[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-18 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fba12d6c by Salvatore Bonaccorso at 2018-11-18T08:28:35Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,23 +1,23 @@
 CVE-2018-19350 (In SeaCMS v6.6.4, there is stored XSS via the ...)
-   TODO: check
+   NOT-FOR-US: SeaCMS
 CVE-2018-19349 (In SeaCMS v6.64, there is SQL injection via the 
admin_makehtml.php ...)
-   TODO: check
+   NOT-FOR-US: SeaCMS
 CVE-2018-19348 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19347 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19346 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19345 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19344 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19343 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19342 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19341 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-19340 (Guriddo Form PHP 5.3 has XSS via the ...)
NOT-FOR-US: Guriddo Form PHP
 CVE-2018-19339
@@ -9336,9 +9336,9 @@ CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below 
allows authenticated remote
 CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated 
remote ...)
NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15693 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier 
allows ...)
-   TODO: check
+   NOT-FOR-US: Inova Partner
 CVE-2018-15692 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier 
allows ...)
-   TODO: check
+   NOT-FOR-US: Inova Partner
 CVE-2018-15691 (Insecure deserialization of a specially crafted serialized 
object, in ...)
NOT-FOR-US: CA Release Automation
 CVE-2018-15690
@@ -26544,7 +26544,7 @@ CVE-2018-9087
 CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection 
...)
TODO: check
 CVE-2018-9085 (A write protection lock bit was left unset after boot on an 
older ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-9084
RESERVED
 CVE-2018-9083
@@ -26568,11 +26568,11 @@ CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS 
devices versions 4.1.402.3
 CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 
4.1.402.34662 ...)
NOT-FOR-US: Lenovo
 CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 
utilizes ...)
-   TODO: check
+   NOT-FOR-US: Lenovo Chassis Management Module
 CVE-2018-9072
RESERVED
 CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 
allows ...)
-   TODO: check
+   NOT-FOR-US: Lenovo Chassis Management Module
 CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier 
than ...)
NOT-FOR-US: Lenovo
 CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race 
condition in ...)
@@ -31227,15 +31227,15 @@ CVE-2018-7365
 CVE-2018-7364
RESERVED
 CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are 
impacted ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are 
impacted ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2018-7361 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are 
impacted ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2018-7360 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are 
impacted ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2018-7359 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are 
impacted ...)
-   TODO: check
+   NOT-FOR-US: ZTE
 CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, 
V2.2.0_PK1.2T2, ...)
NOT-FOR-US: ZTE ZXHN H168N product
 CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, 
V2.2.0_PK1.2T2, ...)
@@ -47470,7 +47470,7 @@ CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows 
(includes DB2 Connect Server)
 CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable ...)
NOT-FOR-US: IBM WebSphere Application Server
 CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1796
RESERVED
 CVE-2018-1795 (IBM Robotic Process Automation with 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-17 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
081b1b73 by Salvatore Bonaccorso at 2018-11-17T20:24:53Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,5 @@
 CVE-2018-19340 (Guriddo Form PHP 5.3 has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: Guriddo Form PHP
 CVE-2018-19339
RESERVED
 CVE-2018-19338
@@ -15,19 +15,19 @@ CVE-2018-19334
 CVE-2018-19333 (pkg/sentry/kernel/shm/shm.go in Google gVisor before 
2018-11-01 allows ...)
TODO: check
 CVE-2018-19332 (An issue was discovered in S-CMS v1.5. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: S-CMS
 CVE-2018-19331 (An issue was discovered in S-CMS v1.5. There is a SQL 
injection ...)
-   TODO: check
+   NOT-FOR-US: S-CMS
 CVE-2018-19330
RESERVED
 CVE-2018-19329 (GreenCMS v2.3.0603 allows remote authenticated administrators 
to delete ...)
-   TODO: check
+   NOT-FOR-US: GreenCMS
 CVE-2018-19328 (LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory 
Traversal. ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19327 (An issue was discovered in JTBC(PHP) 3.0.1.7. ...)
TODO: check
 CVE-2018-19326 (Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ 
Directory ...)
-   TODO: check
+   NOT-FOR-US: Zyxel
 CVE-2018-19325
RESERVED
 CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/081b1b73715ad7f6eafd7bbcde6b50274f086bcd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/081b1b73715ad7f6eafd7bbcde6b50274f086bcd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5856366 by Salvatore Bonaccorso at 2018-11-15T20:25:49Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7969,13 +7969,13 @@ CVE-2018-16165
 CVE-2018-16164
RESERVED
 CVE-2018-16163 (OpenDolphin 2.7.0 and earlier allows authenticated attackers 
to bypass ...)
-   TODO: check
+   NOT-FOR-US: OpenDolphin
 CVE-2018-16162 (OpenDolphin 2.7.0 and earlier allows authenticated attackers 
to obtain ...)
-   TODO: check
+   NOT-FOR-US: OpenDolphin
 CVE-2018-16161 (OpenDolphin 2.7.0 and earlier allows authenticated users to 
gain ...)
-   TODO: check
+   NOT-FOR-US: OpenDolphin
 CVE-2018-16160 (SecureCore Standard Edition Version 2.x allows an attacker to 
bypass ...)
-   TODO: check
+   NOT-FOR-US: SecureCore Standard Edition
 CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows 
SQL ...)
NOT-FOR-US: Gift Vouchers plugin for WordPress
 CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise 
Edition ...)
@@ -17229,7 +17229,7 @@ CVE-2018-12482 (OCS Inventory 2.4.1 contains multiple 
SQL injections in the sear
 CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a 
Sensitive ...)
NOT-FOR-US: Olive Tree Ftp Server application for Android
 CVE-2018-12480 (Mitigates an XSS issue in NetIQ Access Manager versions prior 
to 4.4 ...)
-   TODO: check
+   NOT-FOR-US: NetIQ Access Manager
 CVE-2018-12479 (A Improper Input Validation vulnerability in Open Build 
Service allows ...)
- open-build-service  (bug #911797)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108435



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5856366e5cb06266003d862f552b2f42b5dddb7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c5856366e5cb06266003d862f552b2f42b5dddb7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8701550c by Salvatore Bonaccorso at 2018-11-15T15:39:56Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5,7 +5,7 @@ CVE-2018-19293
 CVE-2018-19292
RESERVED
 CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: DiliCMS
 CVE-2018-19290
RESERVED
 CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML 
injection, ...)
@@ -9159,17 +9159,17 @@ CVE-2018-15716
 CVE-2018-15715
RESERVED
 CVE-2018-15714 (Nagios XI 5.5.6 allows reflected cross site scripting from 
remote ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-15713 (Nagios XI 5.5.6 allows persistent cross site scripting from 
remote ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-15712 (Nagios XI 5.5.6 allows reflected cross site scripting from 
remote ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-15711 (Nagios XI 5.5.6 allows remote authenticated attackers to reset 
and ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-15710 (Nagios XI 5.5.6 allows local authenticated attackers to 
escalate ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-15709 (Nagios XI 5.5.6 allows remote authenticated attackers to 
execute ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-15708 (Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated 
attackers ...)
TODO: check
 CVE-2018-15707 (Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to 
cross-site ...)
@@ -31090,9 +31090,9 @@ CVE-2018-7360
 CVE-2018-7359
RESERVED
 CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, 
V2.2.0_PK1.2T2, ...)
-   TODO: check
+   NOT-FOR-US: ZTE ZXHN H168N product
 CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, 
V2.2.0_PK1.2T2, ...)
-   TODO: check
+   NOT-FOR-US: ZTE ZXHN H168N product
 CVE-2018-7356 (All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product 
are ...)
NOT-FOR-US: ZTE ZXR10 8905E
 CVE-2018-7355 (All versions up to V1.0.0B05 of ZTE MF65 and all versions up to 
...)
@@ -42005,13 +42005,13 @@ CVE-2018-3701
 CVE-2018-3700
RESERVED
 CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for 
Windows may ...)
-   TODO: check
+   NOT-FOR-US: Intel RAID Web Console
 CVE-2018-3698 (Improper file permissions in the installer for the Intel Ready 
Mode ...)
TODO: check
 CVE-2018-3697 (Improper directory permissions in the installer for the Intel 
Media ...)
TODO: check
 CVE-2018-3696 (Authentication bypass in the Intel RAID Web Console 3 for 
Windows ...)
-   TODO: check
+   NOT-FOR-US: Intel RAID Web Console
 CVE-2018-3695
RESERVED
 CVE-2018-3694



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8701550c1179027dcdd0a53bdb5641caa84e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8701550c1179027dcdd0a53bdb5641caa84e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a7426e7 by Salvatore Bonaccorso at 2018-11-15T14:59:38Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9,11 +9,11 @@ CVE-2018-19291 (An issue discovered in DiliCMS 2.4.0. There 
is a CSRF vulnerabil
 CVE-2018-19290
RESERVED
 CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML 
injection, ...)
-   TODO: check
+   NOT-FOR-US: Valine
 CVE-2018-19288 (Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS 
via the ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-19287 (XSS in the Ninja Forms plugin before 3.3.18 for WordPress 
allows Remote ...)
-   TODO: check
+   NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-19286 (The server in mubu note 2018-11-11 has XSS by configuring an 
account ...)
TODO: check
 CVE-2018-19285
@@ -25,11 +25,11 @@ CVE-2018-19283
 CVE-2018-19282
RESERVED
 CVE-2018-19281 (Centreon 3.4.x allows SNMP trap SQL Injection. ...)
-   TODO: check
+   NOT-FOR-US: Centreon
 CVE-2018-19280 (Centreon 3.4.x has XSS via the resource name or macro 
expression of a ...)
-   TODO: check
+   NOT-FOR-US: Centreon
 CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks 
the ...)
-   TODO: check
+   NOT-FOR-US: PRIMX ZoneCentral
 CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium 
Asterisk 15.x ...)
TODO: check
 CVE-2015-9274 (HarfBuzz before 1.0.4 allows remote attackers to cause a denial 
of ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a7426e7ca99a31aab249be8cf10dbc96eea4f94

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a7426e7ca99a31aab249be8cf10dbc96eea4f94
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-13 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3403599d by Salvatore Bonaccorso at 2018-11-13T20:16:21Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -342,9 +342,9 @@ CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a 
NULL pointer dereference
 CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the 
function ...)
TODO: check
 CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote 
authenticated ...)
-   TODO: check
+   NOT-FOR-US: PRTG Network Monitor
 CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote 
unauthenticated ...)
-   TODO: check
+   NOT-FOR-US: PRTG Network Monitor
 CVE-2018-19202
RESERVED
 CVE-2018-19201
@@ -1785,7 +1785,7 @@ CVE-2018-18593
 CVE-2018-18592
RESERVED
 CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has 
been ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus
 CVE-2018-18590 (A potential remote code execution and information disclosure 
...)
NOT-FOR-US: Micro Focus
 CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has 
been ...)
@@ -8860,9 +8860,9 @@ CVE-2018-15774
 CVE-2018-15773
RESERVED
 CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and 
RecoverPoint for ...)
-   TODO: check
+   NOT-FOR-US: EMC RecoverPoint
 CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and 
RecoverPoint for ...)
-   TODO: check
+   NOT-FOR-US: EMC RecoverPoint
 CVE-2018-15770
RESERVED
 CVE-2018-15769
@@ -9672,7 +9672,7 @@ CVE-2018-15454 (A vulnerability in the Session Initiation 
Protocol (SIP) inspect
 CVE-2018-15453
RESERVED
 CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced 
Malware ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco 
Prime ...)
NOT-FOR-US: Cisco
 CVE-2018-15450 (A vulnerability in the web-based UI of Cisco Prime 
Collaboration ...)
@@ -29142,9 +29142,9 @@ CVE-2018-7928 (There is a security vulnerability which 
could lead to Factory Res
 CVE-2018-7927
RESERVED
 CVE-2018-7926 (Huawei Watch 2 with versions and earlier than 
OWDD.180707.001.E1 have ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7925 (The radio module of some Huawei smartphones Emily-AL00A The 
versions ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than 
8.0.0.151(C00) have ...)
NOT-FOR-US: Huawei
 CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 
...)
@@ -29174,7 +29174,7 @@ CVE-2018-7912
 CVE-2018-7911 (Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 
8.0.0.113(SP2C00), ...)
NOT-FOR-US: Huawei
 CVE-2018-7910 (Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7909
RESERVED
 CVE-2018-7908
@@ -47163,7 +47163,7 @@ CVE-2018-1810
 CVE-2018-1809
RESERVED
 CVE-2018-1808 (IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1807
RESERVED
 CVE-2018-1806
@@ -47195,7 +47195,7 @@ CVE-2018-1794 (IBM WebSphere Application Server 7.0, 
8.0, 8.5, and 9.0 using OAu
 CVE-2018-1793 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using 
SAML ear ...)
NOT-FOR-US: IBM WebSphere Application Server
 CVE-2018-1792 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 
9.0.0.5, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External 
Service ...)
NOT-FOR-US: IBM
 CVE-2018-1790



