-2017-9970 (A remote code execution vulnerability exists in Schneider 
Electric's ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2017-9969 (An information disclosure vulnerability exists in Schneider 
Electric's ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider 
...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider 
...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider 
Electric's ...)
NOT-FOR-US: Schneider Electric
 CVE-2017-9965 (An exposure of sensitive information vulnerability exists in 
Schneider ...)
@@ -39046,7 +39046,7 @@ CVE-2017-9965 (An exposure of sensitive information 
vulnerability exists in Schn
 CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric 
Pelco ...)
NOT-FOR-US: Schneider Electric
 CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure 
...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to 
August 2017 ...)
NOT-FOR-US: Schneider Electric
 CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro 
EX ...)
@@ -42033,7 +42033,7 @@ CVE-2017-9515
 CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 
had a ...)
NOT-FOR-US: Atlassian Bamboo
 CVE-2017-9513 (Several rest inline action resources of Atlassian Activity 
Streams ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Activity Streams
 CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and 
...)
NOT-FOR-US: Atlassian
 CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, 
before ...)
@@ -43952,19 +43952,19 @@ CVE-2017-8987
 CVE-2017-8986
RESERVED
 CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a 
local ...)
-   TODO: check
+   NOT-FOR-US: HPE XP Storage
 CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent 
Management ...)
-   TODO: check
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
-   TODO: check
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE 
...)
-   TODO: check
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent 
Management ...)
-   TODO: check
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE 
Intelligent ...)
-   TODO: check
+   NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 
(iLO 2) ...)
-   TODO: check
+   NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware
 CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability 
in HPE ...)
NOT-FOR-US: HPE IceWall Products
 CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard 
Enterprise ...)
@@ -52834,17 +52834,17 @@ CVE-2017-6232
 CVE-2017-6231
RESERVED
 CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and 
Ruckus ...)
-   TODO: check
+   NOT-FOR-US: Ruckus Networks firmware
 CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 
200.6.10.1.x and ...)
-   TODO: check
+   NOT-FOR-US: Ruckus Networks firmware
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
52e71db8 by Salvatore Bonaccorso at 2018-02-22T10:41:32+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -53,13 +53,13 @@ CVE-2018-7313
 CVE-2018-7312
RESERVED
 CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root 
...)
-   TODO: check
+   NOT-FOR-US: PrivateVPN for macOS
 CVE-2018-7310
RESERVED
 CVE-2018-7309
RESERVED
 CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin 
hosting ...)
-   TODO: check
+   NOT-FOR-US: DanWin hosting
 CVE-2018-7307
RESERVED
 CVE-2018-7306
@@ -119,7 +119,7 @@ CVE-2018-7283
 CVE-2018-7282
RESERVED
 CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation 
...)
-   TODO: check
+   NOT-FOR-US: CactusVPN for macOS
 CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-193
@@ -19266,21 +19266,21 @@ CVE-2018-0208
 CVE-2018-0207
RESERVED
 CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime 
Collaboration ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection 
could allow ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0202
RESERVED
 CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could 
allow an ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime 
Service ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could 
allow an ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0198
RESERVED
 CVE-2018-0197
@@ -19382,13 +19382,13 @@ CVE-2018-0150
 CVE-2018-0149
RESERVED
 CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco 
UCS ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0147
RESERVED
 CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0145 (A vulnerability in the web-based management interface of the 
Cisco Data ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0144
RESERVED
 CVE-2018-0143
@@ -19400,7 +19400,7 @@ CVE-2018-0141
 CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security 
...)
NOT-FOR-US: Cisco
 CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) 
management ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower 
System ...)
NOT-FOR-US: Cisco
 CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime 
Network ...)
@@ -19418,7 +19418,7 @@ CVE-2018-0132 (A vulnerability in the forwarding 
information base (FIB) code of 
 CVE-2018-0131
RESERVED
 CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based 
service ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco 
Data ...)
NOT-FOR-US: Cisco
 CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco 
Data ...)
@@ -19430,13 +19430,13 @@ CVE-2018-0126
 CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ 
...)
NOT-FOR-US: Cisco
 CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager 
could ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for 
Cisco IOS ...)
NOT-FOR-US: Cisco
 CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system 
for ...)
NOT-FOR-US: Cisco
 CVE-2018-0121 (A vulnerability in the authentication functionality of the 
web-based ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
NOT-FOR-US: Cisco
 CVE-2018-0119 (A vulnerability in certain authentication controls in the 
account ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/52e71db8f737c2bedfa5366368870a070d2de473

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/52e71db8f737c2bedfa5366368870a070d2de473
You're receiving this email 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0db8dfcf by Salvatore Bonaccorso at 2018-02-21T22:28:00+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
 CVE-2018-7306
RESERVED
 CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to 
...)
-   TODO: check
+   NOT-FOR-US: MyBB
 CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; 
...)
-   TODO: check
+   NOT-FOR-US: Tiki
 CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
-   TODO: check
+   NOT-FOR-US: Tiki
 CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG 
content, ...)
-   TODO: check
+   NOT-FOR-US: Tiki
 CVE-2018-7301
RESERVED
 CVE-2018-7300
@@ -33,7 +33,7 @@ CVE-2018-7291
 CVE-2018-7290
RESERVED
 CVE-2018-7289 (An issue was discovered in 
armadito-windows-driver/src/communication.c ...)
-   TODO: check
+   NOT-FOR-US: Armadito
 CVE-2018-7288
RESERVED
 CVE-2018-7287
@@ -51,7 +51,7 @@ CVE-2018-7282
 CVE-2018-7281
RESERVED
 CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
-   TODO: check
+   NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-193
RESERVED
 CVE-2018-192
@@ -148,7 +148,7 @@ CVE-2018-7263 (The mad_decoder_run() function in decoder.c 
in Underbit libmad th
 CVE-2018-7262
RESERVED
 CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant 
CMS ...)
-   TODO: check
+   NOT-FOR-US: Radiant CMS
 CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in 
db_central_columns.php in ...)
TODO: check
 CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X 
sends a ...)
@@ -4393,7 +4393,7 @@ CVE-2018-5718
 CVE-2018-5717
RESERVED
 CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This 
...)
-   TODO: check
+   NOT-FOR-US: Reprise License Manager
 CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in 
the query ...)
NOT-FOR-US: SugarCRM
 CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file 
(zam64.sys) allows ...)
@@ -16138,15 +16138,15 @@ CVE-2018-1170
 CVE-2018-1169
RESERVED
 CVE-2018-1168 (This vulnerability allows local attackers to escalate 
privileges on ...)
-   TODO: check
+   NOT-FOR-US: ABB MicroSCADA
 CVE-2018-1167
RESERVED
 CVE-2018-1166 (This vulnerability allows local attackers to escalate 
privileges on ...)
-   TODO: check
+   NOT-FOR-US: Joyent SmartOS
 CVE-2018-1165 (This vulnerability allows local attackers to escalate 
privileges on ...)
-   TODO: check
+   NOT-FOR-US: Joyent SmartOS
 CVE-2018-1164 (This vulnerability allows remote attackers to cause a ...)
-   TODO: check
+   NOT-FOR-US: ZyXEL
 CVE-2018-1163 (This vulnerability allows remote attackers to bypass 
authentication on ...)
NOT-FOR-US: Quest NetVault Backup
 CVE-2018-1162 (This vulnerability allows remote attackers to create a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0db8dfcf192e192dabe0537a5804ffbe017b795d

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0db8dfcf192e192dabe0537a5804ffbe017b795d
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fd0e7e25 by Salvatore Bonaccorso at 2018-02-21T22:02:31+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,14 +9,14 @@ CVE-2018-7276 (An issue was discovered on Lutron Quantum 
BACnet Integration 2.0 
 CVE-2018-7275
RESERVED
 CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent 
cross-site ...)
-   TODO: check
+   NOT-FOR-US: Yab Quarx
 CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals 
the ...)
- linux 
NOTE: https://lkml.org/lkml/2018/2/20/669
 CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs 
as part ...)
-   TODO: check
+   NOT-FOR-US: ForgeRock AM
 CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In 
install/install.php in the ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-7270
RESERVED
 CVE-2018-7269
@@ -28,7 +28,7 @@ CVE-2018-7267
 CVE-2018-7266
RESERVED
 CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file 
that ...)
-   TODO: check
+   NOT-FOR-US: Shimmie
 CVE-2018-7264
RESERVED
 CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b 
...)
@@ -2144,7 +2144,7 @@ CVE-2018-6489
 CVE-2018-6488
RESERVED
 CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB 
...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Universal CMDB Foundation Software
 CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify 
Audit ...)
NOT-FOR-US: Micro Focus Fortify Audit Workbench
 CVE-2017-18119
@@ -4845,7 +4845,7 @@ CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to 
footer information) is vulne
 CVE-2018-5478
RESERVED
 CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS 
Web ...)
-   TODO: check
+   NOT-FOR-US: ABB netCADOPS Web Application
 CVE-2018-5476
RESERVED
 CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 
Line ...)
@@ -21477,7 +21477,7 @@ CVE-2017-16357 (In radare 2.0.1, a memory corruption 
vulnerability exists in ...
NOTE: 
https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
NOTE: https://github.com/radare/radare2/issues/8742
 CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery 
Extended) ...)
-   TODO: check
+   NOT-FOR-US: Kubik-Rubik SIGE
 CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 
5.1.10 (fixed ...)
- passenger  (bug #884463)
- ruby-passenger 



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd0e7e25bce5fbf801227d6f7986aecfa5e5746f

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fd0e7e25bce5fbf801227d6f7986aecfa5e5746f
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0478a52b by Salvatore Bonaccorso at 2018-02-21T10:25:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,11 @@
 CVE-2018-7279
RESERVED
 CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / 
FDS-PC-DP ...)
-   TODO: check
+   NOT-FOR-US: RLE Protocol Converter FDS-PC / FDS-PC-DP devices
 CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. 
Persistent ...)
-   TODO: check
+   NOT-FOR-US: RLE Wi-MGR/FDS-Wi 6.2 devices
 CVE-2018-7276 (An issue was discovered on Lutron Quantum BACnet Integration 
2.0 ...)
-   TODO: check
+   NOT-FOR-US: Lutron Quantum BACnet Integration 2.0 devices
 CVE-2018-7275
RESERVED
 CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent 
cross-site ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0478a52bc41c7372db9a330fd0e061d69682c73a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0478a52bc41c7372db9a330fd0e061d69682c73a
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dd8f6ac7 by Salvatore Bonaccorso at 2018-02-20T22:27:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19,13 +19,13 @@ CVE-2018-7255
 CVE-2018-7252
RESERVED
 CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. 
The error ...)
-   TODO: check
+   NOT-FOR-US: Anchor CMS
 CVE-2018-7250
RESERVED
 CVE-2018-7249
RESERVED
 CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the 
...)
-   TODO: check
+   NOT-FOR-US: "Photo,Video Locker-Calculator" application for Android
 CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain 
sensitive ...)
NOT-FOR-US: Datto ALTO and SIRIS devices
 CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain 
sensitive ...)
@@ -152,7 +152,7 @@ CVE-2018-7207
 CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub 
OAuthenticator ...)
TODO: check
 CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in 
...)
-   TODO: check
+   NOT-FOR-US: Kentico
 CVE-2018-7204
RESERVED
 CVE-2018-7203
@@ -528,7 +528,7 @@ CVE-2018-7048
 CVE-2018-7047
RESERVED
 CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in 
Kentico 9 ...)
-   TODO: check
+   NOT-FOR-US: Kentico
 CVE-2018-7045
RESERVED
 CVE-2018-7044
@@ -765,9 +765,9 @@ CVE-2018-6942 (An issue was discovered in FreeType 2 
through 2.9. A NULL pointer
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
NOTE: 
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
 CVE-2018-6941 (A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 
v2.2 ...)
-   TODO: check
+   NOT-FOR-US: NAT32 devices
 CVE-2018-6940 (A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 
v2.2 ...)
-   TODO: check
+   NOT-FOR-US: NAT32 devices
 CVE-2018-6939
RESERVED
 CVE-2018-6938