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3403599d79cb76cbe3e3c7cfbdb11eb8079024f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3403599d79cb76cbe3e3c7cfbdb11eb8079024f0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-13 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5ad54473 by Salvatore Bonaccorso at 2018-11-13T08:54:21Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -37,25 +37,25 @@ CVE-2018-19231
 CVE-2018-19230
RESERVED
 CVE-2018-19229 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via 
the ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19228 (An issue was discovered in LAOBANCMS 2.0. It allows arbitrary 
file ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19227 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via 
the ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19226 (An issue was discovered in LAOBANCMS 2.0. It allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19225 (An issue was discovered in LAOBANCMS 2.0. admin/mima.php has 
CSRF. ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19224 (An issue was discovered in LAOBANCMS 2.0. /admin/login.php 
allows ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19223 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via 
the first ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19222 (An issue was discovered in LAOBANCMS 2.0. It allows a ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19221 (An issue was discovered in LAOBANCMS 2.0. It allows SQL 
Injection via ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19220 (An issue was discovered in LAOBANCMS 2.0. It allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: LAOBANCMS
 CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at 
...)
- libsass 
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643760
@@ -46751,7 +46751,7 @@ CVE-2018-1886
 CVE-2018-1885
RESERVED
 CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, 
and ...)
-   TODO: check
+   NOT-FOR-US: IBM Case Manager
 CVE-2018-1883
RESERVED
 CVE-2018-1882
@@ -46923,7 +46923,7 @@ CVE-2018-1800 (IBM Sterling B2B Integrator Standard 
Edition 5.2.6.0 and 6.2.6.1
 CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
NOT-FOR-US: IBM
 CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Application Server
 CVE-2018-1797
RESERVED
 CVE-2018-1796
@@ -46947,7 +46947,7 @@ CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 
could disclose highly ...
 CVE-2018-1787
RESERVED
 CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes 
incorrectly ...)
-   TODO: check
+   NOT-FOR-US: IBM Spectrum Protect
 CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) 
uses ...)
NOT-FOR-US: IBM
 CVE-2018-1784



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ad54473b8cfb142594fa62df606d297986b45da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ad54473b8cfb142594fa62df606d297986b45da
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-11 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0beaa53d by Salvatore Bonaccorso at 2018-11-11T20:25:32Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,13 +1,13 @@
 CVE-2018-19182
RESERVED
 CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 
allows ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if 
...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-19179
RESERVED
 CVE-2018-19178 (In JEESNS 1.3, ...)
-   TODO: check
+   NOT-FOR-US: JEESNS
 CVE-2018-19177
RESERVED
 CVE-2018-19176



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0beaa53d46654738b88f366b54588e14aa9c427d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0beaa53d46654738b88f366b54588e14aa9c427d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-11 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
02586405 by Salvatore Bonaccorso at 2018-11-11T08:58:30Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first 
three ...)
-   TODO: check
+   NOT-FOR-US: JPress
 CVE-2018-19169
RESERVED
 CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in 
FruityWifi ...)
-   TODO: check
+   NOT-FOR-US: FruityWifi
 CVE-2018-19167
RESERVED
 CVE-2018-19166
@@ -65,7 +65,7 @@ CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the 
assets/edit/ip-address
 CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the ...)
NOT-FOR-US: DomainMOD
 CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder 
file ...)
-   TODO: check
+   NOT-FOR-US: ClipperCMS
 CVE-2018-19134
RESERVED
 CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get 
everyone's email ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/025864055128b1780af55ee26a598597581221a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/025864055128b1780af55ee26a598597581221a6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-07 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9feb1af8 by Salvatore Bonaccorso at 2018-11-07T13:25:47Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,11 +7,11 @@ CVE-2018-19055
 CVE-2018-19054
RESERVED
 CVE-2018-19053 (PbootCMS 1.2.2 allows remote attackers to execute arbitrary 
PHP code by ...)
-   TODO: check
+   NOT-FOR-US: PbootCMS
 CVE-2018-19051 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword 
abt_type ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword 
langset ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-19049
RESERVED
 CVE-2017-18351



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9feb1af88793255af8a2b45d31464d505112e7ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9feb1af88793255af8a2b45d31464d505112e7ea
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-06 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4a17fa4 by Salvatore Bonaccorso at 2018-11-06T08:34:04Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,5 @@
 CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in 
Zoho ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and 
OpManager
 CVE-2018-18979
RESERVED
 CVE-2018-18978
@@ -27,13 +27,13 @@ CVE-2018-18968
 CVE-2018-18967
RESERVED
 CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist 
...)
-   TODO: check
+   NOT-FOR-US: osCommerce
 CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist 
...)
-   TODO: check
+   NOT-FOR-US: osCommerce
 CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist 
...)
-   TODO: check
+   NOT-FOR-US: osCommerce
 CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de 
E-commerce ...)
-   TODO: check
+   NOT-FOR-US: Degrau Publicidade e Internet Plataforma de E-commerce
 CVE-2018-18962
RESERVED
 CVE-2018-18961
@@ -45,7 +45,7 @@ CVE-2018-18959
 CVE-2018-18958
RESERVED
 CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a 
stack-based buffer ...)
-   TODO: check
+   NOT-FOR-US: libIEC61850
 CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in 
Suricata 4.x ...)
TODO: check
 CVE-2018-18955



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a17fa4c2a1da16d5cd5c1416af641784ded715

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4a17fa4c2a1da16d5cd5c1416af641784ded715
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-11-02 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2aa41cf5 by Salvatore Bonaccorso at 2018-11-02T20:41:44Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2510,7 +2510,7 @@ CVE-2018-17924
 CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
 CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP 
credentials ...)
-   TODO: check
+   NOT-FOR-US: Circontrol CirCarLife
 CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
 CVE-2018-17920
@@ -2518,7 +2518,7 @@ CVE-2018-17920
 CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye 
P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
 CVE-2018-17918 (Circontrol CirCarLife all versions prior to 4.3.1, 
authentication to ...)
-   TODO: check
+   NOT-FOR-US: Circontrol CirCarLife
 CVE-2018-17917 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye 
P2P Cloud ...)
NOT-FOR-US: P2P Cloud Server
 CVE-2018-17916 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch 
Edge HMI ...)
@@ -2530,7 +2530,7 @@ CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 
SP2, and InTouch Edge
 CVE-2018-17913
RESERVED
 CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and 
prior when ...)
-   TODO: check
+   NOT-FOR-US: CASE Suite
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several 
stack-based ...)
NOT-FOR-US: LAquis SCADA
 CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to 
properly ...)
@@ -28338,7 +28338,7 @@ CVE-2018-7801
 CVE-2018-7800
RESERVED
 CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric 
Software ...)
-   TODO: check
+   NOT-FOR-US: Schneider Electric
 CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) ...)
TODO: check
 CVE-2018-7797
@@ -45868,11 +45868,11 @@ CVE-2018-1880
 CVE-2018-1879
RESERVED
 CVE-2018-1878 (IBM Robotic Process Automation with Automation Anywhere 11 
could ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1877 (IBM Robotic Process Automation with Automation Anywhere 11 
could store ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1876 (IBM Robotic Process Automation with Automation Anywhere 11 
could under ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1875
RESERVED
 CVE-2018-1874
@@ -45932,7 +45932,7 @@ CVE-2018-1848
 CVE-2018-1847
RESERVED
 CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 
and 6.0 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1845
RESERVED
 CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a 
XML ...)
@@ -45954,7 +45954,7 @@ CVE-2018-1837
 CVE-2018-1836
RESERVED
 CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard  Virtual 5 is 
vulnerable to ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1834
RESERVED
 CVE-2018-1833
@@ -46048,7 +46048,7 @@ CVE-2018-1790
 CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an 
attacker to ...)
NOT-FOR-US: IBM
 CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1787
RESERVED
 CVE-2018-1786
@@ -46520,7 +46520,7 @@ CVE-2018-1554 (IBM Maximo Asset Management 7.6 is 
vulnerable to cross-site scrip
 CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 
could allow ...)
NOT-FOR-US: IBM
 CVE-2018-1552 (IBM Robotic Process Automation with Automation Anywhere 10.0 
and 11.0 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 
9.0.0.3 ...)
NOT-FOR-US: IBM
 CVE-2018-1550 (IBM Spectrum Protect 7.1 and 8.1 could allow a local user to 
corrupt ...)
@@ -98643,7 +98643,7 @@ CVE-2017-1611
 CVE-2017-1610
RESERVED
 CVE-2017-1609 (IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 
6.0.6 are ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1608 (IBM Rational Quality Manager and IBM Rational Collaborative 
Lifecycle ...)
NOT-FOR-US: IBM
 CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to 
cross-site ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2aa41cf54b7e6380cdb941512e24d91d8b0a5eb7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2aa41cf54b7e6380cdb941512e24d91d8b0a5eb7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25215c3f by Salvatore Bonaccorso at 2018-10-31T20:17:37Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15,7 +15,7 @@ CVE-2018-18876
 CVE-2018-18875
RESERVED
 CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: nc-cms
 CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL 
pointer ...)
TODO: check
 CVE-2018-18872
@@ -63,7 +63,7 @@ CVE-2018-18852
 CVE-2018-18851
RESERVED
 CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, 
an ...)
-   TODO: check
+   NOT-FOR-US: Octopus Deploy
 CVE-2018-18849
RESERVED
 CVE-2018-18848
@@ -8746,27 +8746,27 @@ CVE-2018-15329
 CVE-2018-15328
RESERVED
 CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise 
Manager ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 
13.0.0-13.1.0.7, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15325 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and 
TMSH usage ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15324 (On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may 
restart when ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15323 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15322 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 
...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15321 (When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 
...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15320 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed 
traffic ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 
12.1.0-12.1.3.6, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 
12.1.3.4-12.1.3.6, if ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 
...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, 
and/or Edge ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a 
reflected ...)
@@ -13759,9 +13759,9 @@ CVE-2018-13284
 CVE-2018-13283
RESERVED
 CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in 
Synology ...)
-   TODO: check
+   NOT-FOR-US: Synology Photo Station
 CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in 
Synology ...)
-   TODO: check
+   NOT-FOR-US: Synology DiskStation Manager
 CVE-2018-13280 (Use of insufficiently random values vulnerability in ...)
NOT-FOR-US: Synology
 CVE-2018-13279



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25215c3f444db068219720ce78abe001b54b4e10

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25215c3f444db068219720ce78abe001b54b4e10
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-30 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c60715c by Salvatore Bonaccorso at 2018-10-30T08:30:43Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11,11 +11,11 @@ CVE-2018-18844
 CVE-2018-18843
RESERVED
 CVE-2018-18842 (CSRF exists in zb_users/plugin/AppCentre/theme.js.php in 
Z-BlogPHP ...)
-   TODO: check
+   NOT-FOR-US: Z-BlogPHP
 CVE-2018-18841 (XSS was discovered in SEMCMS PHP V3.4 via the ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS PHP
 CVE-2018-18840 (XSS was discovered in SEMCMS PHP V3.4 via the ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS PHP
 CVE-2018-18839
RESERVED
 CVE-2018-18838
@@ -25,17 +25,17 @@ CVE-2018-18837
 CVE-2018-18836
RESERVED
 CVE-2018-18835 (upload_template() in system/changeskin.php in DocCms 2016.5.12 
allows ...)
-   TODO: check
+   NOT-FOR-US: DocCms
 CVE-2018-18834 (An issue has been found in libIEC61850 v1.3. It is a 
heap-based buffer ...)
TODO: check
 CVE-2018-18833
RESERVED
 CVE-2018-18832 (admin/check.asp in DKCMS 9.4 allows SQL Injection via an 
ASPSESSIONID ...)
-   TODO: check
+   NOT-FOR-US: DKCMS
 CVE-2018-18831 (An issue was discovered in 
com\mingsoft\cms\action\GeneraterAction.java ...)
-   TODO: check
+   NOT-FOR-US: MCMS
 CVE-2018-18830 (An issue was discovered in ...)
-   TODO: check
+   NOT-FOR-US: MCMS
 CVE-2018-18829 (There exists a NULL pointer dereference in ...)
TODO: check
 CVE-2018-18828 (There exists a heap-based buffer overflow in 
vc1_decode_i_block_adv in ...)
@@ -45,13 +45,13 @@ CVE-2018-18827 (There exists a heap-based buffer over-read 
in ff_vc1_pred_dc in
 CVE-2018-18826 (There exists a heap-based buffer overflow in 
vc1_decode_p_mb_intfi in ...)
TODO: check
 CVE-2018-18825 (Pagoda Linux panel V6.0 has XSS via the verification code 
associated ...)
-   TODO: check
+   NOT-FOR-US: Pagoda Linux panel
 CVE-2018-18824
RESERVED
 CVE-2018-18823
RESERVED
 CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the 
pages.aspx pageref ...)
-   TODO: check
+   NOT-FOR-US: Grapixel New Media
 CVE-2018-18821
RESERVED
 CVE-2018-18820
@@ -61,7 +61,7 @@ CVE-2018-18819
 CVE-2018-18818
RESERVED
 CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with 
Leostream ...)
-   TODO: check
+   NOT-FOR-US: Leostream Agent
 CVE-2018-18816
RESERVED
 CVE-2018-18815



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c60715cf34417eb2f7fadab67b5e35d4ed816c3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c60715cf34417eb2f7fadab67b5e35d4ed816c3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-29 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
05cebf47 by Salvatore Bonaccorso at 2018-10-29T20:15:44Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1028,7 +1028,7 @@ CVE-2018-18389 (Due to incorrect access control in Neo4j 
Enterprise Database Ser
 CVE-2018-18388
RESERVED
 CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through 
Daemon ...)
-   TODO: check
+   NOT-FOR-US: playSMS
 CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows 
local ...)
- linux 4.14.12-1
[stretch] - linux 4.9.82-1+deb9u1
@@ -2309,11 +2309,11 @@ CVE-2018-17912
 CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several 
stack-based ...)
NOT-FOR-US: LAquis SCADA
 CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to 
properly ...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess
 CVE-2018-17909
RESERVED
 CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the 
...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess
 CVE-2018-17907
RESERVED
 CVE-2018-17906
@@ -45744,9 +45744,9 @@ CVE-2018-1769
 CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose 
sensitive ...)
NOT-FOR-US: IBM
 CVE-2018-1767 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 
Cachemonitor ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1766 (IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 
are ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1765
RESERVED
 CVE-2018-1764
@@ -46518,7 +46518,7 @@ CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to 
cross-site scripting. Th
 CVE-2018-1381
RESERVED
 CVE-2018-1380 (IBM InfoSphere Master Data Management Collaboration Server 
11.4, 11.5, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1379
RESERVED
 CVE-2018-1378