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd8f6ac758647b2e70ae98394af5d806a2ebd7c3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd8f6ac758647b2e70ae98394af5d806a2ebd7c3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ef75b531 by Salvatore Bonaccorso at 2018-02-19T23:01:20+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -71,7 +71,7 @@ CVE-2018-7221
 CVE-2018-7220
RESERVED
 CVE-2018-7219 (application/admin/controller/Admin.php in NoneCms 1.3.0 has 
CSRF, as ...)
-   TODO: check
+   NOT-FOR-US: NoneCms
 CVE-2018-7218
RESERVED
 CVE-2018-7217 (In Bravo Tejari Procurement Portal, uploaded files are not 
properly ...)
@@ -120,7 +120,7 @@ CVE-2018-7199
 CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the 
Add ...)
NOT-FOR-US: October CMS
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored 
cross-site ...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2018-7196
RESERVED
 CVE-2018-7195
@@ -1716,7 +1716,7 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in 
PyCrypto through 2.6.1 generat
 CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. 
Improper ...)
NOT-FOR-US: MalwareFox AntiMalware
 CVE-2018-6592 (Unisys Stealth Windows endpoints before 3.3.016.1 allow local 
users to ...)
-   TODO: check
+   NOT-FOR-US: Unisys Stealth Windows endpoints
 CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers 
to obtain ...)
TODO: check
 CVE-2018-6590
@@ -2099,13 +2099,13 @@ CVE-2017-18097
 CVE-2017-18096
RESERVED
 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Crucible
 CVE-2017-18094
RESERVED
 CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-18092 (The print snippet resource in Atlassian Crucible before 
version 4.4.3 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Crucible
 CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and 
Crucible ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 
(the fixed ...)
@@ -3515,7 +3515,7 @@ CVE-2018-5989 (SQL Injection exists in the ccNewsletter 
2.x component for Joomla
 CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter 
to ...)
NOT-FOR-US: Flexible Poll
 CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 
...)
-   TODO: check
+   NOT-FOR-US: Pinterest Clone Social Pinboard component for Joomla!
 CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or 
s_row ...)
NOT-FOR-US: Easy Car Script
 CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component 
for ...)
@@ -3523,13 +3523,13 @@ CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS 
Cloud 1.0 component for 
 CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 
2.1 ...)
NOT-FOR-US: Tumder
 CVE-2018-5983 (SQL Injection exists in the JquickContact 1.3.2.2.1 component 
for ...)
-   TODO: check
+   NOT-FOR-US: JquickContact component for Joomla!
 CVE-2018-5982 (SQL Injection exists in the Advertisement Board 3.1.0 component 
for ...)
-   TODO: check
+   NOT-FOR-US: Advertisement Board component for Joomla!
 CVE-2018-5981 (SQL Injection exists in the Gallery WD 1.3.6 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: Gallery WD component for Joomla!
 CVE-2018-5980 (SQL Injection exists in the Solidres 2.5.1 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: Solidres component for Joomla!
 CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat 
Script 1.5 ...)
NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
 CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 
via the ...)
@@ -3539,17 +3539,17 @@ CVE-2018-5977 (SQL Injection exists in Affiligator 
Affiliate Webshop Management 
 CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation 
Online 1.0 ...)
NOT-FOR-US: RSVP Invitation Online
 CVE-2018-5975 (SQL Injection exists in the Smart Shoutbox 3.0.0 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Smart Shoutbox component for Joomla!
 CVE-2018-5974 (SQL Injection exists in the SimpleCalendar 3.1.9 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: SimpleCalendar component for Joomla!
 CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 
via ...)
NOT-FOR-US: Professional Local Directory Script
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
NOT-FOR-US: Classified Ads CMS Quickad
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7da567d5 by Salvatore Bonaccorso at 2018-02-19T22:53:31+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -14638,11 +14638,11 @@ CVE-2018-1413
 CVE-2018-1412
RESERVED
 CVE-2018-1411 (IBM Notes Diagnostics (IBM Client Application Access and IBM 
Notes) ...)
-   TODO: check
+   NOT-FOR-US: IBM Notes Diagnostics
 CVE-2018-1410 (IBM Notes Diagnostics (IBM Client Application Access and IBM 
Notes) ...)
-   TODO: check
+   NOT-FOR-US: IBM Notes Diagnostics
 CVE-2018-1409 (IBM Notes Diagnostics (IBM Client Application Access and IBM 
Notes) ...)
-   TODO: check
+   NOT-FOR-US: IBM Notes Diagnostics
 CVE-2018-1408
RESERVED
 CVE-2018-1407
@@ -118829,7 +118829,7 @@ CVE-2015-2325 [heap buffer overflow in 
compile_branch()]
NOTE: Comment from upstream: Probably every version since the support 
for forward referencing
NOTE: was introduced is affected.
 CVE-2015-2324 (Cross-site scripting (XSS) vulnerability in the filemanager in 
the ...)
-   TODO: check
+   NOT-FOR-US: filemanager in the Photo Gallery plugin for WordPress
 CVE-2015-2323 (FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports 
anonymous, ...)
NOT-FOR-US: FortiOS
 CVE-2015-2322



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7da567d56264d96e904feaa226fd72cec09b34fc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7da567d56264d96e904feaa226fd72cec09b34fc
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5bcb376a by Salvatore Bonaccorso at 2018-02-18T10:40:22+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,9 +1,9 @@
 CVE-2018-7218
RESERVED
 CVE-2018-7217 (In Bravo Tejari Procurement Portal, uploaded files are not 
properly ...)
-   TODO: check
+   NOT-FOR-US: Bravo Tejari Procurement Portal
 CVE-2018-7216 (Cross-site request forgery (CSRF) vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: Bravo Tejari Procurement Portal
 CVE-2018-7215
RESERVED
 CVE-2018-7214
@@ -13,15 +13,15 @@ CVE-2018-7213
 CVE-2018-7212 (An issue was discovered in ...)
TODO: check
 CVE-2018-7211 (An issue was discovered in iDashboards 9.6b. The SSO 
implementation is ...)
-   TODO: check
+   NOT-FOR-US: iDashboards
 CVE-2018-7210 (An issue was discovered in iDashboards 9.6b. It allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: iDashboards
 CVE-2018-7209 (An issue was discovered in iDashboards 9.6b. It allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: iDashboards
 CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary 
File ...)
TODO: check
 CVE-2018-7207 (National Payments Corporation of India (NPCI) Bharat Interface 
for ...)
-   TODO: check
+   NOT-FOR-US: BHIM
 CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub 
OAuthenticator ...)
TODO: check
 CVE-2018-7205
@@ -39,7 +39,7 @@ CVE-2018-7200
 CVE-2018-7199
RESERVED
 CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the 
Add ...)
-   TODO: check
+   NOT-FOR-US: October CMS
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored 
cross-site ...)
TODO: check
 CVE-2018-7196
@@ -3313,11 +3313,11 @@ CVE-2018-6008 (Arbitrary File Download exists in the 
Jtag Members Directory 5.3.
 CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for 
Joomla! and ...)
NOT-FOR-US: Support Ticket component for Joomla!
 CVE-2018-6006 (SQL Injection exists in the JS Autoz 1.0.9 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: JS Autoz component for Joomla!
 CVE-2018-6005 (SQL Injection exists in the Realpin through 1.5.04 component 
for ...)
-   TODO: check
+   NOT-FOR-US: Realpin component for Joomla!
 CVE-2018-6004 (SQL Injection exists in the File Download Tracker 3.0 component 
for ...)
-   TODO: check
+   NOT-FOR-US: File Download Tracker component for Joomla!
 CVE-2017-18074
RESERVED
 CVE-2017-18073
@@ -3411,17 +3411,17 @@ CVE-2018-5996 (Insufficient exception handling in the 
method ...)
 CVE-2018-5995
RESERVED
 CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! 
via the ...)
-   TODO: check
+   NOT-FOR-US: JS Jobs component for Joomla!
 CVE-2018-5993 (SQL Injection exists in the Aist through 2.0 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: Aist component for Joomla!
 CVE-2018-5992 (SQL Injection exists in the Staff Master through 1.0 RC 1 
component for ...)
-   TODO: check
+   NOT-FOR-US: Staff Master component for Joomla!
 CVE-2018-5991 (SQL Injection exists in the Form Maker 3.6.12 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: Form Maker component for Joomla!
 CVE-2018-5990 (SQL Injection exists in the AllVideos Reloaded 1.2.x component 
for ...)
-   TODO: check
+   NOT-FOR-US: AllVideos Reloaded component for Joomla!
 CVE-2018-5989 (SQL Injection exists in the ccNewsletter 2.x component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: ccNewsletter component for Joomla!
 CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter 
to ...)
NOT-FOR-US: Flexible Poll
 CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bcb376a07da9243b13106d4445231319c7d7391

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5bcb376a07da9243b13106d4445231319c7d7391
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
85af1a2f by Salvatore Bonaccorso at 2018-02-17T11:21:20+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35,13 +35,13 @@ CVE-2018-7186 (Leptonica before 1.75.3 does not limit the 
number of characters i
- leptonlib 1.75.3-2 (bug #890548)
NOTE: 
https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
 CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Saxum Astro component for Joomla!
 CVE-2018-7179 (SQL Injection exists in the SquadManagement 1.0.3 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: SquadManagement component for Joomla!
 CVE-2018-7178 (SQL Injection exists in the Saxum Picker 3.2.10 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Saxum Picker component for Joomla!
 CVE-2018-7177 (SQL Injection exists in the Saxum Numerology 3.0.4 component 
for ...)
-   TODO: check
+   NOT-FOR-US: Saxum Numerology component for Joomla!
 CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to 
adding a ...)
- frontaccounting  (bug #890604)
[wheezy] - frontaccounting  (unsupported in wheezy, 
already vulnerable to SQL injection in CVE-2014-3973)
@@ -1618,11 +1618,11 @@ CVE-2017-18123 (The call parameter of /lib/exe/ajax.php 
in DokuWiki through 2017
NOTE: https://github.com/splitbrain/dokuwiki/issues/2029
NOTE: 
https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86
 CVE-2018-6585 (SQL Injection exists in the JTicketing 2.0.16 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: JTicketing component for Joomla!
 CVE-2018-6584 (SQL Injection exists in the DT Register 3.2.7 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: DT Register component for Joomla!
 CVE-2018-6583 (SQL Injection exists in the Timetable Responsive Schedule 1.5 
component ...)
-   TODO: check
+   NOT-FOR-US: Timetable Responsive Schedule component for Joomla!
 CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for 
Joomla! ...)
NOT-FOR-US: Zh GoogleMap component for Joomla!
 CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for 
Joomla! via a ...)
@@ -2183,11 +2183,11 @@ CVE-2018-6398 (SQL Injection exists in the CP Event 
Calendar 3.0.1 component for
 CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 
component for ...)
NOT-FOR-US: Picture Calendar  component for Joomla!
 CVE-2018-6396 (SQL Injection exists in the Google Map Landkarten through 4.2.3 
...)
-   TODO: check
+   NOT-FOR-US: Google Map Landkarten component for Joomla!
 CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for 
Joomla! ...)
NOT-FOR-US: Visual Calendar component for Joomla!
 CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! 
via the ...)
-   TODO: check
+   NOT-FOR-US: InviteX component for Joomla!
 CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in 
FFmpeg ...)
@@ -2308,17 +2308,17 @@ CVE-2018-6375
 CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux 
clients ...)
NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
 CVE-2018-6373 (SQL Injection exists in the Fastball 2.5 component for Joomla! 
via the ...)
-   TODO: check
+   NOT-FOR-US: Fastball component for Joomla!
 CVE-2018-6372 (SQL Injection exists in the JB Bus 2.3 component for Joomla! 
via the ...)
-   TODO: check
+   NOT-FOR-US: JB Bus component for Joomla!
 CVE-2018-6371
RESERVED
 CVE-2018-6370 (SQL Injection exists in the NeoRecruit 4.1 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: NeoRecruit component for Joomla!
 CVE-2018-6369
RESERVED
 CVE-2018-6368 (SQL Injection exists in the JomEstate PRO through 3.7 component 
for ...)
-   TODO: check
+   NOT-FOR-US: JomEstate PRO component for Joomla!
 CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 
2.9.9 ...)
NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
 CVE-2018-6366



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/85af1a2fa7ec6afdd49437b96a12f4be90505161

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/85af1a2fa7ec6afdd49437b96a12f4be90505161
You're receiving this email because of your account on salsa.debian.org.
___

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e91e723b by Salvatore Bonaccorso at 2018-02-13T22:45:58+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2,7 +2,7 @@ CVE-2018-6954 (systemd-tmpfiles in systemd through 237 
mishandles symlinks prese
- systemd 
NOTE: https://github.com/systemd/systemd/issues/7986
 CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a 
certain ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite 2
 CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in 
GNU patch ...)
- patch 
NOTE: https://savannah.gnu.org/bugs/index.php?53133
@@ -15,7 +15,7 @@ CVE-2018-6950
 CVE-2018-6949
RESERVED
 CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can 
cause a ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite 2
 CVE-2018-6947
RESERVED
 CVE-2018-6946
@@ -57,7 +57,7 @@ CVE-2018-6930 (A stack-based buffer over-read in the 
ComputeResizeImage function
 CVE-2018-6929
RESERVED
 CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection 
via a ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall News Website Script
 CVE-2018-166
RESERVED
 CVE-2018-165
@@ -152,7 +152,7 @@ CVE-2018-6912 (The decode_plane function in 
libavcodec/utvideodec.c in FFmpeg th
- libav 
NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
 CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech 
WebAccess ...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess
 CVE-2018-6910
RESERVED
 CVE-2018-6909
@@ -1964,9 +1964,9 @@ CVE-2018-6295
 CVE-2018-6294
RESERVED
 CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. 
...)
-   TODO: check
+   NOT-FOR-US: Saperion Web Client
 CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 
83166. ...)
-   TODO: check
+   NOT-FOR-US: Saperion Web Client
 CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail 
Gateway ...)
NOT-FOR-US: Kaspersky Secure Mail Gateway
 CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway 
version ...)
@@ -13958,7 +13958,7 @@ CVE-2018-1385
 CVE-2018-1384
RESERVED
 CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 
7.1, and ...)
-   TODO: check
+   NOT-FOR-US: AIX
 CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. 
This ...)
NOT-FOR-US: IBM API Connect
 CVE-2018-1381
@@ -15013,7 +15013,7 @@ CVE-2018-1216
 CVE-2018-1215
RESERVED
 CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local 
Windows ...)
-   TODO: check
+   NOT-FOR-US: EMC
 CVE-2018-1213
RESERVED
 CVE-2018-1212



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e91e723b014fa0fbdd9dc3e4f9af8f5a2c3e1900

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e91e723b014fa0fbdd9dc3e4f9af8f5a2c3e1900
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b8b88d5 by Salvatore Bonaccorso at 2018-02-12T22:45:53+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2,7 +2,7 @@ CVE-2018-6927 (The futex_requeue function in kernel/futex.c in 
the Linux kernel 
- linux 
NOTE: Fixed by: 
https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
 CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a 
server ...)
-   TODO: check
+   NOT-FOR-US: MISP
 CVE-2018-6925
RESERVED
 CVE-2018-6924
@@ -30,15 +30,15 @@ CVE-2018-6914
 CVE-2018-163
RESERVED
 CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a 
non-expiring ...)
-   TODO: check
+   NOT-FOR-US: Progress Sitefinity
 CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open 
redirect issue ...)
-   TODO: check
+   NOT-FOR-US: Progress Sitefinity
 CVE-2017-18177 (Progress Sitefinity 9.1 has XSS via the Last name, First name, 
and ...)
-   TODO: check
+   NOT-FOR-US: Progress Sitefinity
 CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file upload, because 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Progress Sitefinity
 CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management 
Template ...)
-   TODO: check
+   NOT-FOR-US: Progress Sitefinity
 CVE-2018-6913
RESERVED
 CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg 
through ...)
@@ -83,7 +83,7 @@ CVE-2018-6895
 CVE-2018-6894
RESERVED
 CVE-2018-6893 (controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL 
Injection: a ...)
-   TODO: check
+   NOT-FOR-US: FineCms
 CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An 
unauthenticated ...)
NOT-FOR-US: CloudMe
 CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via 
a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8b88d5d0f3eb188f3342a3a9b505623458c869

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b8b88d5d0f3eb188f3342a3a9b505623458c869
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
064a9d59 by Salvatore Bonaccorso at 2018-02-12T21:49:13+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -246,7 +246,7 @@ CVE-2018-6808
 CVE-2018-6807
RESERVED
 CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read 
arbitrary files ...)
-   TODO: check
+   NOT-FOR-US: Marked 2
 CVE-2018-6805
RESERVED
 CVE-2018-6804
@@ -1160,7 +1160,7 @@ CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 
2017.3.3 are vulnerable to a 
 CVE-2018-6507
RESERVED
 CVE-2018-6506 (Cross-Site Scripting (XSS) exists in the Add Forum feature in 
the ...)
-   TODO: check
+   NOT-FOR-US: miniBB
 CVE-2018-6505
RESERVED
 CVE-2018-6504
@@ -36100,13 +36100,13 @@ CVE-2017-11145 (In PHP before 5.6.31, 7.x before 
7.0.21, and 7.1.x before 7.1.7,
 CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and 
...)
- jenkins 
 CVE-2017-181 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated 
upload of ...)
-   TODO: check
+   NOT-FOR-US: ONOS
 CVE-2017-180 (Linux foundation ONOS 1.9.0 allows unauthenticated use of 
websockets. ...)
-   TODO: check
+   NOT-FOR-US: ONOS
 CVE-2017-179 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS. ...)
-   TODO: check
+   NOT-FOR-US: ONOS
 CVE-2017-178 (Linux foundation ONOS 1.9 is vulnerable to XSS in the 
device. ...)
-   TODO: check
+   NOT-FOR-US: ONOS
 CVE-2017-177
REJECTED
 CVE-2017-176
@@ -56412,7 +56412,7 @@ CVE-2017-4953
 CVE-2017-4952
RESERVED
 CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 
9.1.5) ...)
-   TODO: check
+   NOT-FOR-US: VMware AirWatch Console
 CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...)
NOT-FOR-US: VMware
 CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free 
vulnerability ...)
@@ -56420,7 +56420,7 @@ CVE-2017-4949 (VMware Workstation and Fusion contain a 
use-after-free vulnerabil
 CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon 
View ...)
NOT-FOR-US: VMware
 CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated 
...)
-   TODO: check
+   NOT-FOR-US: VMware Realize Automation
 CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) 
contain a ...)
NOT-FOR-US: VMware
 CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) 
contain a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/064a9d5937a40f435d7edd98c6bfa02255c257d8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/064a9d5937a40f435d7edd98c6bfa02255c257d8
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d93a434d by Salvatore Bonaccorso at 2018-02-10T10:57:56+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,14 +1,14 @@
 CVE-2018-6882
RESERVED
 CVE-2018-162 (WonderCMS version 2.4.0 contains a Stored Cross-Site 
Scripting on File ...)
-   TODO: check
+   NOT-FOR-US: WonderCMS
 CVE-2018-161 (ARM mbedTLS version development branch, 2.7.0 and earlier 
contains a ...)
- mbedtls 
NOTE: https://github.com/ARMmbed/mbedtls/issues/1356
 CVE-2018-160 (Sensu, Inc. Sensu Core version Before 1.2.0  before 
commit ...)
TODO: check
 CVE-2018-159 (ValidFormBuilder version 4.5.4 contains a PHP Object 
Injection ...)
-   TODO: check
+   NOT-FOR-US: ValidFormBuilder
 CVE-2018-6881
RESERVED
 CVE-2018-6880
@@ -580,9 +580,9 @@ CVE-2018-157 (Jenkins Credentials Binding Plugin 1.14 
and earlier masks pass
 CVE-2018-156 (Jenkins JUnit Plugin 1.23 and earlier processes XML external 
entities ...)
NOT-FOR-US: jenkins-plugin-junit
 CVE-2018-155 (Jenkins Android Lint Plugin 2.5 and earlier processes XML 
external ...)
-   TODO: check
+   NOT-FOR-US: Jenkins Android Lint Plugin
 CVE-2018-154 (Jenkins CCM Plugin 3.1 and earlier processes XML external 
entities in ...)
-   TODO: check
+   NOT-FOR-US: Jenkins CCM Plugin
 CVE-2018-153 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite 
Request ...)
TODO: check
 CVE-2018-152 (fmtlib version prior to version 4.1.0 (before commit ...)
@@ -607,11 +607,11 @@ CVE-2018-146 (NASA Pyblock version v1.0 - v1.3 
contains a CWE-502 vulnerabil
 CVE-2018-145 (NASA Singledop version v1.0 contains a CWE-502 vulnerability 
in NASA ...)
TODO: check
 CVE-2018-144 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 
contains a ...)
-   TODO: check
+   NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-143 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 
contains a ...)
-   TODO: check
+   NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-142 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 
contains a ...)
-   TODO: check
+   NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-141 (GNOME librsvg version before commit ...)
- librsvg 2.40.20-1
NOTE: Fixed by: 
https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
@@ -1481,7 +1481,7 @@ CVE-2018-130 (Python 2.7.14 is vulnerable to a 
Heap-Buffer-Overflow as well 
NOTE: where the 6401e56 commit was mostly reverted again.
NOTE: Needed: 
https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b
 CVE-2018-129 (mcholste Enterprise Log Search and Archive (ELSA) version 
revision ...)
-   TODO: check
+   NOT-FOR-US: mcholste Enterprise Log Search and Archive
 CVE-2018-126 (Linux Linux kernel version at least v4.8 onwards, probably 
well before ...)
- linux 
NOTE: https://patchwork.ozlabs.org/patch/859410/
@@ -1498,20 +1498,20 @@ CVE-2018-121 (GIT version 2.15.1 and earlier 
contains a Input Validation Err
NOTE: 
http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
NOTE: Terminal emulators need to perform proper escaping
 CVE-2018-120 (OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) 
...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-119 (OpenEMR version 5.0.0 contains a OS Command Injection 
vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site 
Scripting (XSS) ...)
-   TODO: check
+   NOT-FOR-US: Croogo
 CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) 
...)
- dolibarr 
NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
 CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross 
Site ...)
-   TODO: check
+   NOT-FOR-US: Invoice Plane
 CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting 
(XSS) ...)
TODO: check
 CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site 
Scripting ...)
-   TODO: check
+   NOT-FOR-US: Mautic
 CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted 
headers, a ...)
- pound  (bug #888786)
[wheezy] - pound  (Minor issue)
@@ -4246,9 +4246,9 @@ CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate 
memcpy arguments in the .
NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870
NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876
 CVE-2018-5307 (Multiple 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
18e624bf by Salvatore Bonaccorso at 2018-02-09T22:17:14+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,7 +5,7 @@ CVE-2018-6880
 CVE-2018-6879
RESERVED
 CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP 
Scripts ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
 CVE-2018-6877
RESERVED
 CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as 
used in ...)
@@ -122,11 +122,11 @@ CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 
1.8.2, when used to encrypt
 CVE-2018-6828
RESERVED
 CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 
certificates ...)
-   TODO: check
+   NOT-FOR-US: VOBOT CLOCK
 CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. 
...)
-   TODO: check
+   NOT-FOR-US: VOBOT CLOCK
 CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. 
An SSH ...)
-   TODO: check
+   NOT-FOR-US: VOBOT CLOCK
 CVE-2018-6824 (Cozy has XSS allowing remote attackers to obtain administrative 
access ...)
NOT-FOR-US: Cozy
 CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, 
the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18e624bfe015e28b4b7735590ac50a0a063b4339