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/05cebf47bae82bfe3992e2d4b8540ec005855b51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/05cebf47bae82bfe3992e2d4b8540ec005855b51
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-28 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
678ff378 by Salvatore Bonaccorso at 2018-10-28T09:17:04Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -9,63 +9,63 @@ CVE-2018-18747
 CVE-2018-18746
RESERVED
 CVE-2018-18745 (An XSS issue was discovered in SEMCMS 3.4 via ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18744 (An XSS issue was discovered in SEMCMS 3.4 via the fifth text 
box to the ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18743 (An XSS issue was discovered in SEMCMS 3.4 via the second text 
field to ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18742 (A CSRF issue was discovered in SEMCMS 3.4 via the ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18741 (An XSS issue was discovered in SEMCMS 3.4 via ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18740 (An XSS issue was discovered in SEMCMS 3.4 via the first input 
field to ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18739 (An XSS issue was discovered in SEMCMS 3.4 via the ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18738 (An XSS issue was discovered in SEMCMS 3.4 via the ...)
-   TODO: check
+   NOT-FOR-US: SEMCMS
 CVE-2018-18737 (An XXE issue was discovered in Douchat 4.0.4 because 
Data\notify.php ...)
-   TODO: check
+   NOT-FOR-US: Douchat
 CVE-2018-18736 (An XSS issue was discovered in catfish blog 2.0.33, related to 
write ...)
-   TODO: check
+   NOT-FOR-US: catfish blog (different from src:catfish)
 CVE-2018-18735 (A CSRF issue was discovered in admin/Index/tiquan in catfish 
blog ...)
-   TODO: check
+   NOT-FOR-US: catfish blog (different from src:catfish)
 CVE-2018-18734 (A CSRF issue was discovered in admin/Index/addmanageuser.html 
in ...)
-   TODO: check
+   NOT-FOR-US: Catfish CMS
 CVE-2018-18733 (An XSS issue was discovered in Catfish CMS 4.8.30, related to 
write ...)
-   TODO: check
+   NOT-FOR-US: Catfish CMS
 CVE-2018-18732 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18731 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18730 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18729 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18728 (An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, 
AC15 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18727 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18726 (An XSS issue was discovered in 
admin/sitelink/editsitelink?id=16 in ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18725 (An XSS issue was discovered in admin/banner/editbanner?id=20 
in YUNUCMS ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18724 (An XSS issue was discovered in ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18723 (An XSS issue was discovered in 
index.php/admin/area/editarea/id/11 ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18722 (An XSS issue was discovered in 
admin/content/editcontent?id=29gopage=1 ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18721 (An XSS issue was discovered in admin/link/editlink?id=5 in 
YUNUCMS ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18720 (An XSS issue was discovered in index.php/admin/system/basic in 
YUNUCMS ...)
-   TODO: check
+   NOT-FOR-US: YUNUCMS
 CVE-2018-18719
RESERVED
 CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a 
double-free ...)
TODO: check
 CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS 
exists ...)
-   TODO: check
+   NOT-FOR-US: Eleanor CMS
 CVE-2018-18716
RESERVED
 CVE-2018-18715
@@ -73,19 +73,19 @@ CVE-2018-18715
 CVE-2018-18714
RESERVED
 CVE-2018-18713 (The function down_sql_action() in 
/admin/model/database.class.php in ...)
-   TODO: check
+   NOT-FOR-US: PHPYun
 CVE-2018-18712 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF 
...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-18711 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF 
...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-18709 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018-18708 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-27 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f4339410 by Salvatore Bonaccorso at 2018-10-27T20:21:36Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,17 +1,17 @@
 CVE-2018-18705 (PhpTpoint hospital management system suffers from multiple SQL 
...)
-   TODO: check
+   NOT-FOR-US: PhpTpoint hospital management system
 CVE-2018-18704 (PhpTpoint Pharmacy Management System suffers from a SQL 
injection ...)
-   TODO: check
+   NOT-FOR-US: PhpTpoint Pharmacy Management System
 CVE-2018-18703 (PhpTpoint Mailing Server Using File Handling 1.0 suffers from 
multiple ...)
-   TODO: check
+   NOT-FOR-US: PhpTpoint Mailing Server Using File Handling
 CVE-2018-18702 (spider.admincp.php in iCMS v7.0.11 allows SQL injection via 
...)
-   TODO: check
+   NOT-FOR-US: iCMS
 CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
TODO: check
 CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
TODO: check
 CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is 
an ...)
-   TODO: check
+   NOT-FOR-US: GoPro gpmf-parser
 CVE-2018-18698
RESERVED
 CVE-2018-18697



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4339410f25e1cf5af17a12821ed2b970ccee402

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f4339410f25e1cf5af17a12821ed2b970ccee402
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-27 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
22dcf442 by Salvatore Bonaccorso at 2018-10-27T08:41:43Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,7 +7,7 @@ CVE-2018-18696
 CVE-2018-18695
RESERVED
 CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-18693
RESERVED
 CVE-2018-18692
@@ -78,15 +78,15 @@ CVE-2018-18662 (There is an out-of-bounds read in 
fz_run_t3_glyph in fitz/font.c
 CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL 
pointer ...)
TODO: check
 CVE-2018-18660 (An issue was discovered in Arcserve Unified Data Protection 
(UDP) ...)
-   TODO: check
+   NOT-FOR-US: Arcserve Unified Data Protection
 CVE-2018-18659 (An issue was discovered in Arcserve Unified Data Protection 
(UDP) ...)
-   TODO: check
+   NOT-FOR-US: Arcserve Unified Data Protection
 CVE-2018-18658 (An issue was discovered in Arcserve Unified Data Protection 
(UDP) ...)
-   TODO: check
+   NOT-FOR-US: Arcserve Unified Data Protection
 CVE-2018-18657 (An issue was discovered in Arcserve Unified Data Protection 
(UDP) ...)
-   TODO: check
+   NOT-FOR-US: Arcserve Unified Data Protection
 CVE-2018-18656 (The PureVPN client before 6.1.0 for Windows stores Login 
Credentials ...)
-   TODO: check
+   NOT-FOR-US: PureVPN client for Windows
 CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with 
UEFI ...)
- linux 
TODO: check, this should be very Ubuntu specific, but it is introduced 
with the out-of-tree patch from the Lockdown patchset  
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef
 and so possibly affect our kernel as well in some way.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/22dcf442f0b26fdeeff5067c694fa444cd14b58c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/22dcf442f0b26fdeeff5067c694fa444cd14b58c
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-26 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87b731a3 by Salvatore Bonaccorso at 2018-10-26T09:00:54Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -2,7 +2,7 @@ CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and 
when booted with U
- linux 
TODO: check, this should be very Ubuntu specific, but it is introduced 
with the out-of-tree patch from the Lockdown patchset  
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef
 and so possibly affect our kernel as well in some way.
 CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup 
Appliance ...)
-   TODO: check
+   NOT-FOR-US: Veritas NetBackup Appliance
 CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a 
user's ...)
- prayer  (bug #911842)
 CVE-2018-18654 (Crossroads 2.81 does not properly handle the /tmp directory 
during a ...)
@@ -422,7 +422,7 @@ CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) 
issues in LibreNMS before
 CVE-2018-18477
RESERVED
 CVE-2018-18476 (mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection 
because it ...)
-   TODO: check
+   NOT-FOR-US: mysql-binuuid-rails
 CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows 
...)
NOT-FOR-US: Zoho
 CVE-2018-18474
@@ -1943,7 +1943,7 @@ CVE-2018-17906
 CVE-2018-17905
RESERVED
 CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This 
...)
-   TODO: check
+   NOT-FOR-US: Reliance 4 SCADA/HMI
 CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are 
vulnerable to ...)
NOT-FOR-US: SAGA1-L8B
 CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/87b731a313c653596f3da423648bac405e026459

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/87b731a313c653596f3da423648bac405e026459
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-23 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
de44aafe by Salvatore Bonaccorso at 2018-10-23T20:20:38Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,7 @@
 CVE-2018-18627
RESERVED
 CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a 
vulnerability that ...)
-   TODO: check
+   NOT-FOR-US: PHPYun
 CVE-2018-18625
RESERVED
 CVE-2018-18624
@@ -9,7 +9,7 @@ CVE-2018-18624
 CVE-2018-18623
RESERVED
 CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is 
XSS via ...)
-   TODO: check
+   NOT-FOR-US: Waimai Super Cms
 CVE-2018-18621
RESERVED
 CVE-2018-18620
@@ -37,7 +37,7 @@ CVE-2018-18610
 CVE-2018-18609
RESERVED
 CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList 
defined ...)
-   TODO: check
+   NOT-FOR-US: DedeCMS
 CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in 
the ...)
TODO: check
 CVE-2018-18606 (An issue was discovered in the merge_strings function in 
merge.c in the ...)
@@ -47,7 +47,7 @@ CVE-2018-18605 (A heap-based buffer over-read issue was 
discovered in the functi
 CVE-2018-18604
RESERVED
 CVE-2018-18603 (360 Total Security 3.5.0.1033 allows a Sandbox Escape via an 
import ...)
-   TODO: check
+   NOT-FOR-US: 360 Total Security
 CVE-2018-18602
RESERVED
 CVE-2018-18601
@@ -75,11 +75,11 @@ CVE-2018-18591
 CVE-2018-18590
RESERVED
 CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has 
been ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus
 CVE-2018-18588
RESERVED
 CVE-2018-18587 (BigProf AppGini 5.70 stores the passwords in the database 
using the MD5 ...)
-   TODO: check
+   NOT-FOR-US: BigProf AppGini
 CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a 
heap-based ...)
TODO: check
 CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a 
heap-based ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de44aafe6d57e7529214b3fb9607c625e76a91f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/de44aafe6d57e7529214b3fb9607c625e76a91f9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-23 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3077bbaa by Salvatore Bonaccorso at 2018-10-23T08:15:11Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,9 +7,9 @@ CVE-2018-18581 (An issue has been found in LuPng through 
2017-03-10. It is a hea
 CVE-2018-18580
RESERVED
 CVE-2018-18579 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php 
folder ...)
-   TODO: check
+   NOT-FOR-US: DedeCMS
 CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type 
parameter. ...)
-   TODO: check
+   NOT-FOR-US: DedeCMS
 CVE-2018-18577
RESERVED
 CVE-2018-18576
@@ -13317,9 +13317,9 @@ CVE-2018-13117
 CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the 
tablename ...)
NOT-FOR-US: zzcms
 CVE-2018-13115 (Lack of an authentication mechanism in KERUI Wifi Endoscope 
Camera ...)
-   TODO: check
+   NOT-FOR-US: KERUI Wifi Endoscope Camera
 CVE-2018-13114 (Missing authentication and improper input validation in KERUI 
Wifi ...)
-   TODO: check
+   NOT-FOR-US: KERUI Wifi Endoscope Camera
 CVE-2018-13113 (The transfer and transferFrom functions of a smart contract 
...)
NOT-FOR-US: smart contract implementation for Easy Trading Token and 
Ethereum token
 CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows 
remote ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3077bbaa9ec3174d549e083e9a8aa9834c9067e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3077bbaa9ec3174d549e083e9a8aa9834c9067e8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-22 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e4bf7a4 by Salvatore Bonaccorso at 2018-10-22T20:29:02Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7057,9 +7057,9 @@ CVE-2018-15706
 CVE-2018-15705
RESERVED
 CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack 
buffer ...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess
 CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple 
...)
-   TODO: check
+   NOT-FOR-US: Advantech WebAccess
 CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is 
...)
NOT-FOR-US: TP-Link
 CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is 
...)
@@ -15794,7 +15794,7 @@ CVE-2018-12247 (An issue was discovered in mruby 1.4.1. 
There is a NULL pointer
NOTE: Fixed by: 
https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2
NOTE: https://github.com/mruby/mruby/issues/4036
 CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is 
susceptible to a ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2018-12245
RESERVED
 CVE-2018-12244
@@ -44924,7 +44924,7 @@ CVE-2018-1852
 CVE-2018-1851
RESERVED
 CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 
9.0.5.0 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1849
RESERVED
 CVE-2018-1848



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e4bf7a40b5307ce4a11f8a109dad4386c7028a3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e4bf7a40b5307ce4a11f8a109dad4386c7028a3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-20 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
172dabaf by Salvatore Bonaccorso at 2018-10-20T08:53:57Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,11 +13,11 @@ CVE-2018-18533
 CVE-2018-18532
RESERVED
 CVE-2018-18531 (text/impl/DefaultTextCreator.java, 
text/impl/ChineseTextProducer.java, ...)
-   TODO: check
+   NOT-FOR-US: kaptcha
 CVE-2018-18530 (ThinkPHP 5.1.25 has SQL Injection via the count parameter 
because the ...)
-   TODO: check
+   NOT-FOR-US: ThinkPHP
 CVE-2018-18529 (ThinkPHP 3.2.4 has SQL Injection via the count parameter 
because the ...)
-   TODO: check
+   NOT-FOR-US: ThinkPHP
 CVE-2018-18528
RESERVED
 CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId 
or ...)
@@ -273,7 +273,7 @@ CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. 
admin\setting.inc.ph
 CVE-2018-18429
RESERVED
 CVE-2018-18428 (TP-Link TL-SC3130 1.6.18P12_121101 devices allow 
unauthenticated RTSP ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id 
parameter ...)
NOT-FOR-US: s-cms
 CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP 
code by ...)
@@ -289,15 +289,15 @@ CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a 
user account via the .
 CVE-2018-18421
RESERVED
 CVE-2018-18420 (Cross-Site Request Forgery (CSRF) vulnerability was discovered 
in the ...)
-   TODO: check
+   NOT-FOR-US: Zenario Content Management System
 CVE-2018-18419 (Stored XSS has been discovered in the upload section of 
ARDAWAN.COM ...)
-   TODO: check
+   NOT-FOR-US: ARDAWAN.COM User Management
 CVE-2018-18418
RESERVED
 CVE-2018-18417 (In the 3.1 version of Ekushey Project Manager CRM, Stored XSS 
has been ...)
-   TODO: check
+   NOT-FOR-US: Ekushey Project Manager CRM
 CVE-2018-18416 (LANGO Codeigniter Multilingual Script 1.0 has XSS in the input 
and ...)
-   TODO: check
+   NOT-FOR-US: LANGO Codeigniter Multilingual Scrip
 CVE-2018-18415
RESERVED
 CVE-2018-18414
@@ -385,7 +385,7 @@ CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code 
Execution via PHP code in a
 CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in 
...)
NOT-FOR-US: Z-BlogPHP
 CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree. admin.php 
accepts ...)
-   TODO: check
+   NOT-FOR-US: Bigtree CMS
 CVE-2018-18379
RESERVED
 CVE-2018-18378