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18e624bfe015e28b4b7735590ac50a0a063b4339
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2a8a2ef5 by Salvatore Bonaccorso at 2018-02-09T10:43:16+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -64428,7 +64428,7 @@ CVE-2017-1787
 CVE-2017-1786
RESERVED
 CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated 
remote ...)
-   TODO: check
+   NOT-FOR-US: IBM API Connect
 CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary 
files ...)
NOT-FOR-US: IBM Cognos Analytics
 CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change 
...)
@@ -64614,7 +64614,7 @@ CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 
transmits user credentials in pl
 CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that 
has ...)
NOT-FOR-US: IBM Integration Bus
 CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: IBM AIX
 CVE-2017-1691
RESERVED
 CVE-2017-1690
@@ -79856,9 +79856,9 @@ CVE-2016-6175 (Eval injection vulnerability in 
php-gettext 1.0.12 and earlier al
 CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision 
Power ...)
NOT-FOR-US: Inivision
 CVE-2016-6169 (Heap-based buffer overflow in Foxit Reader and PhantomPDF 
7.3.4.311 ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2016-6168 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 
7.3.4.311 ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 
0.67 ...)
- putty  (Windows-specific)
 CVE-2016-6166
@@ -117790,7 +117790,7 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal 
6.x before 6.35 and 7.x bef
NOTE: https://www.drupal.org/SA-CORE-2015-001
NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
 CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce 
plugin ...)
-   TODO: check
+   NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and 
related ...)
- mongodb  (unimportant)
NOTE: CVE for bundled version of pcre3 in mongodb
@@ -178851,7 +178851,7 @@ CVE-2012- (CRLF injection vulnerability in IBM 
Maximo Asset Management 7.x b
 CVE-2012-3332
RESERVED
 CVE-2012-3331 (IBM Sametime allows remote attackers to obtain sensitive 
information ...)
-   TODO: check
+   NOT-FOR-US: IBM Sametime
 CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before 
...)
NOT-FOR-US: IBM WebSphere Application Server
 CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 
through 9.21 ...)
@@ -181793,7 +181793,7 @@ CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 
7.1.2.7 and 8.x before 8.0.0
 CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote 
...)
NOT-FOR-US: IBM XIV Storage System Gen3
 CVE-2012-2166 (IBM XIV Storage System 2810-A14 and 2812-A14 devices before 
level ...)
-   TODO: check
+   NOT-FOR-US: IBM XIV Storage System
 CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 
8.0.0.3, ...)
NOT-FOR-US: IBM Rational ClearQuest
 CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 
and 8.x ...)
@@ -187210,7 +187210,7 @@ CVE-2011-4891
 CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 
allows ...)
NOT-FOR-US: IBM solidDB
 CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the 
...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-4888
RESERVED
 CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations 
Table in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a8a2ef5c906b638d208a64aa168e0d037bd9dc3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2a8a2ef5c906b638d208a64aa168e0d037bd9dc3
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
03c0fb9a by Salvatore Bonaccorso at 2018-02-07T22:40:12+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13546,7 +13546,7 @@ CVE-2018-1384
 CVE-2018-1383
RESERVED
 CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. 
This ...)
-   TODO: check
+   NOT-FOR-US: IBM API Connect
 CVE-2018-1381
RESERVED
 CVE-2018-1380
@@ -13578,7 +13578,7 @@ CVE-2018-1368
 CVE-2018-1367
RESERVED
 CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma 
Separated ...)
-   TODO: check
+   NOT-FOR-US: IBM Content Navigator
 CVE-2018-1365
RESERVED
 CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML 
External ...)
@@ -13909,7 +13909,7 @@ CVE-2017-17554 (A NULL pointer dereference (DoS) 
Vulnerability was found in the 
 CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an 
insecure parsing ...)
NOT-FOR-US: Dolphin Browser for Android
 CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 
6613 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine AD Manager Plus
 CVE-2018-1360
RESERVED
 CVE-2018-1359
@@ -14226,7 +14226,7 @@ CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in 
ucnv_u8.cpp in International .
 CVE-2017-17483
RESERVED
 CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha 
and ...)
-   TODO: check
+   NOT-FOR-US: OpenVMS
 CVE-2017-17481
RESERVED
 CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was 
discovered in the ...)
@@ -31239,7 +31239,7 @@ CVE-2017-12731 (A SQL Injection issue was discovered in 
OPW Fuel Management Syst
 CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO 
Versions ...)
NOT-FOR-US: mySCADA myPRO
 CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live 
Viewer ...)
-   TODO: check
+   NOT-FOR-US: Moxa SoftCMS Live Viewer
 CVE-2017-12728 (An Improper Privilege Management issue was discovered in 
SpiderControl ...)
NOT-FOR-US: SpiderControl SCADA Web Server
 CVE-2017-12727
@@ -31965,27 +31965,27 @@ CVE-2017-12475 (The AP4_Processor::Process function 
in Core/Ap4Processor.cpp in 
 CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in ...)
NOT-FOR-US: Bento4
 CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent 
attackers ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows 
context-dependent ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in 
CCN-lite before ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 
allows ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 
allows ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent 
attackers ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to 
have ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows 
context-dependent ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in 
CCN-lite ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12462
RESERVED
 CVE-2017-12461
@@ -32194,7 +32194,7 @@ CVE-2017-12414 (Format Factory 4.1.0 has a DLL 
Hijacking Vulnerability because a
 CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related 
to ...)
NOT-FOR-US: AXIS 2100 devices
 CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows 
context-dependent ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite
 CVE-2017-12411
RESERVED
 CVE-2017-12410
@@ -32446,9 +32446,9 @@ CVE-2017-12310
 CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) 
could allow ...)
NOT-FOR-US: Cisco
 CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business 
Managed ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2017-12307 (A vulnerability in the web framework of Cisco Small Business 
Managed ...)
-   TODO: check
+   

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31b1c66d by Salvatore Bonaccorso at 2018-02-07T10:30:57+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -32,7 +32,7 @@ CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP 
detection bypass vulnerab
 CVE-2018-6793
RESERVED
 CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 
allow ...)
-   TODO: check
+   NOT-FOR-US: Saifor CVMS HUB
 CVE-2018-6791 (An issue was discovered in 
soliduiserver/deviceserviceaction.cpp in KDE ...)
TODO: check
 CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. 
...)
@@ -40,47 +40,47 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma 
Workspace before 5.12.0. ..
 CVE-2018-6789
RESERVED
 CVE-2018-6788 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6787 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6786 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6785 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6784 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6783 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6782 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6781 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6780 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6779 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6778 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6777 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) 
allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6776 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6775 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KrnlCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6774 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6773 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6772 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KrnlCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6771 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KrnlCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6770 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KrnlCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KrnlCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file 
(KSysCall.sys) allows ...)
-   TODO: check
+   NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6766
RESERVED
 CVE-2018-6765
@@ -566,7 +566,7 @@ CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap 
3.0.0.1 component for Joo
 CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for 
Joomla! ...)
NOT-FOR-US: Zh YandexMap component for Joomla!
 CVE-2018-6603 (Promise Technology WebPam Pro-E devices allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Promise Technology WebPam Pro-E devices
 CVE-2018-6602
RESERVED
 CVE-2018-6601



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31b1c66d6ff50dc419debac3d0e4ebeb41503724

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31b1c66d6ff50dc419debac3d0e4ebeb41503724
You're receiving this email because of 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31ae5e14 by Salvatore Bonaccorso at 2018-02-06T11:01:53+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -235,9 +235,9 @@ CVE-2018-6611 (soundlib/Load_stp.cpp in OpenMPT through 
1.27.04.00, and libopenm
[stretch] - libopenmpt  (Vulnerable code not present)
NOTE: 
https://github.com/OpenMPT/openmpt/commit/61fc6d3030a4d4283105cb5fb46b27b42fa5575e
 CVE-2018-6610 (Information Leakage exists in the jLike 1.0 component for 
Joomla! via a ...)
-   TODO: check
+   NOT-FOR-US: jLike component for Joomla!
 CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: JSP Tickets component for Joomla!
 CVE-2018-6608
RESERVED
 CVE-2018-6607
@@ -245,9 +245,9 @@ CVE-2018-6607
 CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. 
Improper ...)
NOT-FOR-US: MalwareFox AntiMalware
 CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Zh BaiduMap component for Joomla!
 CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Zh YandexMap component for Joomla!
 CVE-2018-6603
RESERVED
 CVE-2018-6602
@@ -322,7 +322,7 @@ CVE-2018-6584
 CVE-2018-6583
RESERVED
 CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Zh GoogleMap component for Joomla!
 CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for 
Joomla! via a ...)
NOT-FOR-US: JMS Music component for Joomla!
 CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 
component ...)
@@ -348,7 +348,7 @@ CVE-2018-6571
 CVE-2018-6570
RESERVED
 CVE-2018-6569 (West Wind Web Server 6.x does not require autheentication for 
...)
-   TODO: check
+   NOT-FOR-US: West Wind Web Server
 CVE-2018-6568
RESERVED
 CVE-2018-6567



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ae5e146afc1decfaab3e048dfaf806901b1857

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ae5e146afc1decfaab3e048dfaf806901b1857
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a2d658f by Salvatore Bonaccorso at 2018-02-05T22:12:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,29 +15,29 @@ CVE-2018-6637
 CVE-2018-6636
RESERVED
 CVE-2018-6635 (System Manager in Avaya Aura before 7.1.2 does not properly use 
SSL in ...)
-   TODO: check
+   NOT-FOR-US: System Manager in Avaya Aura
 CVE-2018-6634
RESERVED
 CVE-2018-6633 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6632 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6631 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6630 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6629 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6628 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6627 (In WatchDog Anti-Malware 2.74.186.150, the driver file 
(ZAMGUARD32.SYS) ...)
-   TODO: check
+   NOT-FOR-US: WatchDog Anti-Malware
 CVE-2018-6626 (In Micropoint proactive defense software 2.0.20266.0146, the 
driver ...)
-   TODO: check
+   NOT-FOR-US: Micropoint proactive defense software
 CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file 
(ZAMGUARD32.SYS) ...)
-   TODO: check
+   NOT-FOR-US: WatchDog Anti-Malware
 CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to 
bypass ...)
-   TODO: check
+   NOT-FOR-US: OMRON NS devices
 CVE-2018-6623
RESERVED
 CVE-2018-158



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a2d658fc8609d2b754cfa901af6b05c8f5661e4

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a2d658fc8609d2b754cfa901af6b05c8f5661e4
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
12ed7ff3 by Salvatore Bonaccorso at 2018-02-03T15:04:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -65,7 +65,7 @@ CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 
3.0.0 component for Jo
 CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component 
for ...)
NOT-FOR-US: JEXTN Membership component for Joomla!
 CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id 
...)
-   TODO: check
+   NOT-FOR-US: Event Manager
 CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component 
for ...)
NOT-FOR-US: JEXTN Membership component for Joomla!
 CVE-2018-6574
@@ -143,7 +143,7 @@ CVE-2018-6547
 CVE-2018-6546
RESERVED
 CVE-2018-6545 (Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site 
Scripting ...)
-   TODO: check
+   NOT-FOR-US: Ipswitch MoveIt
 CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 
could ...)
- mupdf 
NOTE: 
http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
@@ -826,9 +826,9 @@ CVE-2018-6321
 CVE-2018-6320
RESERVED
 CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a 
special ...)
-   TODO: check
+   NOT-FOR-US: Sophos Tester Tool
 CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the 
context ...)
-   TODO: check
+   NOT-FOR-US: Sophos Tester Tool
 CVE-2018-6317 (The remote management interface in Claymore Dual Miner 10.5 and 
...)
TODO: check
 CVE-2018-6316
@@ -15039,7 +15039,7 @@ CVE-2017-17110 (Techno Portfolio Management Panel 1.0 
allows an attacker to inje
 CVE-2017-17109
RESERVED
 CVE-2017-17108 (Path traversal vulnerability in the administrative panel in 
KonaKart ...)
-   TODO: check
+   NOT-FOR-US: KonaKart eCommerce Platform
 CVE-2017-17107 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a 
hard-coded ...)
NOT-FOR-US: Zivif web cameras
 CVE-2017-17106 (Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can 
be ...)
@@ -18103,7 +18103,7 @@ CVE-2017-16863 (The PieChart gadget in Atlassian Jira 
before version 7.5.3 allow
 CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before 
version ...)
NOT-FOR-US: Atlassian Jira
 CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect 
action ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-16860
RESERVED
 CVE-2017-16859



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12ed7ff3ae5fbc783b9973393d8bfdefe3064294