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/172dabaf348fa9cfc08af5ab8029b7857025ea63

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/172dabaf348fa9cfc08af5ab8029b7857025ea63
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-19 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8fc103a by Salvatore Bonaccorso at 2018-10-19T21:35:20Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,7 @@
 CVE-2018-18528
RESERVED
 CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId 
or ...)
-   TODO: check
+   NOT-FOR-US: OwnTicket
 CVE-2018-18526
RESERVED
 CVE-2018-18525
@@ -313,19 +313,19 @@ CVE-2018-18398
 CVE-2018-18397
RESERVED
 CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and 
Device ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device 
...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro 
IIoT ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and 
Device ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa 
ThingsPro IIoT ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and 
Device ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device 
Management ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database 
Server ...)
NOT-FOR-US: Neo4J server
 CVE-2018-18388
@@ -7841,15 +7841,15 @@ CVE-2018-15318
 CVE-2018-15317
RESERVED
 CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, 
and/or Edge ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a 
reflected ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is 
a ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is 
a ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected 
...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 
11.6.0-11.6.3.2, or ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, ...)
@@ -13875,27 +13875,27 @@ CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and 
earlier have a security bypass
 CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an 
out-of-bounds read ...)
NOT-FOR-US: Adobe
 CVE-2018-12823 (Adobe Digital Editions versions 4.5.8 and below have a heap 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12822 (Adobe Digital Editions versions 4.5.8 and below have an use 
after free ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12821 (Adobe Digital Editions versions 4.5.8 and below have an out of 
bounds ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12820 (Adobe Digital Editions versions 4.5.8 and below have an out of 
bounds ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12819 (Adobe Digital Editions versions 4.5.8 and below have an out of 
bounds ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12818 (Adobe Digital Editions versions 4.5.8 and below have an out of 
bounds ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12817
RESERVED
 CVE-2018-12816 (Adobe Digital Editions versions 4.5.8 and below have an out of 
bounds ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
NOT-FOR-US: Adobe
 CVE-2018-12814 (Adobe Digital Editions versions 4.5.8 and below have a heap 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12813 (Adobe Digital Editions versions 4.5.8 and below have a heap 
overflow ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 
2017.011.30079 and ...)
NOT-FOR-US: Adobe
 CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 
before ...)
@@ -18740,9 +18740,9 @@ CVE-2018-11082 (Cloud Foundry UAA, all versions prior 
to 4.20.0 and Cloud Foundr
 CVE-2018-11081 (Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 
2.1.x prior ...)
NOT-FOR-US: Pivotal
 CVE-2018-11080 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, 
...)
-   TODO: check
+   NOT-FOR-US: EMC Secure Remote Services
 CVE-2018-11079 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, 
...)
-  

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-19 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
34f3435f by Salvatore Bonaccorso at 2018-10-19T10:25:37Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3,13 +3,13 @@ CVE-2018-18490
 CVE-2018-18489
RESERVED
 CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL 
Injection ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms
 CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the 
database ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms
 CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists 
via the ...)
-   TODO: check
+   NOT-FOR-US: PHPSHE
 CVE-2018-18485 (An issue was discovered in PHPSHE 1.7. 
admin.php?mod=dbact=del allows ...)
-   TODO: check
+   NOT-FOR-US: PHPSHE
 CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
TODO: check
 CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as 
distributed ...)
@@ -1393,7 +1393,7 @@ CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak 
vulnerability in WriteSGI
- imagemagick  (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
 CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
-   TODO: check
+   NOT-FOR-US: Aryanic HighPortal
 CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet 
sizes ...)
- qemu 
- qemu-kvm 
@@ -6114,21 +6114,21 @@ CVE-2018-15978
 CVE-2018-15977
RESERVED
 CVE-2018-15976 (Adobe Technical Communications Suite versions 1.0.5.1 and 
below have ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15975
RESERVED
 CVE-2018-15974 (Adobe Framemaker versions 1.0.5.1 and below have an insecure 
library ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15973 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15972 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15971 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15970 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15969 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
NOT-FOR-US: Adobe
 CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a 
privilege ...)
@@ -6693,7 +6693,7 @@ CVE-2018-15767
 CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell 
Endpoint ...)
NOT-FOR-US: Dell
 CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, 
...)
-   TODO: check
+   NOT-FOR-US: EMC Secure Remote Services
 CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a 
remote ...)
NOT-FOR-US: EMC ESRS Policy Manager
 CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains 
an ...)
@@ -7011,7 +7011,7 @@ CVE-2018-15618
 CVE-2018-15617
RESERVED
 CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System 
Platform ...)
-   TODO: check
+   NOT-FOR-US: Avaya Aura System Platform
 CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call 
Management ...)
NOT-FOR-US: Avaya
 CVE-2018-15614
@@ -7394,7 +7394,7 @@ CVE-2018-15494 (In Dojo Toolkit before 1.14, there is 
unescaped string injection
- dojo 1.14.1+dfsg1-1 (bug #906540)
NOTE: https://github.com/dojo/dojox/pull/283
 CVE-2018-15493 (vBulletin 5.4.3 has an Open Redirect. ...)
-   TODO: check
+   NOT-FOR-US: vBulletin
 CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel 
License ...)
NOT-FOR-US: Sentinel License Manager
 CVE-2018-15491 (A vulnerability in the permission and encryption 
implementation of ...)
@@ -7497,13 +7497,13 @@ CVE-2018-15440
 CVE-2018-15439
RESERVED
 CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco 
Prime ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-15437
RESERVED
 CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco 
Webex ...)
NOT-FOR-US: Cisco
 CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-15434 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
NOT-FOR-US: Cisco
 CVE-2018-15433 (A vulnerability in the server backup function of 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5773f557 by Salvatore Bonaccorso at 2018-10-16T10:47:46Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2018-18383
RESERVED
 CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in 
a .php ...)
-   TODO: check
+   NOT-FOR-US: Advanced HRM
 CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in 
...)
-   TODO: check
+   NOT-FOR-US: Z-BlogPHP
 CVE-2018-18380
RESERVED
 CVE-2018-18379
@@ -11,13 +11,13 @@ CVE-2018-18379
 CVE-2018-18378
RESERVED
 CVE-2018-18377 (goform/setReset on Orange AirBox Y858_FL_01.16_04 devices 
allows ...)
-   TODO: check
+   NOT-FOR-US: Orange AirBox Y858_FL_01.16_04 devices
 CVE-2018-18376 (goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 
allows ...)
-   TODO: check
+   NOT-FOR-US: Orange AirBox
 CVE-2018-18375 (goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows 
...)
-   TODO: check
+   NOT-FOR-US: Orange AirBox
 CVE-2018-18374 (XSS exists in the MetInfo 6.1.2 admin/index.php page via the 
anyid ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-18373
RESERVED
 CVE-2018-18372



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5773f557a803a957e5df6857b49ee6dc364f1402

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5773f557a803a957e5df6857b49ee6dc364f1402
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cbba6172 by Salvatore Bonaccorso at 2018-10-15T20:34:18Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19,7 +19,7 @@ CVE-2018-18363
 CVE-2018-18362
RESERVED
 CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. ...)
-   TODO: check
+   NOT-FOR-US: nc-cms
 CVE-2018-18360
RESERVED
 CVE-2018-18359
@@ -227,9 +227,9 @@ CVE-2018-18262
 CVE-2018-18261
RESERVED
 CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been 
discovered. ...)
-   TODO: check
+   NOT-FOR-US: Camaleon CMS
 CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA 
CMS ...)
-   TODO: check
+   NOT-FOR-US: LUYA CMS
 CVE-2018-18258 (An issue was discovered in BageCMS 3.1.3. The attacker can 
execute ...)
NOT-FOR-US: BageCMS
 CVE-2018-18257 (An issue was discovered in BageCMS 3.1.3. An attacker can 
delete any ...)
@@ -2033,11 +2033,11 @@ CVE-2018-17536 [Persistent XSS merge request project 
import]
 CVE-2018-17535
RESERVED
 CVE-2018-17534 (Teltonika RUT9XX routers with firmware before 00.04.233 
provide a root ...)
-   TODO: check
+   NOT-FOR-US: Teltonika RUT9XX routers
 CVE-2018-17533 (Teltonika RUT9XX routers with firmware before 00.05.01.1 are 
prone to ...)
-   TODO: check
+   NOT-FOR-US: Teltonika RUT9XX routers
 CVE-2018-17532 (Teltonika RUT9XX routers with firmware before 00.04.233 are 
prone to ...)
-   TODO: check
+   NOT-FOR-US: Teltonika RUT9XX routers
 CVE-2018-17531
RESERVED
 CVE-2018-17530
@@ -38188,17 +38188,17 @@ CVE-2018-3999 (An exploitable stack-based buffer 
overflow vulnerability exists i
 CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists 
in the ...)
TODO: check
 CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's PDF Reader
 CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's PDF Reader
 CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's PDF Reader
 CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's PDF Reader
 CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's PDF Reader
 CVE-2018-3991
RESERVED
 CVE-2018-3990
@@ -38250,25 +38250,25 @@ CVE-2018-3968
 CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
TODO: check
 CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3964 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3963
RESERVED
 CVE-2018-3962 (A use-after-free vulnerability exists in the JavaScript engine 
of ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3961 (A use-after-free vulnerability exists in the JavaScript engine 
of ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3960 (A use-after-free vulnerability exists in the JavaScript engine 
of ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3959 (A use-after-free vulnerability exists in the JavaScript engine 
of ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3958 (A use-after-free vulnerability exists in the JavaScript engine 
of ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine 
of ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3956
RESERVED
 CVE-2018-3955
@@ -38290,19 +38290,19 @@ CVE-2018-3948
 CVE-2018-3947
RESERVED
 CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   TODO: check
+   NOT-FOR-US: Foxit Software's Foxit PDF Reader
 CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
-   

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cdf70cc1 by Salvatore Bonaccorso at 2018-10-15T08:15:44Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -3,21 +3,21 @@ CVE-2018-18326
 CVE-2018-18325
RESERVED
 CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has 
XSS via ...)
-   TODO: check
+   NOT-FOR-US: CentOS Web Panel
 CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has 
Local File ...)
-   TODO: check
+   NOT-FOR-US: CentOS Web Panel
 CVE-2018-18322 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has 
Command ...)
-   TODO: check
+   NOT-FOR-US: CentOS Web Panel
 CVE-2018-18321
RESERVED
 CVE-2018-18320 (** DISPUTED ** An issue was discovered in the Merlin.PHP 
component ...)
-   TODO: check
+   NOT-FOR-US: Merlin.PHP component for Asuswrt-Merlin devices
 CVE-2018-18319 (** DISPUTED ** An issue was discovered in the Merlin.PHP 
component ...)
-   TODO: check
+   NOT-FOR-US: Merlin.PHP component for Asuswrt-Merlin devices
 CVE-2018-18318 (The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 
Phone N6 ...)
TODO: check
 CVE-2018-18317 (DESHANG DSCMS 1.1 has CSRF via the ...)
-   TODO: check
+   NOT-FOR-US: DESHANG DSCMS
 CVE-2018-18316 (emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. 
...)
TODO: check
 CVE-2018-18315 (com/mossle/cdn/CdnController.java in lemon 1.9.0 allows 
attackers to ...)
@@ -59,7 +59,7 @@ CVE-2018-18298
 CVE-2018-18297
RESERVED
 CVE-2018-18296 (MetInfo 6.1.2 has XSS via the /admin/index.php bigclass 
parameter in an ...)
-   TODO: check
+   NOT-FOR-US: MetInfo
 CVE-2018-18295
RESERVED
 CVE-2018-18294
@@ -69,7 +69,7 @@ CVE-2018-18293
 CVE-2018-18292
RESERVED
 CVE-2018-18291 (A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 
...)
-   TODO: check
+   NOT-FOR-US: ASUS RT-AC58U devices
 CVE-2018-18290 (An issue was discovered in nc-cms through 2017-03-10. ...)
TODO: check
 CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian 
Confluence allows ...)
@@ -77,7 +77,7 @@ CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for 
Atlassian Confluence
 CVE-2018-18288
RESERVED
 CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers 
can ...)
-   TODO: check
+   NOT-FOR-US: ASUS RT-AC58U devices
 CVE-2018-18286
RESERVED
 CVE-2018-18285