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12ed7ff3ae5fbc783b9973393d8bfdefe3064294
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4919e4b by Salvatore Bonaccorso at 2018-02-02T23:11:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,19 +7,19 @@ CVE-2018-6583
 CVE-2018-6582
RESERVED
 CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for 
Joomla! via a ...)
-   TODO: check
+   NOT-FOR-US: JMS Music component for Joomla!
 CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 
component ...)
-   TODO: check
+   NOT-FOR-US: Jimtawl component for Joomla!
 CVE-2018-6579 (SQL Injection exists in the JEXTN Reverse Auction 3.1.0 
component for ...)
-   TODO: check
+   NOT-FOR-US: JEXTN Reverse Auction component for Joomla!
 CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 3.0.0 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: JE PayperVideo component for Joomla!
 CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component 
for ...)
-   TODO: check
+   NOT-FOR-US: JEXTN Membership component for Joomla!
 CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id 
...)
TODO: check
 CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component 
for ...)
-   TODO: check
+   NOT-FOR-US: JEXTN Membership component for Joomla!
 CVE-2018-6574
RESERVED
 CVE-2018-6573
@@ -77,7 +77,7 @@ CVE-2018-6551 (The malloc implementation in the GNU C Library 
(aka glibc or libc
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774
NOTE: Fixed by: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
 CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2017-18122 (A signature-validation bypass issue was discovered in 
SimpleSAMLphp ...)
- simplesamlphp 1.15.0-1
NOTE: https://simplesamlphp.org/security/201710-01
@@ -120,7 +120,7 @@ CVE-2018-6539
 CVE-2018-6538
RESERVED
 CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of 
Flexense ...)
-   TODO: check
+   NOT-FOR-US: Flexense SyncBreeze Enterprise
 CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon 
creates ...)
- icinga2 
[stretch] - icinga2  (Minor issue)
@@ -245,7 +245,7 @@ CVE-2018-6488
 CVE-2018-6487
RESERVED
 CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify 
Audit ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Fortify Audit Workbench
 CVE-2017-18119
RESERVED
 CVE-2017-18118
@@ -313,19 +313,19 @@ CVE-2017-18088
 CVE-2017-18087
RESERVED
 CVE-2017-18086 (Various resources in Atlassian Confluence Server before 
version 6.4.2 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Confluence
 CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence 
Server ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Confluence
 CVE-2017-18084 (The usermacros resource in Atlassian Confluence Server before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Confluence
 CVE-2017-18083 (The editinword resource in Atlassian Confluence Server before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Confluence
 CVE-2017-18082 (The plan configure branches resource in Atlassian Bamboo 
before ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bamboo
 CVE-2017-18081 (The signupUser resource in Atlassian Bamboo before version 
6.3.1 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bamboo
 CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bamboo
 CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign 
in ...)
[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
- glibc  (bug #878159)
@@ -2212,23 +2212,23 @@ CVE-2018-5752
 CVE-2018-5751
RESERVED
 CVE-2017-18042 (The update user administration resource in Atlassian Bamboo 
before ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bamboo
 CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in 
Atlassian Bamboo ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bamboo
 CVE-2017-18040 (The viewDeploymentVersionCommits resource in Atlassian Bamboo 
before ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bamboo
 CVE-2017-18039 (The IncomingMailServers resource in Atlassian Jira from 
version 6.2.1 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Jira
 CVE-2017-18038 (The repository settings resource in Atlassian Bitbucket Server 
before ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Bitbucket
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
065d3af6 by Salvatore Bonaccorso at 2018-02-02T10:12:14+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -47,13 +47,13 @@ CVE-2018-6527
 CVE-2018-6526
RESERVED
 CVE-2018-6525 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) 
allows ...)
-   TODO: check
+   NOT-FOR-US: nProtect AVS
 CVE-2018-6524 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) 
allows ...)
-   TODO: check
+   NOT-FOR-US: nProtect AVS
 CVE-2018-6523 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKFsAv.SYS) 
allows ...)
-   TODO: check
+   NOT-FOR-US: nProtect AVS
 CVE-2018-6522 (In nProtect AVS V4.0 4.0.0.38, the driver file (TKRgFtXp.SYS) 
allows ...)
-   TODO: check
+   NOT-FOR-US: nProtect AVS
 CVE-2017-18120
RESERVED
 CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the 
MySQL ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/065d3af68f7ee16a9513ff0355f757b62c730981

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/065d3af68f7ee16a9513ff0355f757b62c730981
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
23db7d7a by Salvatore Bonaccorso at 2018-01-31T22:19:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,23 +1,23 @@
 CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to 
a ...)
-   TODO: check
+   NOT-FOR-US: CCN-lite 2
 CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
-   TODO: check
+   NOT-FOR-US: Netwave IP Camera devices
 CVE-2018-6478
RESERVED
 CVE-2018-6477
RESERVED
 CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the 
SASKUTIL.SYS ...)
-   TODO: check
+   NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, 
SUPERAntiSpyware.exe ...)
-   TODO: check
+   NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver 
file ...)
-   TODO: check
+   NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver 
file ...)
-   TODO: check
+   NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver 
file ...)
-   TODO: check
+   NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver 
file ...)
-   TODO: check
+   NOT-FOR-US: SUPERAntiSpyware Professional Trial
 CVE-2018-6470
RESERVED
 CVE-2018-6469
@@ -29,7 +29,7 @@ CVE-2018-6467
 CVE-2018-6466
RESERVED
 CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via 
the ...)
-   TODO: check
+   NOT-FOR-US: PropertyHive plugin for WordPress
 CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert 
in a ...)
TODO: check
 CVE-2018-6463
@@ -199,7 +199,7 @@ CVE-2018-6386
 CVE-2018-6385
RESERVED
 CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before 
...)
-   TODO: check
+   NOT-FOR-US: NSClient++
 CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete forbidden 
types list that ...)
NOT-FOR-US: Monstra CMS
 CVE-2018-6382 (MantisBT 2.10.0 allows local users to conduct SQL Injection 
attacks via ...)
@@ -2010,7 +2010,7 @@ CVE-2018-5703 (The tcp_v6_syn_recv_sock function in 
net/ipv6/tcp_ipv6.c in the L
 CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has 
XSS via the ...)
NOT-FOR-US: download-manager plugin for WordPress
 CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the 
amp.sys ...)
-   TODO: check
+   NOT-FOR-US: Iolo System Shield AntiVirus and AntiSpyware
 CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
NOT-FOR-US: Winmail Server
 CVE-2018-5699
@@ -16739,7 +16739,7 @@ CVE-2018-0138
 CVE-2018-0137
RESERVED
 CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software 
Release ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0135
RESERVED
 CVE-2018-0134
@@ -16809,7 +16809,7 @@ CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco 
WebEx Network Recording 
 CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could 
allow an ...)
NOT-FOR-US: Cisco
 CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN 
functionality of ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect 
Secure ...)
NOT-FOR-US: Cisco
 CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 
Network ...)
@@ -16943,7 +16943,7 @@ CVE-2017-16947
 CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php 
in MISP ...)
NOT-FOR-US: MISP
 CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac 
allows ...)
-   TODO: check
+   NOT-FOR-US: standardrestorer binary in Arq
 CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error 
exists ...)
- libsndfile 1.0.27-1
[jessie] - libsndfile  (Minor issue)
@@ -17024,7 +17024,7 @@ CVE-2017-16930 (The remote management interface on the 
Claymore Dual GPU miner 1
 CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 
10.1 is ...)
NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
 CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows 
local ...)
-   TODO: check
+   NOT-FOR-US: arq_updater binary in Arq
 CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in 
the session ...)
{DLA-1203-1}
- xrdp 0.9.4-3 (bug 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1b6777eb by Salvatore Bonaccorso at 2018-01-29T22:44:51+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,17 +1,17 @@
 CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection 
via the ...)
-   TODO: check
+   NOT-FOR-US: FreePBX
 CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in 
FFmpeg ...)
TODO: check
 CVE-2018-6391 (A cross-site request forgery web vulnerability has been 
discovered on ...)
-   TODO: check
+   NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 
10.1.0.7106 ...)
-   TODO: check
+   NOT-FOR-US: Kingsoft WPS Office
 CVE-2018-6389
RESERVED
 CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow 
remote ...)
-   TODO: check
+   NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
 CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a 
hardcoded ...)
-   TODO: check
+   NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
 CVE-2018-6386
RESERVED
 CVE-2018-6385
@@ -19,7 +19,7 @@ CVE-2018-6385
 CVE-2018-6384
RESERVED
 CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete forbidden 
types list that ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-6382
RESERVED
 CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by 
invalid ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b6777eb24a9c4c7c0fdbd84df64b43f2e6c9c01

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b6777eb24a9c4c7c0fdbd84df64b43f2e6c9c01
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
652c913e by Salvatore Bonaccorso at 2018-01-29T20:42:40+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19,9 +19,9 @@ CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy 
Zone Facebook Clone 2
 CVE-2018-6366
RESERVED
 CVE-2018-6365 (SQL Injection exists in TSiteBuilder 1.0 via the id parameter 
to ...)
-   TODO: check
+   NOT-FOR-US: TSiteBuilder
 CVE-2018-6364 (SQL Injection exists in Multilanguage Real Estate MLM Script 
through ...)
-   TODO: check
+   NOT-FOR-US: Multilanguage Real Estate MLM Script
 CVE-2018-6363 (SQL Injection exists in Task Rabbit Clone 1.0 via the 
single_blog.php ...)
NOT-FOR-US: Task Rabbit Clone
 CVE-2017-18079 (drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 
allows ...)
@@ -1678,7 +1678,7 @@ CVE-2018-5722
 CVE-2018-5721 (Stack-based buffer overflow in the ej_update_variables function 
in ...)
NOT-FOR-US: ASUS routers
 CVE-2018-5720 (An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini 
Wireless ...)
-   TODO: check
+   NOT-FOR-US: DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend 
RTN2-AW.GD.R3465.1.20161103 devices
 CVE-2018-5719
RESERVED
 CVE-2018-5718



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/652c913e2b789925cb88a0d04b1ec90ed557b826

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/652c913e2b789925cb88a0d04b1ec90ed557b826
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8bcb60d6 by Salvatore Bonaccorso at 2018-01-29T11:15:44+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,7 +15,7 @@ CVE-2018-6369
 CVE-2018-6368
RESERVED
 CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 
2.9.9 ...)
-   TODO: check
+   NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
 CVE-2018-6366
RESERVED
 CVE-2018-6365 (SQL Injection exists in TSiteBuilder 1.0 via the id parameter 
to ...)
@@ -23,7 +23,7 @@ CVE-2018-6365 (SQL Injection exists in TSiteBuilder 1.0 via 
the id parameter to 
 CVE-2018-6364 (SQL Injection exists in Multilanguage Real Estate MLM Script 
through ...)
TODO: check
 CVE-2018-6363 (SQL Injection exists in Task Rabbit Clone 1.0 via the 
single_blog.php ...)
-   TODO: check
+   NOT-FOR-US: Task Rabbit Clone
 CVE-2017-18079 (drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 
allows ...)
- linux 4.12.6-1
[stretch] - linux 4.9.47-1
@@ -907,9 +907,9 @@ CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote 
attackers could obtain
 CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function 
in ...)
NOT-FOR-US: Yii Framework
 CVE-2018-6008 (Arbitrary File Download exists in the Jtag Members Directory 
5.3.7 ...)
-   TODO: check
+   NOT-FOR-US: Jtag Members Directory component for Joomla!
 CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for 
Joomla! and ...)
-   TODO: check
+   NOT-FOR-US: Support Ticket component for Joomla!
 CVE-2018-6006
RESERVED
 CVE-2018-6005



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bcb60d6c69b7efd741d8c66cc83b91c98742107

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8bcb60d6c69b7efd741d8c66cc83b91c98742107
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d935cc0c by Salvatore Bonaccorso at 2018-01-28T10:13:51+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,13 +5,13 @@ CVE-2018-6359 (The decompileIF function (util/decompile.c) in 
libming through 0.
 CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming 
through 0.4.8 ...)
TODO: check
 CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the 
...)
-   TODO: check
+   NOT-FOR-US: acurax-social-media-widget plugin for WordPress
 CVE-2018-6356
RESERVED
 CVE-2018-6355
RESERVED
 CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 
allows XSS ...)
-   TODO: check
+   NOT-FOR-US: Formspree
 CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 
3.0.5 ...)
TODO: check
 CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d935cc0c72747c18d73626487e6c29ccff32f479