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdf70cc16d3e952c0abccdba70144657aa280bf9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cdf70cc16d3e952c0abccdba70144657aa280bf9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-12 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d2bd75f by Salvatore Bonaccorso at 2018-10-12T20:22:52Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2018-18272
RESERVED
 CVE-2018-18271 (XSS exists in CMS Made Simple version 2.2.7 via the m1_extra 
parameter ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-18270 (XSS exists in CMS Made Simple version 2.2.7 via the 
m1_news_url ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-18269
RESERVED
 CVE-2018-18268
@@ -1028,35 +1028,35 @@ CVE-2018-17904
 CVE-2018-17903
RESERVED
 CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
-   TODO: check
+   NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17901
RESERVED
 CVE-2018-17900 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
-   TODO: check
+   NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17899
RESERVED
 CVE-2018-17898 (Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, 
All ...)
-   TODO: check
+   NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17897
RESERVED
 CVE-2018-17896 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, 
All ...)
-   TODO: check
+   NOT-FOR-US: Yokogawa STARDOM Controllers
 CVE-2018-17895
RESERVED
 CVE-2018-17894 (NUUO CMS all versions 3.1 and prior, The application creates 
default ...)
-   TODO: check
+   NOT-FOR-US: NUUO CMS
 CVE-2018-17893
RESERVED
 CVE-2018-17892 (NUUO CMS all versions 3.1 and prior, The application 
implements a ...)
-   TODO: check
+   NOT-FOR-US: NUUO CMS
 CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior 
running ...)
NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
 CVE-2018-17890 (NUUO CMS all versions 3.1 and prior, The application uses 
insecure and ...)
-   TODO: check
+   NOT-FOR-US: NUUO CMS
 CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and 
prior ...)
NOT-FOR-US: PI Studio HMI
 CVE-2018-17888 (NUUO CMS all versions 3.1 and prior, The application uses a 
session ...)
-   TODO: check
+   NOT-FOR-US: NUUO CMS
 CVE-2018-17887
RESERVED
 CVE-2018-17886 (An issue was discovered in JEESNS 1.3. The XSS filter in ...)
@@ -5565,11 +5565,11 @@ CVE-2018-15970
 CVE-2018-15969
RESERVED
 CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a 
privilege ...)
NOT-FOR-US: Adobe
 CVE-2018-15966 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15965 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), 
Update 6 ...)
NOT-FOR-US: Adobe
 CVE-2018-15964 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), 
Update 6 ...)
@@ -5589,79 +5589,79 @@ CVE-2018-15958 (Adobe ColdFusion versions July 12 
release (2018.0.0.310739), Upd
 CVE-2018-15957 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), 
Update 6 ...)
NOT-FOR-US: Adobe
 CVE-2018-15956 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15955 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15954 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15953 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15952 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15951 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15950 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15949 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15948 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15947 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15946 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-15945 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-12 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
32852054 by Salvatore Bonaccorso at 2018-10-12T08:52:19Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,9 +13,9 @@ CVE-2018-18260
 CVE-2018-18259
RESERVED
 CVE-2018-18258 (An issue was discovered in BageCMS 3.1.3. The attacker can 
execute ...)
-   TODO: check
+   NOT-FOR-US: BageCMS
 CVE-2018-18257 (An issue was discovered in BageCMS 3.1.3. An attacker can 
delete any ...)
-   TODO: check
+   NOT-FOR-US: BageCMS
 CVE-2018-18256
RESERVED
 CVE-2018-18255
@@ -215,7 +215,7 @@ CVE-2018-18244
 CVE-2018-18243
RESERVED
 CVE-2018-18242 (youke365 v1.1.5 has SQL injection via admin/login.html, as 
demonstrated ...)
-   TODO: check
+   NOT-FOR-US: youke365
 CVE-2018-18241
RESERVED
 CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a 
command to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/32852054e08c36e68e1be7b1cfb671f5b7fa1dd7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/32852054e08c36e68e1be7b1cfb671f5b7fa1dd7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-05 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b49643f by Salvatore Bonaccorso at 2018-10-05T08:31:54Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -33,13 +33,13 @@ CVE-2018-17988
 CVE-2018-17987
RESERVED
 CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the 
password ...)
-   TODO: check
+   NOT-FOR-US: razorCMS
 CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as 
...)
- binutils 
[stretch] - binutils  (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
 CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig 
before 3.1.13 ...)
-   TODO: check
+   NOT-FOR-US: ISPConfig
 CVE-2018-17982
RESERVED
 CVE-2018-17981
@@ -47,13 +47,13 @@ CVE-2018-17981
 CVE-2018-17980
RESERVED
 CVE-2015-9272 (The videowhisper-video-presentation plugin 3.31.17 for 
WordPress allows ...)
-   TODO: check
+   NOT-FOR-US: videowhisper-video-presentation plugin for WordPress
 CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a 
five-character ...)
-   TODO: check
+   NOT-FOR-US: wp-db-backup plugin WordPress
 CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection 
via the ...)
TODO: check
 CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require ...)
-   TODO: check
+   NOT-FOR-US: Ice Cold Apps Servers Ultimate
 CVE-2018-17983 (cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds 
read ...)
- mercurial 4.7.2-1
[jessie] - mercurial  (Vulnerable code not present)
@@ -244,7 +244,7 @@ CVE-2018-17893
 CVE-2018-17892
RESERVED
 CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior 
running ...)
-   TODO: check
+   NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
 CVE-2018-17890
RESERVED
 CVE-2018-17889
@@ -339,7 +339,7 @@ CVE-2018-17851
 CVE-2018-17850
REJECTED
 CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka 
File ...)
-   TODO: check
+   NOT-FOR-US: Navigate CMS
 CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go 
mishandles ...)
TODO: check
 CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go 
mishandles ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b49643f5b23ef5fc0aec0a26226edd54c3dc46a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0b49643f5b23ef5fc0aec0a26226edd54c3dc46a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-04 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d82bcf88 by Salvatore Bonaccorso at 2018-10-04T20:23:32Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -33203,7 +33203,7 @@ CVE-2018-5494
 CVE-2018-5493
RESERVED
 CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and 
later ...)
-   TODO: check
+   NOT-FOR-US: NetApp
 CVE-2018-5491
RESERVED
 CVE-2018-5490 (Read-Only export policy rules are not correctly enforced in 
Clustered ...)
@@ -43145,7 +43145,7 @@ CVE-2018-1821
 CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to 
cross-site ...)
NOT-FOR-US: IBM
 CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1818
RESERVED
 CVE-2018-1817
@@ -43443,7 +43443,7 @@ CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 
9.0 may fail to set the .
 CVE-2018-1671
RESERVED
 CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for 
Multi-Platform ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 
7.5.0.0 ...)
NOT-FOR-US: IBM
 CVE-2018-1668
@@ -43575,11 +43575,11 @@ CVE-2018-1606
 CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 
through ...)
NOT-FOR-US: IBM
 CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 
through ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1603 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 
through ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1602 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 
through ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 
through ...)
NOT-FOR-US: IBM
 CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d82bcf881e7382c8e4af0cab1a58c9a7c74f60f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d82bcf881e7382c8e4af0cab1a58c9a7c74f60f0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-02 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0a5e1bc3 by Salvatore Bonaccorso at 2018-10-02T08:35:52Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -15,7 +15,7 @@ CVE-2018-17876
 CVE-2018-17875
RESERVED
 CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
-   TODO: check
+   NOT-FOR-US: ExpressionEngine
 CVE-2018-17873
RESERVED
 CVE-2018-17872
@@ -23,13 +23,13 @@ CVE-2018-17872
 CVE-2018-17871
RESERVED
 CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The 
returnto ...)
-   TODO: check
+   NOT-FOR-US: BTITeam XBTIT
 CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection 
mechanism. ...)
-   TODO: check
+   NOT-FOR-US: DASAN H660GW devices
 CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding 
...)
-   TODO: check
+   NOT-FOR-US: DASAN H660GW devices
 CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices 
allows remote ...)
-   TODO: check
+   NOT-FOR-US: DASAN H660GW device
 CVE-2018-17866
RESERVED
 CVE-2018-17865
@@ -55,9 +55,9 @@ CVE-2018-17856
 CVE-2018-17855
RESERVED
 CVE-2015-9270 (XSS exists in the the-holiday-calendar plugin before 1.11.3 for 
...)
-   TODO: check
+   NOT-FOR-US: the-holiday-calendar plugin for WordPress
 CVE-2015-9269 (The export/content.php exportarticle feature in the ...)
-   TODO: check
+   NOT-FOR-US: wordpress-mobile-pack plugin for WordPress
 CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a 
denial of ...)
NOT-FOR-US: SIMDComp
 CVE-2018-17853



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a5e1bc377cb21adac76fb591e99add7a26e40ce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0a5e1bc377cb21adac76fb591e99add7a26e40ce
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-10-01 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3227ffc3 by Salvatore Bonaccorso at 2018-10-01T08:14:42Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -111,11 +111,11 @@ CVE-2018-17800
 CVE-2018-17799
RESERVED
 CVE-2018-17798 (An issue was discovered in zzcms 8.3. user/ztconfig.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. 
The ...)
-   TODO: check
+   NOT-FOR-US: MRCMS
 CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 
allows remote ...)
TODO: check
 CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as 
distributed ...)
@@ -143,7 +143,7 @@ CVE-2018-17787
 CVE-2018-17786
RESERVED
 CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal 
exists via ...)
-   TODO: check
+   NOT-FOR-US: blynk-server in Blynk
 CVE-2018-17784
RESERVED
 CVE-2018-17783
@@ -1323,11 +1323,11 @@ CVE-2018-17220
 CVE-2018-17219
RESERVED
 CVE-2018-17218 (An issue was discovered in PTC ThingWorx Platform 6.5 through 
8.2. ...)
-   TODO: check
+   NOT-FOR-US: PTC ThingWorx Platform
 CVE-2018-17217 (An issue was discovered in PTC ThingWorx Platform 6.5 through 
8.2. ...)
-   TODO: check
+   NOT-FOR-US: PTC ThingWorx Platform
 CVE-2018-17216 (An issue was discovered in PTC ThingWorx Platform 6.5 through 
8.2. ...)
-   TODO: check
+   NOT-FOR-US: PTC ThingWorx Platform
 CVE-2018-17215 (An information-disclosure issue was discovered in Postman 
through ...)
TODO: check
 CVE-2018-17214



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3227ffc37188d863d79f1de1ca2bc69877c410de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3227ffc37188d863d79f1de1ca2bc69877c410de
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-30 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
baa7cd42 by Salvatore Bonaccorso at 2018-09-30T08:43:07Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5,7 +5,7 @@ CVE-2018-17783
 CVE-2018-17782
RESERVED
 CVE-2018-17781 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Foxit
 CVE-2018-17780 (Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 
WP8.1 on ...)
TODO: check
 CVE-2018-17779
@@ -15,7 +15,7 @@ CVE-2018-17778
 CVE-2018-1
RESERVED
 CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has Everyone: (F) 
permission for ...)
-   TODO: check
+   NOT-FOR-US: PCProtect Anti-Virus
 CVE-2018-17775
RESERVED
 CVE-2018-17774
@@ -417,15 +417,15 @@ CVE-2018-17577
 CVE-2018-17576
RESERVED
 CVE-2018-17575 (SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the ...)
-   TODO: check
+   NOT-FOR-US: SWA SWA.JACAD
 CVE-2018-17574 (An issue was discovered in YMFE YApi 1.3.23. There is stored 
XSS in the ...)
-   TODO: check
+   NOT-FOR-US: YMFE YApi
 CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload 
of ...)
-   TODO: check
+   NOT-FOR-US: Wp-Insert plugin for WordPress
 CVE-2018-17572
RESERVED
 CVE-2018-17571 (Vanilla before 2.6.1 allows XSS via the email field of a 
profile. ...)
-   TODO: check
+   NOT-FOR-US: Vanilla
 CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 
has an ...)
NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 
has an ...)
@@ -435,7 +435,7 @@ CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server 
before 2018-08-21 has a
 CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 
3.8.3 ...)
TODO: check
 CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for 
SQL ...)
-   TODO: check
+   NOT-FOR-US: ThinkPHP
 CVE-2018-17565
RESERVED
 CVE-2018-17564
@@ -749,7 +749,7 @@ CVE-2018-17413
 CVE-2018-17412
RESERVED
 CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data 
Quality ...)
-   TODO: check
+   NOT-FOR-US: iWay Data Quality Suite Web Console
 CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request 
to the ...)
NOT-FOR-US: Horus CMS
 CVE-2018-17409
@@ -775,19 +775,19 @@ CVE-2018-17399
 CVE-2018-17398
RESERVED
 CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 
component for ...)
-   TODO: check
+   NOT-FOR-US: AlphaIndex Dictionaries component for Joomla!
 CVE-2018-17396
RESERVED
 CVE-2018-17395
RESERVED
 CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component 
for ...)
-   TODO: check
+   NOT-FOR-US: Timetable Schedule component for Joomla!
 CVE-2018-17393
RESERVED
 CVE-2018-17392
RESERVED
 CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 
1.0 via ...)
-   TODO: check
+   NOT-FOR-US: Super Cms Blog Pro
 CVE-2018-17390
RESERVED
 CVE-2018-17389
@@ -799,27 +799,27 @@ CVE-2018-17387
 CVE-2018-17386
RESERVED
 CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Social Factory component for Joomla!
 CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Swap Factory component for Joomla!
 CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component 
for ...)
-   TODO: check
+   NOT-FOR-US: Collection Factory component for Joomla!
 CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Jobs Factory component for Joomla!
 CVE-2018-17381
RESERVED
 CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 
component ...)
-   TODO: check
+   NOT-FOR-US: Article Factory Manager component for Joomla!
 CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for 
Joomla! ...)
-   TODO: check
+   NOT-FOR-US: Raffle Factory component for Joomla!
 CVE-2018-17378 (SQL Injection exists in the Penny Auction Factory 2.0.4 
component for ...)
-   TODO: check
+   NOT-FOR-US: Penny Auction Factory component for Joomla!
 CVE-2018-17377 (SQL Injection exists in the Questions 1.4.3 component for 
Joomla! via ...)
-   TODO: check
+   NOT-FOR-US: Questions component for Joomla!
 CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 
component ...)
-   TODO: check
+   NOT-FOR-US: Reverse Auction Factory component for Joomla!
 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-28 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3955652e by Salvatore Bonaccorso at 2018-09-28T22:08:43Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -305,15 +305,15 @@ CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 
alpha, when Use pro
 CVE-2018-17612
RESERVED
 CVE-2018-17611 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Foxit
 CVE-2018-17610 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Foxit
 CVE-2018-17609 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Foxit
 CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Foxit
 CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers 
to ...)
-   TODO: check
+   NOT-FOR-US: Foxit
 CVE-2018-17606
RESERVED
 CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before 
3.0.4 for ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3955652e8cf6114eecc965181ae486da76467c39

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3955652e8cf6114eecc965181ae486da76467c39
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-27 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf36d301 by Salvatore Bonaccorso at 2018-09-27T09:07:53Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 
has an ...)
-   TODO: check
+   NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 
has an ...)
-   TODO: check
+   NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has 
an ...)
-   TODO: check
+   NOT-FOR-US: ViaBTC Exchange Server
 CVE-2018-17567
RESERVED
 CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for 
SQL ...)
@@ -27,9 +27,9 @@ CVE-2018-17558
 CVE-2018-17557
RESERVED
 CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New 
Media ...)
-   TODO: check
+   NOT-FOR-US: MODX Revolution
 CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: ARRIS TG2492LG-NA 061213 devices
 CVE-2018-17554
RESERVED
 CVE-2018-17553
@@ -323,7 +323,7 @@ CVE-2018-17412
 CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data 
Quality ...)
TODO: check
 CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request 
to the ...)
-   TODO: check
+   NOT-FOR-US: Horus CMS
 CVE-2018-17409
RESERVED
 CVE-2018-17408
@@ -411,7 +411,7 @@ CVE-2018-17367
 CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF 
vulnerability ...)
NOT-FOR-US: MCMS
 CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files 
via the ...)
-   TODO: check
+   NOT-FOR-US: SeaCMS
 CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP 
code via ...)
NOT-FOR-US: OTCMS
 CVE-2018-17363
@@ -523,21 +523,21 @@ CVE-2018-17318
 CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote 
attackers ...)
NOT-FOR-US: FruityWifi
 CVE-2018-17316 (On the RICOH MP C6003 printer, HTML Injection and Stored XSS 
...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C6003 printer
 CVE-2018-17315 (On the RICOH MP C2003 printer, HTML Injection and Stored XSS 
...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C2003 printer
 CVE-2018-17314 (On the RICOH Aficio MP 305+ printer, HTML Injection and Stored 
XSS ...)
-   TODO: check
+   NOT-FOR-US: RICOH Aficio MP 305+ printer
 CVE-2018-17313 (On the RICOH MP C307 printer, HTML Injection and Stored XSS 
...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C307 printer
 CVE-2018-17312 (On the RICOH Aficio MP 301 printer, HTML Injection and Stored 
XSS ...)
-   TODO: check
+   NOT-FOR-US: RICOH Aficio MP 301 printer
 CVE-2018-17311 (On the RICOH MP C6503 Plus printer, HTML Injection and Stored 
XSS ...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C6503 Plus printer
 CVE-2018-17310 (On the RICOH MP C1803 JPN printer, HTML Injection and Stored 
XSS ...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C1803 JPN printer
 CVE-2018-17309 (On the RICOH MP C406Z printer, HTML Injection and Stored XSS 
...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C406Z printer
 CVE-2018-17308
RESERVED
 CVE-2018-17307
@@ -1080,7 +1080,7 @@ CVE-2018-17082 (The Apache2 component in PHP before 
5.6.38, 7.0.x before 7.0.32,
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76582
NOTE: 
https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
 CVE-2018-17081 (e107 2.1.9 allows CSRF via ...)
-   TODO: check
+   NOT-FOR-US: e107
 CVE-2018-17080
RESERVED
 CVE-2018-17079
@@ -1320,9 +1320,9 @@ CVE-2018-16971 (Wisetail Learning Ecosystem (LE) through 
v4.11.6 allows insecure
 CVE-2018-16970 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows 
insecure direct ...)
NOT-FOR-US: Wisetail Learning Ecosystem
 CVE-2018-16969 (Citrix ShareFile StorageZones Controller before 5.4.2 has 
Information ...)
-   TODO: check
+   NOT-FOR-US: Citrix ShareFile StorageZones Controller
 CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows 
Directory ...)
-   TODO: check
+   NOT-FOR-US: Citrix ShareFile StorageZones Controller
 CVE-2018-16967
RESERVED
 CVE-2018-16966
@@ -1911,11 +1911,11 @@ CVE-2018-16715 (An issue was discovered in Absolute 
Software CTES Windows Agent
 CVE-2018-16714
RESERVED
 CVE-2018-16713 (IObit Advanced SystemCare, which includes 
Monitor_win10_x64.sys or ...)
-   TODO: check
+   NOT-FOR-US: IObit Advanced SystemCare
 CVE-2018-16712 (IObit Advanced SystemCare, which includes 
Monitor_win10_x64.sys or ...)
-   TODO: check
+   

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-26 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b1ab2c0 by Salvatore Bonaccorso at 2018-09-26T20:24:08Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29,7 +29,7 @@ CVE-2018-17540
 CVE-2018-17539
RESERVED
 CVE-2018-17538 (Axon (formerly TASER International) Evidence Sync 3.15.89 is 
vulnerable ...)
-   TODO: check
+   NOT-FOR-US: Axon Evidence Sync
 CVE-2018-17537
RESERVED
 CVE-2018-17536
@@ -1960,7 +1960,7 @@ CVE-2018-16674
 CVE-2018-16673
RESERVED
 CVE-2018-16672 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. 
Due to ...)
-   TODO: check
+   NOT-FOR-US: CIRCONTROL CirCarLife
 CVE-2018-16671 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. 
There is ...)
NOT-FOR-US: CIRCONTROL CirCarLife
 CVE-2018-16670 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. 
There is ...)
@@ -4605,7 +4605,7 @@ CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input 
file 0x50 0x36 0x36 0x
[jessie] - imagemagick  (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1255
 CVE-2018-15606 (An XSS issue was discovered in SalesAgility SuiteCRM 7.x 
before 7.8.21 ...)
-   TODO: check
+   NOT-FOR-US: SuiteCRM
 CVE-2018-15605 (An issue was discovered in phpMyAdmin before 4.8.3. A 
Cross-Site ...)
- phpmyadmin  (Vulnerable code introduced later)
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-5/
@@ -6426,7 +6426,7 @@ CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow 
unauthorized access to the sys
 CVE-2018-14804
RESERVED
 CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and 
prior. The ...)
-   TODO: check
+   NOT-FOR-US: Philips e-Alert Unit
 CVE-2018-14802
RESERVED
 CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 
Cardiographs, all ...)
@@ -16193,7 +16193,7 @@ CVE-2018-11073
 CVE-2018-11072
RESERVED
 CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 
8.0.1.x, ...)
-   TODO: check
+   NOT-FOR-US: EMC Isilon OneFS
 CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J 
...)
NOT-FOR-US: RSA BSAFE Crypto-J
 CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert 
Timing ...)
@@ -42120,7 +42120,7 @@ CVE-2018-1802
 CVE-2018-1801
RESERVED
 CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 
6.2.6.1 could ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1799
RESERVED
 CVE-2018-1798
@@ -42150,13 +42150,13 @@ CVE-2018-1787
 CVE-2018-1786
RESERVED
 CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) 
uses ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1784
RESERVED
 CVE-2018-1783
RESERVED
 CVE-2018-1782 (IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a 
local, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1781
RESERVED
 CVE-2018-1780
@@ -42184,7 +42184,7 @@ CVE-2018-1770
 CVE-2018-1769
RESERVED
 CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose 
sensitive ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1767
RESERVED
 CVE-2018-1766
@@ -42298,9 +42298,9 @@ CVE-2018-1713
 CVE-2018-1712 (IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is 
...)
NOT-FOR-US: IBM
 CVE-2018-1711 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1710 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1709
RESERVED
 CVE-2018-1708
@@ -42350,11 +42350,11 @@ CVE-2018-1687
 CVE-2018-1686
RESERVED
 CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect 
Server) 9.7, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1684
RESERVED
 CVE-2018-1683 (IBM WebSphere Application Server Liberty could allow a remote 
attacker ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1682
RESERVED
 CVE-2018-1681
@@ -42372,7 +42372,7 @@ CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 
2.0.4 is vulnerable to cross
 CVE-2018-1675
RESERVED
 CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 
through ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1673
RESERVED
 CVE-2018-1672
@@ -42382,7 +42382,7 @@ CVE-2018-1671
 CVE-2018-1670
RESERVED
 CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 
7.5.0.0 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1668
RESERVED
 CVE-2018-1667
@@ -42392,7 +42392,7 @@ CVE-2018-1666
 CVE-2018-1665
RESERVED
 CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-25 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
44a40111 by Salvatore Bonaccorso at 2018-09-25T20:30:51Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -255,15 +255,15 @@ CVE-2018-17406
 CVE-2018-17405
RESERVED
 CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 
for Android ...)
-   TODO: check
+   NOT-FOR-US: SBIbuddy application
 CVE-2018-17403 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 
through ...)
-   TODO: check
+   NOT-FOR-US: PhonePe wallet application
 CVE-2018-17402 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 
through ...)
-   TODO: check
+   NOT-FOR-US: PhonePe wallet application
 CVE-2018-17401 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 
through ...)
-   TODO: check
+   NOT-FOR-US: PhonePe wallet application
 CVE-2018-17400 (The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 
through ...)
-   TODO: check
+   NOT-FOR-US: PhonePe wallet application
 CVE-2018-17399
RESERVED
 CVE-2018-17398
@@ -327,21 +327,21 @@ CVE-2018-17370
 CVE-2018-17369 (An issue was discovered in springboot_authority through 
2017-03-06. ...)
TODO: check
 CVE-2018-17368 (An issue was discovered in PublicCMS V4.0.180825. For an 
invalid login ...)
-   TODO: check
+   NOT-FOR-US: PublicCMS
 CVE-2018-17367
RESERVED
 CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: MCMS
 CVE-2018-17365
RESERVED
 CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP 
code via ...)
-   TODO: check
+   NOT-FOR-US: OTCMS
 CVE-2018-17363
RESERVED
 CVE-2018-17362
RESERVED
 CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: WeaselCMS
 CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) 
library ...)
- binutils 
[stretch] - binutils  (Minor issue)
@@ -390,7 +390,7 @@ CVE-2018-17343
 CVE-2018-17342
RESERVED
 CVE-2018-17341 (BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite 
routing is ...)
-   TODO: check
+   NOT-FOR-US: BigTree CMS
 CVE-2018-17340
RESERVED
 CVE-2018-17339



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44a401116fc412265c864a846bfe628e03c8fde0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/44a401116fc412265c864a846bfe628e03c8fde0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-21 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
79f520f0 by Salvatore Bonaccorso at 2018-09-21T08:24:31Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,17 +1,17 @@
 CVE-2018-17303
RESERVED
 CVE-2018-17302 (Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 
via a ...)
-   TODO: check
+   NOT-FOR-US: EspoCRM
 CVE-2018-17301 (Reflected XSS exists in ...)
-   TODO: check
+   NOT-FOR-US: EspoCRM
 CVE-2018-17300 (Stored XSS exists in CuppaCMS through 2018-09-03 via an ...)
-   TODO: check
+   NOT-FOR-US: CuppaCMS
 CVE-2018-17299
RESERVED
 CVE-2018-17298 (An issue was discovered in Enalean Tuleap before 10.5. Reset 
password ...)
TODO: check
 CVE-2018-17297 (The unzip function in ZipUtil.java in Hutool before 4.1.12 
allows ...)
-   TODO: check
+   NOT-FOR-US: Hutool
 CVE-2018-17296
RESERVED
 CVE-2018-17295
@@ -39,7 +39,7 @@ CVE-2018-17285
 CVE-2018-17284
RESERVED
 CVE-2018-17283 (Zoho ManageEngine OpManager before 12.3 Build 123196 does not 
require ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-17282 (An issue was discovered in Exiv2 v0.26. The function ...)
TODO: check
 CVE-2018-17281
@@ -95,9 +95,9 @@ CVE-2018-17257
 CVE-2018-17256
RESERVED
 CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid 
parameter. ...)
-   TODO: check
+   NOT-FOR-US: Navigate CMS
 CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL 
Injection via the ...)
-   TODO: check
+   NOT-FOR-US: JCK Editor component for Joomla!
 CVE-2018-17253
RESERVED
 CVE-2018-17252