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d935cc0c72747c18d73626487e6c29ccff32f479
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fac68fe5 by Salvatore Bonaccorso at 2018-01-27T10:46:11+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -329,12 +329,12 @@ CVE-2018-6195
 CVE-2018-6194
RESERVED
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in 
Routers2 2.24, ...)
-   TODO: check
+   NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
- mupdf  (bug #888487)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 
1.0.2 has an ...)
-   TODO: check
+   NOT-FOR-US: MuJS
 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description 
field on ...)
NOT-FOR-US: Netis WF2419 V3.2.41381 devices
 CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and 
earlier ...)
@@ -915,7 +915,7 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 
3.0.0.4.384_10007. In t
 CVE-2018-5998
RESERVED
 CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub 
...)
-   TODO: check
+   NOT-FOR-US: RAVPower Filehub
 CVE-2018-107 (libcurl 7.1 through 7.57.0 might accidentally leak 
authentication data ...)
{DSA-4098-1}
- curl 7.58.0-1
@@ -973,7 +973,7 @@ CVE-2018-5975
 CVE-2018-5974
RESERVED
 CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 
via ...)
-   TODO: check
+   NOT-FOR-US: Professional Local Directory Script
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the 
...)
NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
@@ -991,11 +991,11 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS 
via the Description par
 CVE-2018-5966
RESERVED
 CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in 
admin/moduleinterface.php via ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php 
via the ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 
through ...)
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 
v0.9.8.12 has ...)
@@ -1024,7 +1024,7 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote 
attackers to cause a de
NOTE: 
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
 CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a 
denial ...)
-   TODO: check
+   NOT-FOR-US: phpFreeChat
 CVE-2018-5953
RESERVED
 CVE-2018-5952
@@ -1477,7 +1477,7 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related 
to vCenter access was f
 CVE-2018-5760
RESERVED
 CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly 
maintain the ...)
-   TODO: check
+   NOT-FOR-US: MuJS
 CVE-2018-5758
RESERVED
 CVE-2018-5757
@@ -2216,15 +2216,15 @@ CVE-2018-5449
 CVE-2018-5448
RESERVED
 CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari 
PCS-9611 ...)
-   TODO: check
+   NOT-FOR-US: Nari PCS-9611 relay
 CVE-2018-5446
RESERVED
 CVE-2018-5445 (A Path Traversal issue was discovered in Advantech 
WebAccess/SCADA ...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5444
RESERVED
 CVE-2018-5443 (A SQL Injection issue was discovered in Advantech 
WebAccess/SCADA ...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5442
RESERVED
 CVE-2018-5441
@@ -3807,11 +3807,11 @@ CVE-2018-4839
 CVE-2018-4838
RESERVED
 CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic 
 ...)
-   TODO: check
+   NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic 
 ...)
-   TODO: check
+   NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic 
 ...)
-   TODO: check
+   NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4834 (A vulnerability has been identified in Desigo Automation 
Controllers ...)
NOT-FOR-US: Desigo
 CVE-2018-4833
@@ -6104,7 +6104,7 @@ CVE-2017-17978
 CVE-2017-17977
RESERVED
 CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eeb1bbd2 by Salvatore Bonaccorso at 2018-01-27T10:35:02+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -816,7 +816,7 @@ CVE-2018-6017 (Unencrypted transmission of images in Tinder 
iOS app and Tinder .
 CVE-2018-6016
RESERVED
 CVE-2018-6015 (An issue was discovered in the Email Subscribers  
Newsletters ...)
-   TODO: check
+   NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from 
domain=* Flash ...)
NOT-FOR-US: Subsonic
 CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote 
users to ...)
@@ -20858,7 +20858,7 @@ CVE-2017-15548 (An issue was discovered in EMC Avamar 
Server 7.1.x, 7.2.x, 7.3.x
 CVE-2017-15547
RESERVED
 CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1 
P6 and ...)
-   TODO: check
+   NOT-FOR-US: EMC RSA Authentication Manager
 CVE-2017-15545
REJECTED
 CVE-2017-15544
@@ -56900,7 +56900,7 @@ CVE-2017-3770 (Privilege escalation vulnerability in 
LXCA versions earlier than 
 CVE-2017-3769
RESERVED
 CVE-2017-3768 (An unprivileged attacker with connectivity to the IMM2 could 
cause a ...)
-   TODO: check
+   NOT-FOR-US: IBM System x / IMM2
 CVE-2017-3767 (A local privilege escalation vulnerability was identified in 
the ...)
NOT-FOR-US: Lenovo
 CVE-2017-3766
@@ -62859,7 +62859,7 @@ CVE-2017-1655
 CVE-2017-1654
RESERVED
 CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle 
Management ...)
-   TODO: check
+   NOT-FOR-US: IBM Jazz Foundation
 CVE-2017-1652
RESERVED
 CVE-2017-1651
@@ -63031,7 +63031,7 @@ CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 
contains an unspecified ...)
 CVE-2017-1568
RESERVED
 CVE-2017-1567 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site 
...)
-   TODO: check
+   NOT-FOR-US: IBM Doors Web Access
 CVE-2017-1566
RESERVED
 CVE-2017-1565
@@ -63039,7 +63039,7 @@ CVE-2017-1565
 CVE-2017-1564
RESERVED
 CVE-2017-1563 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site 
...)
-   TODO: check
+   NOT-FOR-US: IBM Doors Web Access
 CVE-2017-1562
RESERVED
 CVE-2017-1561
@@ -63075,7 +63075,7 @@ CVE-2017-1547
 CVE-2017-1546 (IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is 
vulnerable ...)
NOT-FOR-US: IBM DOORS Next Generation
 CVE-2017-1545 (IBM Doors Web Access 9.5 and 9.6 could allow an attacker with 
physical ...)
-   TODO: check
+   NOT-FOR-US: IBM Doors Web Access
 CVE-2017-1544
RESERVED
 CVE-2017-1543
@@ -63085,7 +63085,7 @@ CVE-2017-1542
 CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and 
updatep ...)
NOT-FOR-US: IBM
 CVE-2017-1540 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site 
...)
-   TODO: check
+   NOT-FOR-US: IBM Doors Web Access
 CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to 
...)
NOT-FOR-US: IBM
 CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for 
Multi-Platform ...)
@@ -63101,7 +63101,7 @@ CVE-2017-1534 (IBM Security Access Manager Appliance 
8.0.0 and 9.0.0 could allow
 CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to 
...)
NOT-FOR-US: IBM Security Access Manager Appliance
 CVE-2017-1532 (IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. 
This ...)
-   TODO: check
+   NOT-FOR-US: IBM DOORS
 CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to 
...)
NOT-FOR-US: IBM
 CVE-2017-1530 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to 
...)
@@ -63133,9 +63133,9 @@ CVE-2017-1518
 CVE-2017-1517
RESERVED
 CVE-2017-1516 (IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker 
to ...)
-   TODO: check
+   NOT-FOR-US: IBM Doors Web Access
 CVE-2017-1515 (IBM Doors Web Access 9.5 and 9.6 could allow an authenticated 
user to ...)
-   TODO: check
+   NOT-FOR-US: IBM Doors Web Access
 CVE-2017-1514
RESERVED
 CVE-2017-1513
@@ -63153,7 +63153,7 @@ CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could 
allow a local user logged 
 CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive 
information ...)
NOT-FOR-US: IBM Jazz Foundation Products
 CVE-2017-1506 (IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site 
scripting. ...)
-   TODO: check
+   NOT-FOR-US: IBM Cognos TM1
 CVE-2017-1505
RESERVED
 CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide 
weaker ...)
@@ -63607,7 +63607,7 @@ CVE-2017-1281
 CVE-2017-1280
RESERVED
 CVE-2017-1279 (IBM 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
faa484af by Salvatore Bonaccorso at 2018-01-26T10:56:13+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27,9 +27,9 @@ CVE-2018-6315 (The outputSWF_TEXT_RECORD function 
(util/outputscript.c) in libmi
 CVE-2018-6314
RESERVED
 CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote ...)
-   TODO: check
+   NOT-FOR-US: WBCE CMS
 CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 
does not ...)
-   TODO: check
+   NOT-FOR-US: Biscom Secure File Transfer
 CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, 
users with ...)
NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2017-1000468
@@ -37,7 +37,7 @@ CVE-2017-1000468
 CVE-2017-1000464
REJECTED
 CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a 
division ...)
-   TODO: check
+   NOT-FOR-US: ImpulseAdventure JPEGsnoop
 CVE-2018-6312
RESERVED
 CVE-2018-6311
@@ -263,7 +263,7 @@ CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the 
driver file (econceal.sys)
 CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
NOT-FOR-US: eScan Antivirus
 CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect 
via the ...)
-   TODO: check
+   NOT-FOR-US: vBulletin
 CVE-2018-6199
RESERVED
 CVE-2018-6195



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/faa484af26f1feff2b44ed7359a2d24ee9283303

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/faa484af26f1feff2b44ed7359a2d24ee9283303
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1dc06687 by Salvatore Bonaccorso at 2018-01-25T10:20:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-6310
 CVE-2018-6309
RESERVED
 CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 
6.5.26 and ...)
-   TODO: check
+   NOT-FOR-US: SugarCRM
 CVE-2018-6307
RESERVED
 CVE-2018-6306
@@ -189,7 +189,7 @@ CVE-2018-6219
 CVE-2018-6218
RESERVED
 CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft 
WPS ...)
-   TODO: check
+   NOT-FOR-US: Kingsoft WPS Office
 CVE-2018-6216
RESERVED
 CVE-2018-6215
@@ -205,23 +205,23 @@ CVE-2018-6211
 CVE-2018-6210
RESERVED
 CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(MaxCryptMon.sys) ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file 
(SDActMon.sys) ...)
-   TODO: check
+   NOT-FOR-US: Max Secure Anti Virus
 CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
-   TODO: check
+   NOT-FOR-US: eScan Antivirus
 CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
-   TODO: check
+   NOT-FOR-US: eScan Antivirus
 CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file 
(econceal.sys) ...)
-   TODO: check
+   NOT-FOR-US: eScan Antivirus
 CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect 
via the ...)
TODO: check
 CVE-2018-6199
@@ -237,7 +237,7 @@ CVE-2018-6192 (In Artifex MuPDF 1.12.0, the 
pdf_read_new_xref function in ...)
 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 
1.0.2 has an ...)
TODO: check
 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description 
field on ...)
-   TODO: check
+   NOT-FOR-US: Netis WF2419 V3.2.41381 devices
 CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and 
earlier ...)
TODO: check
 CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94 
(inclusive); 2.89.1 ...)
@@ -245,7 +245,7 @@ CVE-2017-1000503 (A race condition during Jenkins 2.81 
through 2.94 (inclusive);
 CVE-2017-1000502 (Users with permission to create or configure agents in 
Jenkins 1.37 ...)
TODO: check
 CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 
2017-07-30 is ...)
-   TODO: check
+   NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
 CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when 
the ...)
- w3m  (bug #888097; unimportant)
NOTE: 
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
@@ -810,7 +810,7 @@ CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 
and 2.9.x through 2.9.3
NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
NOTE: 
https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
 CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description 
parameter ...)
-   TODO: check
+   NOT-FOR-US: Netis WF2419 V2.2.36123 devices
 CVE-2018-5966
RESERVED
 CVE-2018-5965



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dc06687257008717df0e141e1656bd9651c9263

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dc06687257008717df0e141e1656bd9651c9263
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c857635 by Salvatore Bonaccorso at 2018-01-23T21:49:18+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-6029 (The copy function in application/admin/controller/Article.php 
in ...)
-   TODO: check
+   NOT-FOR-US: NoneCms
 CVE-2018-6028
RESERVED
 CVE-2018-6027
@@ -13,7 +13,7 @@ CVE-2018-6024
 CVE-2018-6023
RESERVED
 CVE-2018-6022 (Directory traversal vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: NoneCms
 CVE-2018-6021
RESERVED
 CVE-2018-6020
@@ -31,15 +31,15 @@ CVE-2018-6015
 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from 
domain=* Flash ...)
TODO: check
 CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote 
users to ...)
-   TODO: check
+   NOT-FOR-US: BigTree CMS
 CVE-2018-6012
RESERVED
 CVE-2018-6011
RESERVED
 CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could 
obtain ...)
-   TODO: check
+   NOT-FOR-US: Yii Framework
 CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function 
in ...)
-   TODO: check
+   NOT-FOR-US: Yii Framework
 CVE-2018-6008
RESERVED
 CVE-2018-6007
@@ -101,9 +101,9 @@ CVE-2017-18051
 CVE-2017-18050
RESERVED
 CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x 
before ...)
-   TODO: check
+   NOT-FOR-US: SilverStripe
 CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, 
which leads ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID 
comparison logic ...)
TODO: check
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser 
resulting ...)
@@ -115,13 +115,13 @@ CVE-2018-6003 (An issue was discovered in the 
_asn1_decode_simple_ber function i
NOTE: Affected function introduced in: 
http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9
 (libtasn1_4_3)
NOTE: Fixed by: 
http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97
 (libtasn1_4_13)
 CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress 
has ...)
-   TODO: check
+   NOT-FOR-US: Soundy Background Music plugin for WordPress
 CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress 
has ...)
-   TODO: check
+   NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
 CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. 
The ...)
-   TODO: check
+   NOT-FOR-US: AsusWRT
 CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In 
the ...)
-   TODO: check
+   NOT-FOR-US: AsusWRT
 CVE-2018-5998
RESERVED
 CVE-2018-5997
@@ -197,27 +197,27 @@ CVE-2018-5964
 CVE-2018-5963
RESERVED
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 
through ...)
-   TODO: check
+   NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 
v0.9.8.12 has ...)
-   TODO: check
+   NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input 
field of ...)
TODO: check
 CVE-2018-5959
RESERVED
 CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
-   TODO: check
+   NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
-   TODO: check
+   NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
-   TODO: check
+   NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User 
controlled ...)
TODO: check
 CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows 
remote FTP ...)
TODO: check
 CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 
12.02-01121 ...)
-   TODO: check
+   NOT-FOR-US: Dasan GPON ONT WiFi Router devices
 CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to 
execute ...)
-   TODO: check
+   NOT-FOR-US: pfSense
 CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a 
denial of ...)
TODO: check
 CVE-2018-5954