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79f520f0bb273ab62b6641ecb595639854557bf3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/79f520f0bb273ab62b6641ecb595639854557bf3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-19 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7a25996b by Salvatore Bonaccorso at 2018-09-19T20:38:37Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -13,7 +13,7 @@ CVE-2018-17209
 CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated 
command ...)
NOT-FOR-US: Linksys Velop
 CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 
1.2.42. By ...)
-   TODO: check
+   NOT-FOR-US: Snap Creek Duplicator
 CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 
2.7.6. The ...)
TODO: check
 CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 
2.7.6, ...)
@@ -1371,7 +1371,7 @@ CVE-2018-16609
 CVE-2018-16608 (In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can 
change ...)
NOT-FOR-US: Monstra CMS
 CVE-2018-16607 (Cross-site scripting (XSS) vulnerability in the Orgs Page in 
...)
-   TODO: check
+   NOT-FOR-US: Orgs Page in Open-AudIT Professional
 CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference 
(IDOR) ...)
NOT-FOR-US: ProConf
 CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and 
Username fields ...)
@@ -4072,7 +4072,7 @@ CVE-2018-15548
 CVE-2018-15547
RESERVED
 CVE-2018-15546 (Accusoft PrizmDoc version 13.3 and earlier contains a Stored 
...)
-   TODO: check
+   NOT-FOR-US: Accusoft PrizmDoc
 CVE-2018-15545
RESERVED
 CVE-2018-15544
@@ -5669,7 +5669,7 @@ CVE-2018-14794
 CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is 
vulnerable ...)
NOT-FOR-US: DeltaV
 CVE-2018-14792 (WECON PLC Editor version 1.3.3U may allow an attacker to 
execute code ...)
-   TODO: check
+   NOT-FOR-US: WECON
 CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 
may ...)
NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14790
@@ -9207,7 +9207,7 @@ CVE-2018-13400
 CVE-2018-13399
RESERVED
 CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye 
and ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2018-13397
RESERVED
 CVE-2018-13396
@@ -12311,9 +12311,9 @@ CVE-2018-12245
 CVE-2018-12244
RESERVED
 CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be 
...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be 
...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2018-12241
RESERVED
 CVE-2018-12240 (The Norton Identity Safe product prior to 5.3.0.976 may be 
susceptible ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a25996b33a8051f9569179baa4b65efeeffbba1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a25996b33a8051f9569179baa4b65efeeffbba1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-18 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
18805bc2 by Salvatore Bonaccorso at 2018-09-18T20:41:18Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -58,7 +58,7 @@ CVE-2018-17154
 CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 
contains a ...)
TODO: check
 CVE-2018-17153 (It was discovered that the Western Digital My Cloud device 
through ...)
-   TODO: check
+   NOT-FOR-US: Western Digital My Cloud device
 CVE-2018-17152
RESERVED
 CVE-2018-17151
@@ -483,21 +483,21 @@ CVE-2018-16961
 CVE-2018-16960
RESERVED
 CVE-2018-16959 (An issue was discovered in Oracle WebCenter Interaction Portal 
10.3.3. ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16958 (An issue was discovered in Oracle WebCenter Interaction Portal 
10.3.3. ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16957 (The Oracle WebCenter Interaction 10.3.3 search service 
queryd.exe ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction
 CVE-2018-16956 (The AjaxControl component of Oracle WebCenter Interaction 
Portal 10.3.3 ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16955 (The login function of Oracle WebCenter Interaction Portal 
10.3.3 is ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16954 (An issue was discovered in Oracle WebCenter Interaction Portal 
10.3.3. ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16953 (The AjaxView::DisplayResponse() function of the 
portalpages.dll ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2018-16952 (The Oracle WebCenter Interaction Portal 10.3.3 does not 
implement ...)
-   TODO: check
+   NOT-FOR-US: Oracle WebCenter Interaction Portal
 CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics 
STM32F0 ...)
NOT-FOR-US: STMicroelectronics STM32F0 series devices
 CVE-2018-16976 (Gitolite before 3.6.9 does not (in certain configurations 
involving ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18805bc2dcf8d86dce429a3da25ab9ea68ca1fd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18805bc2dcf8d86dce429a3da25ab9ea68ca1fd3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-18 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
28def8b4 by Salvatore Bonaccorso at 2018-09-18T20:22:34Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5,11 +5,11 @@ CVE-2018-17180
 CVE-2018-17179
RESERVED
 CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 
devices. They ...)
-   TODO: check
+   NOT-FOR-US: Neato Botvac Connected devices
 CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and 
Botvac 85 ...)
-   TODO: check
+   NOT-FOR-US: Neato Botvac Connected and Botvac 85 devices
 CVE-2018-17176 (A replay issue was discovered on Neato Botvac Connected 2.2.0 
devices. ...)
-   TODO: check
+   NOT-FOR-US: Neato Botvac Connected devices
 CVE-2018-17175 (In the marshmallow library before 2.15.1 and 3.x before 
3.0.0b9 for ...)
TODO: check
 CVE-2018-17174



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/28def8b4643ee3452e829d824928c339116acad9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/28def8b4643ee3452e829d824928c339116acad9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-17 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54278e13 by Salvatore Bonaccorso at 2018-09-17T20:23:14Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -41159,7 +41159,7 @@ CVE-2018-1793
 CVE-2018-1792
RESERVED
 CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External 
Service ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1790
RESERVED
 CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an 
attacker to ...)
@@ -41195,7 +41195,7 @@ CVE-2018-1775
 CVE-2018-1774
RESERVED
 CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow 
an ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1772
RESERVED
 CVE-2018-1771
@@ -41303,7 +41303,7 @@ CVE-2018-1721
 CVE-2018-1720
RESERVED
 CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide 
weaker than ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 
is ...)
NOT-FOR-US: IBM
 CVE-2018-1717
@@ -41345,7 +41345,7 @@ CVE-2018-1700
 CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to 
SQL ...)
NOT-FOR-US: IBM
 CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1697
RESERVED
 CVE-2018-1696
@@ -93549,7 +93549,7 @@ CVE-2017-1681 (IBM WebSphere Application Server (IBM 
Liberty for Java for Bluemi
 CVE-2017-1680
RESERVED
 CVE-2017-1679 (IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow 
an ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is 
vulnerable to ...)
NOT-FOR-US: IBM
 CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, 
UNIX and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54278e1325cb56ea69d944023396a1ca24c1076a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/54278e1325cb56ea69d944023396a1ca24c1076a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b2d9c317 by Salvatore Bonaccorso at 2018-09-16T08:18:02Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,13 +7,13 @@ CVE-2018-17079
 CVE-2018-17078
RESERVED
 CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There 
is stored ...)
-   TODO: check
+   NOT-FOR-US: yiqicms
 CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is 
available on ...)
TODO: check
 CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go 
mishandles ...)
TODO: check
 CVE-2018-17074 (The Feed Statistics plugin before 4.0 for WordPress has an 
Open ...)
-   TODO: check
+   NOT-FOR-US: Feed Statistics plugin for WordPress
 CVE-2018-17073 (wernsey/bitmap before 2018-08-18 allows a NULL pointer 
dereference via ...)
TODO: check
 CVE-2018-17072 (JSON++ through 2016-06-15 has a buffer over-read in yyparse() 
in ...)
@@ -21,25 +21,25 @@ CVE-2018-17072 (JSON++ through 2016-06-15 has a buffer 
over-read in yyparse() in
 CVE-2018-17071
RESERVED
 CVE-2018-17070 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can 
update the ...)
-   TODO: check
+   NOT-FOR-US: UNL-CMS
 CVE-2018-17069 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can 
create new ...)
-   TODO: check
+   NOT-FOR-US: UNL-CMS
 CVE-2018-17068 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. 
An HTTP ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-17067 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. 
A very ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-17066 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. 
An HTTP ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-17065 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. 
Within ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-17064 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. 
An HTTP ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-17063 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. 
An HTTP ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-17062
RESERVED
 CVE-2018-17061 (BullGuard Safe Browsing 18.1.355 allows XSS on Google, Bing, 
and Yahoo! ...)
-   TODO: check
+   NOT-FOR-US: BullGuard Safe Browsing
 CVE-2018-17060
RESERVED
 CVE-2018-17059



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2d9c3179f5b8851bc888c92560b0ea1c42feadb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b2d9c3179f5b8851bc888c92560b0ea1c42feadb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d5fa39ec by Salvatore Bonaccorso at 2018-09-15T09:13:17Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -782,7 +782,7 @@ CVE-2018-16708
 CVE-2018-16707
RESERVED
 CVE-2018-16706 (LG SuperSign CMS allows TVs to be rebooted remotely without 
...)
-   TODO: check
+   NOT-FOR-US: LG SuperSign CMS
 CVE-2018-16705 (FURUNO FELCOM 250 and 500 devices allow unauthenticated access 
to the ...)
NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
 CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an 
Insecure ...)
@@ -1803,11 +1803,11 @@ CVE-2018-16290
 CVE-2018-16289
RESERVED
 CVE-2018-16288 (LG SuperSign CMS allows reading of arbitrary files via ...)
-   TODO: check
+   NOT-FOR-US: LG SuperSign CMS
 CVE-2018-16287 (LG SuperSign CMS allows file upload via ...)
-   TODO: check
+   NOT-FOR-US: LG SuperSign CMS
 CVE-2018-16286 (LG SuperSign CMS allows authentication bypass because the 
CAPTCHA ...)
-   TODO: check
+   NOT-FOR-US: LG SuperSign CMS
 CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via 
the ...)
NOT-FOR-US: Wordpress plugin
 CVE-2018-16284
@@ -15036,7 +15036,7 @@ CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, 
contain an authorization
 CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored 
cross-site ...)
NOT-FOR-US: RSA Archer
 CVE-2018-11058 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 
4.0.x) and ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-11057 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 
4.0.x) and ...)
NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-11056 (RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), 
and RSA ...)
@@ -15819,7 +15819,7 @@ CVE-2018-10816
 CVE-2018-10815
RESERVED
 CVE-2018-10814 (Synametrics SynaMan 4.0 build 1488 uses cleartext password 
storage for ...)
-   TODO: check
+   NOT-FOR-US: Synametrics SynaMan
 CVE-2018-10813 (In Dedos-web 1.0, the cookie and session secrets used in the 
...)
NOT-FOR-US: Dedos-web
 CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses 
cleartext ...)
@@ -15988,7 +15988,7 @@ CVE-2018-10765
 CVE-2018-10764
RESERVED
 CVE-2018-10763 (Multiple cross-site scripting (XSS) vulnerabilities in 
Synametrics ...)
-   TODO: check
+   NOT-FOR-US: Synametrics SynaMan
 CVE-2018-10762
REJECTED
 CVE-2018-10761



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5fa39ec0f077564a1a47bab5f8a15d8bc2bc240

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5fa39ec0f077564a1a47bab5f8a15d8bc2bc240
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-14 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
504ab7d2 by Salvatore Bonaccorso at 2018-09-14T09:33:21Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS 
via ...)
-   TODO: check
+   NOT-FOR-US: K-Net Cisco Configuration Manager
 CVE-2018-17050
RESERVED
 CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php 
callback ...)
-   TODO: check
+   NOT-FOR-US: CQU-LANKERS
 CVE-2018-17048
RESERVED
 CVE-2018-17047
@@ -11,9 +11,9 @@ CVE-2018-17047
 CVE-2018-17046 (translate man before 2018-08-21 has XSS via ...)
TODO: check
 CVE-2018-17045 (An issue was discovered in CMS MaeloStore V.1.5.0. There is a 
CSRF ...)
-   TODO: check
+   NOT-FOR-US: CMS MaeloStore
 CVE-2018-17044 (In YzmCMS 5.1, stored XSS exists via the ...)
-   TODO: check
+   NOT-FOR-US: YzmCMS
 CVE-2018-17043 (An issue has been found in doc2txt through 2014-03-19. It is a 
...)
TODO: check
 CVE-2018-17042 (An issue has been found in dbf2txt through 2012-07-19. It is a 
infinite ...)
@@ -23,25 +23,25 @@ CVE-2018-17041
 CVE-2018-17040
RESERVED
 CVE-2018-17039 (MiniCMS 1.10, when Internet Explorer is used, allows XSS via a 
crafted ...)
-   TODO: check
+   NOT-FOR-US: MiniCMS
 CVE-2018-17038
RESERVED
 CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which 
allows ...)
-   TODO: check
+   NOT-FOR-US: UCMS
 CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code 
injection ...)
-   TODO: check
+   NOT-FOR-US: UCMS
 CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the ...)
-   TODO: check
+   NOT-FOR-US: UCMS
 CVE-2018-17034 (UCMS 1.4.6 has XSS via the install/index.php mysql_dbname 
parameter. ...)
-   TODO: check
+   NOT-FOR-US: UCMS
 CVE-2018-17033
RESERVED
 CVE-2018-17032
RESERVED
 CVE-2018-17031 (In Gogs 0.11.53, an attacker can use a crafted .eml file to 
trigger ...)
-   TODO: check
+   NOT-FOR-US: Go Git Service
 CVE-2018-17030 (BigTree CMS 4.2.23 allows remote authenticated users, if 
possessing ...)
-   TODO: check
+   NOT-FOR-US: BigTree CMS
 CVE-2018-17029
RESERVED
 CVE-2018-17028
@@ -49,11 +49,11 @@ CVE-2018-17028
 CVE-2018-17027
RESERVED
 CVE-2018-17026 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the 
page_meta_title ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-17025 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the 
page_meta_title ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-17024 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the 
page_meta_title ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS 
GT-AC5300 ...)
NOT-FOR-US: ASUS GT-AC5300 routers
 CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router 
through ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/504ab7d206fc59e6d165b7605bf160fb89dbe561

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/504ab7d206fc59e6d165b7605bf160fb89dbe561
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-13 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2214438 by Salvatore Bonaccorso at 2018-09-13T20:15:40Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,43 +1,43 @@
 CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS 
GT-AC5300 ...)
-   TODO: check
+   NOT-FOR-US: ASUS GT-AC5300 routers
 CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router 
through ...)
-   TODO: check
+   NOT-FOR-US: ASUS GT-AC5300 routers
 CVE-2018-17021 (Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 
devices with ...)
-   TODO: check
+   NOT-FOR-US: ASUS GT-AC5300 devices
 CVE-2018-17020 (ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 
allow ...)
-   TODO: check
+   NOT-FOR-US: ASUS GT-AC5300 devices
 CVE-2018-17019 (In Bro through 2.5.5, there is a DoS in IRC protocol names 
command ...)
TODO: check
 CVE-2018-17018 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17017 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17016 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17015 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17014 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17013 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17012 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17011 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17010 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17009 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17008 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17007 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17006 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and 
TL-WR886N ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-17003
RESERVED
 CVE-2018-17002