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb

---
View it on GitLab: 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1b62055e by Salvatore Bonaccorso at 2018-01-19T22:16:49+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10516,7 +10516,7 @@ CVE-2018-1364
 CVE-2018-1363
RESERVED
 CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 
7.0.1 ...)
-   TODO: check
+   NOT-FOR-US: IBM Curam Social Program Management
 CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
NOT-FOR-US: IBM WebSphere Portal
 CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 
0xb3702c04 ...)
@@ -23949,13 +23949,13 @@ CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a 
PID file after dropping ..
 CVE-2017-14101 (A security researcher found an XML External Entity (XXE) 
vulnerability ...)
NOT-FOR-US: Conserus Image Repository
 CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart 
...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend 
Micro Smart ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server 
(Standalone) ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server 
(Standalone) ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro 
ScanMail for ...)
NOT-FOR-US: Trend Micro ScanMail for Exchange
 CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for 
Exchange ...)
@@ -23979,7 +23979,7 @@ CVE-2017-14084 (A potential Man-in-the-Middle (MitM) 
attack vulnerability in Tre
 CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows 
remote ...)
NOT-FOR-US: Trend Micro
 CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability 
in Trend ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile 
Security ...)
NOT-FOR-US: Trend Micro Mobile Security
 CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile 
Security ...)
@@ -31844,7 +31844,7 @@ CVE-2017-11399 (Integer overflow in the 
ape_decode_frame function in ...)
NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0
NOTE: Fixed in 3.2.7
 CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend 
Micro ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro 
Encryption for ...)
NOT-FOR-US: Trend Micro
 CVE-2017-11396 (Vulnerability issues with the web service inspection of input 
...)
@@ -61189,7 +61189,7 @@ CVE-2017-1695
 CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in 
plain ...)
NOT-FOR-US: IBM Integration Bus
 CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that 
has ...)
-   TODO: check
+   NOT-FOR-US: IBM Integration Bus
 CVE-2017-1692
RESERVED
 CVE-2017-1691
@@ -99846,11 +99846,11 @@ CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 
4.1.1.4 and 4.2.x before 4.2.0.
 CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 
7.5.0.9 ...)
NOT-FOR-US: IBM
 CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational 
Engineering ...)
-   TODO: check
+   NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational 
Engineering ...)
-   TODO: check
+   NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 
iFix7 ...)
-   TODO: check
+   NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7483
RESERVED
 CVE-2015-7482
@@ -99870,7 +99870,7 @@ CVE-2015-7476
 CVE-2015-7475
RESERVED
 CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in 
IBM ...)
-   TODO: check
+   NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local 
users to ...)
NOT-FOR-US: IBM
 CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 
6.1.5.3 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b62055e5e011c784a4cefe3c92047d2eacf94bb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b62055e5e011c784a4cefe3c92047d2eacf94bb
You're receiving this email because of your account on 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3b1228af by Salvatore Bonaccorso at 2018-01-18T19:16:13+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7506,7 +7506,7 @@ CVE-2018-2733 (Vulnerability in the Oracle Hyperion 
Planning component of Oracle
 CVE-2018-2732 (Vulnerability in the Oracle Financial Services Analytical 
Applications ...)
NOT-FOR-US: Oracle
 CVE-2018-2731 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement 
component ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2730 (Vulnerability in the Oracle Retail Merchandising System 
component of ...)
NOT-FOR-US: Oracle
 CVE-2018-2729 (Vulnerability in the Oracle Financial Services Funds Transfer 
Pricing ...)
@@ -7548,43 +7548,43 @@ CVE-2018-2712 (Vulnerability in the Oracle Financial 
Services Loan Loss Forecast
 CVE-2018-2711 (Vulnerability in the Oracle JDeveloper component of Oracle 
Fusion ...)
NOT-FOR-US: Oracle
 CVE-2018-2710 (Vulnerability in the Solaris component of Oracle Sun Systems 
Products ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2709 (Vulnerability in the Oracle Banking Corporate Lending component 
of ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2708 (Vulnerability in the Oracle Banking Payments component of 
Oracle ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2707 (Vulnerability in the Oracle Banking Corporate Lending component 
of ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2706 (Vulnerability in the Oracle Banking Corporate Lending component 
of ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2705 (Vulnerability in the Oracle Banking Payments component of 
Oracle ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2704 (Vulnerability in the Oracle Banking Payments component of 
Oracle ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2703 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7  (bug #887477)
- mysql-5.5  (Only affects MySQL 5.6 and 5.7)
NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
 CVE-2018-2702 (Vulnerability in the PeopleSoft Enterprise FSCM component of 
Oracle ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2701 (Vulnerability in the Oracle Hospitality Cruise Fleet Management 
...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2700 (Vulnerability in the Oracle Hospitality Cruise Fleet Management 
...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2699 (Vulnerability in the Application Express component of Oracle 
Database ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2698 (Vulnerability in the Oracle VM VirtualBox component of Oracle 
...)
- virtualbox 5.2.6-dfsg-1
[jessie] - virtualbox  (DSA-3699-1)
[wheezy] - virtualbox  (DSA 3454)
 CVE-2018-2697 (Vulnerability in the Oracle Hospitality Cruise Fleet Management 
...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2696 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7  (bug #887477)
- mysql-5.5  (Only affects MySQL 5.6 and 5.7)
NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
 CVE-2018-2695 (Vulnerability in the PeopleSoft Enterprise PeopleTools 
component of ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox component of Oracle 
...)
- virtualbox 5.2.6-dfsg-1
[jessie] - virtualbox  (DSA-3699-1)
@@ -7594,9 +7594,9 @@ CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox 
component of Oracle ...
[jessie] - virtualbox-guest-additions-iso  (Non-free not 
supported)
NOTE: 
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
 CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability 
...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2691 (Vulnerability in the Oracle User Management component of Oracle 
...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle 
...)
- virtualbox 5.2.6-dfsg-1
[jessie] - virtualbox  (DSA-3699-1)
@@ -7622,15 +7622,15 @@ CVE-2018-2685 (Vulnerability in the Oracle VM 
VirtualBox component of Oracle ...
[jessie] - virtualbox  (DSA-3699-1)
[wheezy] - virtualbox  (DSA 3454)
 CVE-2018-2684 (Vulnerability in the Oracle User Management component of Oracle 
...)
-   TODO: check
+   NOT-FOR-US: Oracle
 CVE-2018-2683 (Vulnerability in the Oracle Hospitality Simphony component of 
Oracle ...)
-   TODO: check
+   NOT-FOR-US: Oracle
 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a4e3826 by Salvatore Bonaccorso at 2018-01-17T10:14:16+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,21 +5,21 @@ CVE-2018-5730
 CVE-2018-5729
RESERVED
 CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability 
in the ...)
TODO: check
 CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to 
obtain ...)
-   TODO: check
+   NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
 CVE-2018-5725 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated ...)
-   TODO: check
+   NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
 CVE-2018-5724 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated ...)
-   TODO: check
+   NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
 CVE-2018-5723 (MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password 
of ...)
-   TODO: check
+   NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
 CVE-2018-5722
RESERVED
 CVE-2018-5721 (Stack-based buffer overflow in the ej_update_variables function 
in ...)
-   TODO: check
+   NOT-FOR-US: ASUS routers
 CVE-2018-5720
RESERVED
 CVE-2018-5719



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a4e3826e4b8c5f234556ec498ee0afc8ad1c914

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a4e3826e4b8c5f234556ec498ee0afc8ad1c914
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aedce5b1 by Salvatore Bonaccorso at 2018-01-16T11:04:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -851,9 +851,9 @@ CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view 
parameter to ...)
 CVE-2018-5330
RESERVED
 CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to 
Cross-Site ...)
-   TODO: check
+   NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
 CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to 
various ...)
-   TODO: check
+   NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
 CVE-2018-5327 (Cheetah Mobile Armorfly Browser  Downloader 1.1.05.0010, 
when ...)
NOT-FOR-US: Cheetah Mobile Armorfly Browser & Downloader
 CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on 
unspecified ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aedce5b1b86f1d5b785fe2e9cc771a54f070b0c7

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aedce5b1b86f1d5b785fe2e9cc771a54f070b0c7
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c19d9b6 by Salvatore Bonaccorso at 2018-01-14T11:28:57+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,19 +1,19 @@
 CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based 
buffer ...)
-   TODO: check
+   NOT-FOR-US: WizardMac ReadStat
 CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove 
request to ...)
-   TODO: check
+   NOT-FOR-US: Icy Phoenix
 CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL 
injection ...)
-   TODO: check
+   NOT-FOR-US: iJoomla com_adagency plugin for Joomla!
 CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection 
via the ...)
-   TODO: check
+   NOT-FOR-US: WpJobBoard plugin for WordPress
 CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas 
Gudino ...)
-   TODO: check
+   NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel
 CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows 
local users ...)
-   TODO: check
+   NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk
 CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, 
...)
- piwigo 
 CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the 
`newName` ...)
-   TODO: check
+   NOT-FOR-US: SonicWall Global Management System
 CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in 
Dotclear ...)
TODO: check
 CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in 
Dotclear ...)
@@ -21,7 +21,7 @@ CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in 
admin/auth.php in Dot
 CVE-2018-5688
RESERVED
 CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings 
under ...)
-   TODO: check
+   NOT-FOR-US: NewsBee CMS
 CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and 
...)
- mupdf  (bug #887130)
[stretch] - mupdf  (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c19d9b63cbd3bb1db348b55e4ce0392a867c5f5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c19d9b63cbd3bb1db348b55e4ce0392a867c5f5
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
989bbe9b by Salvatore Bonaccorso at 2018-01-13T21:02:39+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15186,11 +15186,11 @@ CVE-2017-16866 (dayrui FineCms 5.2.0 before 
2017.11.16 has Cross Site Scripting 
 CVE-2017-16865
RESERVED
 CVE-2017-16864 (The issue search resource in Atlassian Jira before version 
7.4.2 ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Jira
 CVE-2017-16863
RESERVED
 CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Jira
 CVE-2017-16861
RESERVED
 CVE-2017-16860
@@ -21906,7 +21906,7 @@ CVE-2017-14596 (In Joomla! before 3.8.0, inadequate 
escaping in the LDAP authent
 CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead 
to the ...)
NOT-FOR-US: Joomla!
 CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira 
before ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Jira
 CVE-2017-14593
RESERVED
 CVE-2017-14592



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/989bbe9b03fc055c4671a927c6d72b2fc5af462b

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/989bbe9b03fc055c4671a927c6d72b2fc5af462b
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
208f9b70 by Salvatore Bonaccorso at 2018-01-13T08:36:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -343,11 +343,11 @@ CVE-2018-5379
 CVE-2018-5378
RESERVED
 CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended 
access ...)
-   TODO: check
+   NOT-FOR-US: Discuz! DiscuzX
 CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the 
include\spacecp\spacecp_upload.php ...)
-   TODO: check
+   NOT-FOR-US: Discuz! DiscuzX
 CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the 
include\spacecp\spacecp_space.php ...)
-   TODO: check
+   NOT-FOR-US: Discuz! DiscuzX
 CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was 
found in ...)
- imagemagick  (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
@@ -372,33 +372,33 @@ CVE-2018- [rpc session-id mechanism design flaw 
results in RCE]
NOTE: https://github.com/transmission/transmission/pull/468
NOTE: Proposed patch: 
https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
 CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has 
SQL ...)
-   TODO: check
+   NOT-FOR-US: Dbox 3D Slider Lite plugin for WordPress
 CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL 
Injection ...)
-   TODO: check
+   NOT-FOR-US: Smooth Slider plugin for WordPress
 CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has 
SQL ...)
-   TODO: check
+   NOT-FOR-US: Testimonial Slider plugin for WordPress
 CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 
and ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-5370
RESERVED
 CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...)
-   TODO: check
+   NOT-FOR-US: SrbTransLatin plugin for WordPress
 CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...)
-   TODO: check
+   NOT-FOR-US: SrbTransLatin plugin for WordPress
 CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
-   TODO: check
+   NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360
RESERVED
 CVE-2018-5359
@@ -524,7 +524,7 @@ CVE-2018-5317
 CVE-2018-5316 (The SagePay Server Gateway for WooCommerce plugin 
before 1.0.9 for ...)
NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for 
WordPress
 CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL 
...)
-   TODO: check
+   NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
 CVE-2018-5314
RESERVED
 CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored 
cross-site ...)
@@ -665,7 +665,7 @@ CVE-2018-5264
 CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension 
before ...)
NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
 CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and 
earlier ...)
-   TODO: check
+   NOT-FOR-US: Flexense DiskBoss
 CVE-2018-5261
RESERVED
 CVE-2018-5260
@@ -3814,7 +3814,7 @@ CVE-2018-3815 (The XML Interface to Messaging, 
Scheduling, and Signaling
 CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress 
has XSS via ...)
NOT-FOR-US: ILLID Share This Image plugin for WordPress
 CVE-2017-18014 (An NC-25986 issue was discovered in the Logging subsystem of 
Sophos XG ...)
-   TODO: check
+   NOT-FOR-US: Sophos
 CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary 
PHP ...)
NOT-FOR-US: Craft CMS
 CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 
4.1.53.166 ...)
@@ -4161,7 +4161,7 @@ CVE-2018-3711
 CVE-2018-3710
RESERVED
 CVE-2017-17970 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e4a63be6 by Salvatore Bonaccorso at 2018-01-12T10:18:33+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -53,7 +53,7 @@ CVE-2018-5349
 CVE-2018-5348
RESERVED
 CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has 
unauthenticated ...)
-   TODO: check
+   NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud
 CVE-2018-5346
RESERVED
 CVE-2018-101 [Libc Realpath Buffer Underflow]
@@ -115,9 +115,9 @@ CVE-2018-5329
 CVE-2018-5328
RESERVED
 CVE-2018-5327 (Cheetah Mobile Armorfly Browser  Downloader 1.1.05.0010, 
when ...)
-   TODO: check
+   NOT-FOR-US: Cheetah Mobile Armorfly Browser & Downloader
 CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on 
unspecified ...)
-   TODO: check
+   NOT-FOR-US: Cheetah Mobile CM Browser
 CVE-2018-5325
RESERVED
 CVE-2018-5324



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4a63be6564593f0de2ae82658fe92eca3c98149

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4a63be6564593f0de2ae82658fe92eca3c98149
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d404585 by Salvatore Bonaccorso at 2018-01-11T12:54:25+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11918,9 +11918,9 @@ CVE-2018-0787
 CVE-2018-0786 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 
4.5.1, ...)
NOT-FOR-US: Microsoft
 CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request 
forgery ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0783
RESERVED
 CVE-2018-0782
@@ -14056,7 +14056,7 @@ CVE-2017-16879 (Stack-based buffer overflow in the 
_nc_write_entry function in .
NOTE: PoC 
https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz
NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125
 CVE-2017-16878 (Cross-site scripting (XSS) vulnerability in the Captive Portal 
...)
-   TODO: check
+   NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the 
/_next and ...)
NOT-FOR-US: ZEIT Next.js
 CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify 
function in ...)
@@ -14401,33 +14401,33 @@ CVE-2018-0016
 CVE-2018-0015
RESERVED
 CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets 
with ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos 
Space ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability 
that ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos 
Space ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security 
Director ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules 
configured to ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a 
commit ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0007 (An unauthenticated network-based attacker able to send a 
maliciously ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an 
adjacent host ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the 
MAC ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0004 (A sustained sequence of different types of normal transit 
traffic can ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0003 (A specially crafted MPLS packet received or processed by the 
system, ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any 
ALG ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code 
by ...)
-   TODO: check
+   NOT-FOR-US: Juniper
 CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site 
Scripting (XSS) ...)
NOT-FOR-US: dayrui FineCms
 CVE-2017-16865
@@ -17810,13 +17810,13 @@ CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, 
the Control Protocol suffers
 CVE-2017-15666
RESERVED
 CVE-2017-15665 (In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol 
suffers ...)
-   TODO: check
+   NOT-FOR-US: Flexense DiskBoss Enterprise
 CVE-2017-15664 (In Flexense Sync Breeze Enterprise v10.1.16, the Control 
Protocol ...)
-   TODO: check
+   NOT-FOR-US: Flexense Sync Breeze Enterprise
 CVE-2017-15663 (In Flexense Disk Pulse Enterprise v10.1.18, the Control 
Protocol ...)
-   TODO: check
+   NOT-FOR-US: Flexense Disk Pulse Enterprise
 CVE-2017-15662 (In Flexense VX Search Enterprise v10.1.12, the Control 
Protocol ...)
-   TODO: check
+   NOT-FOR-US: Flexense VX Search Enterprise
 CVE-2017-15661
RESERVED
 CVE-2017-15660



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d404585e57044bf4b660b95e6d2efc9d07a4e96

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d404585e57044bf4b660b95e6d2efc9d07a4e96
You're receiving this email because of your account on salsa.debian.org.
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a5d1b1f0 by Salvatore Bonaccorso at 2018-01-10T13:36:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -29,7 +29,7 @@ CVE-2018-5318
 CVE-2018-5317
RESERVED
 CVE-2018-5316 (The SagePay Server Gateway for WooCommerce plugin 
before 1.0.9 for ...)
-   TODO: check
+   NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for 
WordPress
 CVE-2018-5315
RESERVED
 CVE-2018-5314
@@ -37,9 +37,9 @@ CVE-2018-5314
 CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored 
cross-site ...)
TODO: check
 CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in 
the file ...)
-   TODO: check
+   NOT-FOR-US: rui Li finecms
 CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
-   TODO: check
+   NOT-FOR-US: flatCore-CMS
 CVE-2017-18026 [Remote command execution through mercurial adapter]
- redmine 
[wheezy] - redmine  (Not supported in wheezy LTS)
@@ -176,7 +176,7 @@ CVE-2018-5261
 CVE-2018-5260
RESERVED
 CVE-2018-5259 (Discuz! DiscuzX X3.4 allows remote authenticated users to 
bypass ...)
-   TODO: check
+   NOT-FOR-US: Discuz! DiscuzX
 CVE-2018-5258
RESERVED
 CVE-2018-5257
@@ -7171,13 +7171,13 @@ CVE-2018-2365
 CVE-2018-2364
RESERVED
 CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 
7.30, ...)
-   TODO: check
+   NOT-FOR-US: SAP NetWeaver
 CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, 
could send ...)
-   TODO: check
+   NOT-FOR-US: SAP HANA
 CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the 
...)
-   TODO: check
+   NOT-FOR-US: SAP Solution Manager
 CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is 
missing an ...)
-   TODO: check
+   NOT-FOR-US: SAP Startup Service
 CVE-2017-17701 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL 
pointer ...)
NOT-FOR-US: K7 Antivirus
 CVE-2017-17700 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL 
pointer ...)
@@ -11815,9 +11815,9 @@ CVE-2018-0821
 CVE-2018-0820
RESERVED
 CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a 
specially ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow 
Guard ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0817
RESERVED
 CVE-2018-0816
@@ -11829,7 +11829,7 @@ CVE-2018-0814
 CVE-2018-0813
RESERVED
 CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0811
RESERVED
 CVE-2018-0810
@@ -11839,49 +11839,49 @@ CVE-2018-0809
 CVE-2018-0808
RESERVED
 CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 
2007, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 
1709, ...)
NOT-FOR-US: Microsoft
 CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 
2010, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 
2010, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker 
to ...)
NOT-FOR-US: Microsoft
 CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 
and ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 
2010, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 
2010, ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0793 (Microsoft 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e2dae036 by Salvatore Bonaccorso at 2018-01-08T10:22:19+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-5298 (In the Procter  Gamble Oral-B App (aka 
com.pg.oralb.oralbapp) ...)
-   TODO: check
+   NOT-FOR-US: Procter & Gamble "Oral-B App" for Android
 CVE-2018-5297
RESERVED
 CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in 
the ...)
@@ -10,25 +10,25 @@ CVE-2018-5294 (In libming 0.4.8, there is an integer 
overflow (caused by an ...)
- ming 
NOTE: https://github.com/libming/libming/issues/98
 CVE-2018-5293 (The GD Rating System plugin 2.3 for WordPress has XSS via the 
...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5292 (The GD Rating System plugin 2.3 for WordPress has XSS via the 
...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5291 (The GD Rating System plugin 2.3 for WordPress has Directory 
Traversal ...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5290 (The GD Rating System plugin 2.3 for WordPress has Directory 
Traversal ...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5289 (The GD Rating System plugin 2.3 for WordPress has Directory 
Traversal ...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5288 (The GD Rating System plugin 2.3 for WordPress has XSS via the 
...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5287 (The GD Rating System plugin 2.3 for WordPress has Directory 
Traversal ...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5286 (The GD Rating System plugin 2.3 for WordPress has XSS via the 
...)
-   TODO: check
+   NOT-FOR-US: GD Rating System plugin for WordPress
 CVE-2018-5285 (The ImageInject plugin 1.15 for WordPress has CSRF via ...)
-   TODO: check
+   NOT-FOR-US: ImageInject plugin for WordPress
 CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the 
flickr_appid ...)
-   TODO: check
+   NOT-FOR-US: ImageInject plugin for WordPress
 CVE-2018-5283
RESERVED
 CVE-2018-5282
@@ -38,33 +38,33 @@ CVE-2018-5281
 CVE-2018-5280
RESERVED
 CVE-2018-5279 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5278 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5277 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5276 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5275 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5274 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5273 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5272 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5271 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5270 (In Malwarebytes Premium 3.3.1.2183, the driver file 
(FARFLT.SYS) allows ...)
-   TODO: check
+   NOT-FOR-US: Malwarebytes Premium
 CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
TODO: check
 CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
TODO: check
 CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
 CVE-2018-5265
RESERVED
 CVE-2018-5264
@@ -497,7 +497,7 @@ CVE-2018-5073 (Online Ticket Booking has CSRF via 
admin/movieedit.php. ...)
 CVE-2018-5072 (Online Ticket Booking has XSS via the admin/sitesettings.php 
keyword ...)
NOT-FOR-US: Online Ticket Booking
 CVE-2018-5071 (Persistent XSS exists in the 

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b055019c by Salvatore Bonaccorso at 2018-01-07T17:09:47+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3055,7 +3055,7 @@ CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are 
vulnerable to Smarty Tem
 CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to 
Smarty ...)
NOT-FOR-US: CMS Made Simple
 CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 
2.2.0 and ...)
-   TODO: check
+   NOT-FOR-US: Samlify
 CVE-2017-1000451 (fs-git is a file system like api for git repository. The 
fs-git ...)
NOT-FOR-US: fs-git
 CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions 
FillUniColor and ...)
@@ -4070,7 +4070,7 @@ CVE-2017-17839
 CVE-2017-17838
RESERVED
 CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection 
leak in the ...)
-   TODO: check
+   NOT-FOR-US: Apache DeltaSpike-JSF module
 CVE-2017-17836
RESERVED
 CVE-2017-17835
@@ -10044,7 +10044,7 @@ CVE-2018-1192
 CVE-2018-1191
RESERVED
 CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry 
products: all ...)
-   TODO: check
+   NOT-FOR-US: Pivotal
 CVE-2018-1189
RESERVED
 CVE-2018-1188
@@ -11155,9 +11155,9 @@ CVE-2017-17100
 CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow 
vulnerability ...)
NOT-FOR-US: Flexense SyncBreeze Enterprise
 CVE-2017-17098 (The writeLog function in fn_common.php in gps-server.net GPS 
Tracking ...)
-   TODO: check
+   NOT-FOR-US: gps-server.net GPS Tracking Software
 CVE-2017-17097 (gps-server.net GPS Tracking Software (self hosted) 2.x has a 
password ...)
-   TODO: check
+   NOT-FOR-US: gps-server.net GPS Tracking Software
 CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards 
plugin ...)
NOT-FOR-US: Wordpress plugin
 CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open 
Source ...)
@@ -13321,7 +13321,7 @@ CVE-2018-0116
 CVE-2018-0115
RESERVED
 CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library 
before ...)
-   TODO: check
+   NOT-FOR-US: Cisco node-jose
 CVE-2018-0113
RESERVED
 CVE-2018-0112
@@ -20003,11 +20003,11 @@ CVE-2017-14906
 CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
-   TODO: check
+   NOT-FOR-US: Android MediaServer
 CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
-   TODO: check
+   NOT-FOR-US: Android
 CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
@@ -20017,11 +20017,11 @@ CVE-2017-14899 (In Android for MSM, Firefox OS for 
MSM, QRD Android, with all An
 CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
-   TODO: check
+   NOT-FOR-US: Android
 CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
-   TODO: check
+   NOT-FOR-US: Android
 CVE-2017-14894
RESERVED
 CVE-2017-14893
@@ -21501,7 +21501,7 @@ CVE-2017-14385 (An issue was discovered in EMC Data 
Domain DD OS 5.7 family, ver
 CVE-2017-14384
RESERVED
 CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for 
File ...)
-   TODO: check
+   NOT-FOR-US: EMC VNX
 CVE-2017-14382
RESERVED
 CVE-2017-14381
@@ -24969,7 +24969,7 @@ CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak 
vulnerability was found in
 CVE-2017-13057
RESERVED
 CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) 
might ...)
-   TODO: check
+   NOT-FOR-US: PDF-XChange Viewer
 CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer 
over-read in ...)
{DSA-3971-1 DLA-1097-1}
- tcpdump 4.9.2-1
@@ -31451,7 +31451,7 @@ CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, 
QRD Android, with all An
 CVE-2017-11044 (In Android for MSM, Firefox