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2214438c8e46cb0551c20811f9b7f19ddc726e9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2214438c8e46cb0551c20811f9b7f19ddc726e9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-13 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
eef33ef6 by Salvatore Bonaccorso at 2018-09-13T06:53:07Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -29,7 +29,7 @@ CVE-2018-16953
 CVE-2018-16952
RESERVED
 CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics 
STM32F0 ...)
-   TODO: check
+   NOT-FOR-US: STMicroelectronics STM32F0 series devices
 CVE-2018-16976 [prevent access to repos which are in the process of being 
migrated]
- gitolite3  (bug #908699)
[stretch] - gitolite3  (Minor issue)
@@ -540,13 +540,13 @@ CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by 
(for example) adding t
 CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the 
site name. ...)
NOT-FOR-US: CScms
 CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains 
Javascript in a ...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page 
created at ...)
-   TODO: check
+   NOT-FOR-US: feindura
 CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the 
homepage ...)
-   TODO: check
+   NOT-FOR-US: razorCMS
 CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of 
the ...)
-   TODO: check
+   NOT-FOR-US: razorCMS
 CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the ...)
NOT-FOR-US: baijiacms
 CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection 
exists via ...)
@@ -821,7 +821,7 @@ CVE-2018-16607
 CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference 
(IDOR) ...)
NOT-FOR-US: ProConf
 CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and 
Username fields ...)
-   TODO: check
+   NOT-FOR-US: D-Link DIR-600M devices
 CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's 
username ...)
NOT-FOR-US: Nibbleblog
 CVE-2018-16603
@@ -1374,9 +1374,9 @@ CVE-2018-16391 (Several buffer overflows when handling 
responses from a Muscle C
 CVE-2018-16390
RESERVED
 CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via 
the ...)
-   TODO: check
+   NOT-FOR-US: e107
 CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: e107
 CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is 
a CSRF ...)
NOT-FOR-US: Elefant CMS
 CVE-2018-16386
@@ -3592,7 +3592,7 @@ CVE-2018-15504 (An issue was discovered in Embedthis 
GoAhead before 4.0.1 and Ap
 CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks 
correct size ...)
NOT-FOR-US: Swoole
 CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 
2018-08-13 ...)
-   TODO: check
+   NOT-FOR-US: Lone Wolf Technologies loadingDOCS
 CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 
and 0.27.x ...)
{DLA-1477-1}
- libgit2 0.27.4+dfsg.1-0.1 (low)
@@ -7729,9 +7729,9 @@ CVE-2018-13809
 CVE-2018-13808
RESERVED
 CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All 
versions  ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad 
Designer (All ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2018-13805
RESERVED
 CVE-2018-13804
@@ -8586,9 +8586,9 @@ CVE-2018-13414
 CVE-2018-13413
RESERVED
 CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central 
before ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT 
command-line ...)
- zip  (unimportant; bug #903196)
NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
@@ -11874,7 +11874,7 @@ CVE-2018-12178
 CVE-2018-12177
RESERVED
 CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may 
allow a ...)
-   TODO: check
+   NOT-FOR-US: Intel
 CVE-2018-12175 (Default install directory permissions in Intel Distribution 
for Python ...)
TODO: check
 CVE-2018-12174
@@ -11884,7 +11884,7 @@ CVE-2018-12173
 CVE-2018-12172
RESERVED
 CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller 
(BMC) ...)
-   TODO: check
+   NOT-FOR-US: Intel Baseboard Management Controller firmware
 CVE-2018-12170
RESERVED
 CVE-2018-12169
@@ -11900,13 +11900,13 @@ CVE-2018-12165
 CVE-2018-12164
RESERVED
 CVE-2018-12163 (A DLL injection 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-12 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cad994c5 by Salvatore Bonaccorso at 2018-09-12T08:17:18Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,9 +1,9 @@
 CVE-2018-16951 (xunfeng 0.2.0 allows command execution via CSRF because 
masscan.py ...)
-   TODO: check
+   NOT-FOR-US: xunfeng
 CVE-2018-16950 (Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote 
...)
-   TODO: check
+   NOT-FOR-US: Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices
 CVE-2018-16946 (LG LNB*, LND*, LNU*, and LNV* smart network camera devices 
have broken ...)
-   TODO: check
+   NOT-FOR-US: LG smart network camera device
 CVE-2018-16945
RESERVED
 CVE-2018-16944
@@ -2486,7 +2486,7 @@ CVE-2018-15900
 CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a 
post.php?date= XSS ...)
NOT-FOR-US: MiniCMS
 CVE-2018-15898 (The Subsonic Music Streamer application 4.4 for Android has 
Improper ...)
-   TODO: check
+   NOT-FOR-US: Subsonic Music Streamer application for Android
 CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote 
attackers ...)
NOT-FOR-US: PHP Scripts Mall Website Seller Script
 CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via 
Personal ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cad994c5b380c01ace3f1c876e2c73c06123363d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cad994c5b380c01ace3f1c876e2c73c06123363d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-11 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
314fee8a by Salvatore Bonaccorso at 2018-09-11T20:32:06Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -217,7 +217,7 @@ CVE-2018-16838
 CVE-2018-16837
RESERVED
 CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal 
vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: Rubedo CMS
 CVE-2018-16835
RESERVED
 CVE-2018-16834
@@ -225,7 +225,7 @@ CVE-2018-16834
 CVE-2018-16833
RESERVED
 CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an 
attacker to ...)
-   TODO: check
+   NOT-FOR-US: xunfeng
 CVE-2018- [OpenAFS Security Advisory-2018-003]
- openafs  (bug #908616)
NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
@@ -14736,7 +14736,7 @@ CVE-2018-11080
 CVE-2018-11079
RESERVED
 CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains 
an ...)
-   TODO: check
+   NOT-FOR-US: EMC VPlex GeoSynchrony
 CVE-2018-11077
RESERVED
 CVE-2018-11076
@@ -14752,11 +14752,11 @@ CVE-2018-11072
 CVE-2018-11071
RESERVED
 CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J 
...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Crypto-J
 CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert 
Timing ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE SSL-J
 CVE-2018-11068 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap 
Inspection ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE SSL-J
 CVE-2018-11067
RESERVED
 CVE-2018-11066
@@ -25873,9 +25873,9 @@ CVE-2018-6978
 CVE-2018-6977
RESERVED
 CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data 
...)
-   TODO: check
+   NOT-FOR-US: VMware
 CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data 
protection ...)
-   TODO: check
+   NOT-FOR-US: AirWatch Agent for iOS
 CVE-2018-6974
RESERVED
 CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 
...)
@@ -39283,33 +39283,33 @@ CVE-2018-2467
 CVE-2018-2466
RESERVED
 CVE-2018-2465 (SAP HANA (versions 1.0 and 2.0) Extended Application Services 
classic ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2464 (SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does 
not ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2463 (The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, 
versions ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2462 (In certain cases, BEx Web Java Runtime Export Web Service in 
SAP ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2461 (Missing authorization check in SAP HCM Fiori People 
Profile (GBX01 ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2460 (SAP Business One Android application, version 1.2, does not 
verify the ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2459 (Users of an SAP Mobile Platform (version 3.0) Offline OData ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2458 (Under certain conditions, Crystal Report using SAP Business 
One, ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2457 (Under certain conditions SAP Adaptive Server Enterprise, 
version 16.0, ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2456
RESERVED
 CVE-2018-2455 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 
6.17, ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2454 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 
6.17, ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2453
RESERVED
 CVE-2018-2452 (The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 
7.20, ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-2451 (XS Command-Line Interface (CLI) user sessions with the SAP HANA 
...)
NOT-FOR-US: SAP HANA Extended Application Services
 CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker 
who ...)
@@ -41121,7 +41121,7 @@ CVE-2018-1573
 CVE-2018-1572
RESERVED
 CVE-2018-1571 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated 
attacker to ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1570
RESERVED
 CVE-2018-1569
@@ -45138,9 +45138,9 @@ CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 
to versions prior to 3.6
 CVE-2018-0649 (Untrusted search path vulnerability in the installers of 
multiple ...)
TODO: check
 CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork 
Desktop ...)
-   TODO: check
+   NOT-FOR-US: installer of ChatWork Desktop App for Windows
 CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL 
Firmware ...)
-   TODO: check
+   NOT-FOR-US: 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-10 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3b2e4f74 by Salvatore Bonaccorso at 2018-09-10T20:18:59Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -11,7 +11,7 @@ CVE-2018-16799
 CVE-2018-16798
RESERVED
 CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 
1.8.7556 ...)
-   TODO: check
+   NOT-FOR-US: PotPlayer
 CVE-2018-16796
RESERVED
 CVE-2018-16795
@@ -207,7 +207,7 @@ CVE-2018-16707
 CVE-2018-16706
RESERVED
 CVE-2018-16705 (FURUNO FELCOM 250 and 500 devices allow unauthenticated access 
to the ...)
-   TODO: check
+   NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
 CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an 
Insecure ...)
NOT-FOR-US: Gleez CMS
 CVE-2018-16703 (A vulnerability in the Gleez CMS 1.2.0 login page could allow 
an ...)
@@ -432,7 +432,7 @@ CVE-2018-16610
 CVE-2018-16609
RESERVED
 CVE-2018-16608 (In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can 
change ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-16607
RESERVED
 CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference 
(IDOR) ...)
@@ -466,7 +466,7 @@ CVE-2018-16593
 CVE-2018-16592
RESERVED
 CVE-2018-16591 (FURUNO FELCOM 250 and 500 devices allow unauthenticated users 
to change ...)
-   TODO: check
+   NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
 CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side 
JavaScript in ...)
NOT-FOR-US: FURUNO FELCOM
 CVE-2018-16589
@@ -2177,7 +2177,7 @@ CVE-2014-10074 (Umbraco before 7.2.0 has a remote PHP 
code execution vulnerabili
 CVE-2018-15887 (Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is 
prone to ...)
NOT-FOR-US: ASUS DSL-N12E_C1
 CVE-2018-15886 (Monstra CMS 3.0.4 does not properly restrict modified Snippet 
content, ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission 
of ...)
NOT-FOR-US: Ovation FindMe
 CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b2e4f7433d2f14a839901706c995a4cb7a56f46

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b2e4f7433d2f14a839901706c995a4cb7a56f46
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-08 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5a02a613 by Salvatore Bonaccorso at 2018-09-08T08:44:22Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -590,7 +590,7 @@ CVE-2018-16456
 CVE-2018-16455
RESERVED
 CVE-2018-16454 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Olx Clone
 CVE-2018-16453
RESERVED
 CVE-2018-16452
@@ -864,7 +864,7 @@ CVE-2018-16365 (An issue discovered in idreamsoft iCMS 
V7.0.10. ...)
 CVE-2018-16364
RESERVED
 CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has 
XSS via ...)
-   TODO: check
+   NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
 CVE-2018-16362 (An issue was discovered in the Source Integration plugin 
before 1.5.9 ...)
NOT-FOR-US: Mantis plugin
 CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php 
allows XSS ...)
@@ -1591,7 +1591,7 @@ CVE-2018-16061
 CVE-2018-16060
RESERVED
 CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow 
...)
-   TODO: check
+   NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
 CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
[stretch] - wireshark  (Minor issue)
@@ -3050,13 +3050,13 @@ CVE-2018-15488
 CVE-2018-15487
RESERVED
 CVE-2018-15486 (An issue was discovered on KONE Group Controller (KGC) devices 
before ...)
-   TODO: check
+   NOT-FOR-US: KONE Group Controller (KGC) devices
 CVE-2018-15485 (An issue was discovered on KONE Group Controller (KGC) devices 
before ...)
-   TODO: check
+   NOT-FOR-US: KONE Group Controller (KGC) devices
 CVE-2018-15484 (An issue was discovered on KONE Group Controller (KGC) devices 
before ...)
-   TODO: check
+   NOT-FOR-US: KONE Group Controller (KGC) devices
 CVE-2018-15483 (An issue was discovered on KONE Group Controller (KGC) devices 
before ...)
-   TODO: check
+   NOT-FOR-US: KONE Group Controller (KGC) devices
 CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have 
incorrect ...)
NOT-FOR-US: LG devices specific issue
 CVE-2018-15481 (Improper input sanitization within the restricted 
administration shell ...)
@@ -5669,11 +5669,11 @@ CVE-2018-14400
 CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows 
remote ...)
NOT-FOR-US: PHPCMS
 CVE-2018-14398 (An issue was discovered in Creme CRM 1.6.12. The value of the 
cancel ...)
-   TODO: check
+   NOT-FOR-US: Creme CRM
 CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization 
creation ...)
-   TODO: check
+   NOT-FOR-US: Creme CRM
 CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman 
creation ...)
-   TODO: check
+   NOT-FOR-US: Creme CRM
 CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers 
to cause a ...)
{DSA-4258-1}
- ffmpeg 7:4.0.2-1
@@ -9166,7 +9166,7 @@ CVE-2018-12899
 CVE-2018-12898
RESERVED
 CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a 
Buffer ...)
-   TODO: check
+   NOT-FOR-US: SolarWinds DameWare Mini Remote Control
 CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An 
Integer ...)
- linux 
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
@@ -18780,7 +18780,7 @@ CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi 
on ASUS RT-AC66U, RT-AC68
 CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore 
StarHub ...)
NOT-FOR-US: D-Link
 CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected 
by 10 ...)
-   TODO: check
+   NOT-FOR-US: Creme CRM
 CVE-2018-9282
RESERVED
 CVE-2018-9281



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a02a613585b0ff56aa94134f79a46a61864378d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a02a613585b0ff56aa94134f79a46a61864378d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-06 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
12b30ac4 by Salvatore Bonaccorso at 2018-09-06T20:58:06Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -21,11 +21,11 @@ CVE-2018-16608
 CVE-2018-16607
RESERVED
 CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference 
(IDOR) ...)
-   TODO: check
+   NOT-FOR-US: ProConf
 CVE-2018-16605
RESERVED
 CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's 
username ...)
-   TODO: check
+   NOT-FOR-US: Nibbleblog
 CVE-2018-16603
RESERVED
 CVE-2018-16602



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12b30ac40fa9079aa551a73bd054c9a57b93d7c8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/12b30ac40fa9079aa551a73bd054c9a57b93d7c8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-05 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9914e6b3 by Salvatore Bonaccorso at 2018-09-05T20:31:52Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -18560,11 +18560,11 @@ CVE-2018-9196
 CVE-2018-9195
RESERVED
 CVE-2018-9194 (A plaintext recovery of encrypted messages or a 
Man-in-the-middle ...)
-   TODO: check
+   NOT-FOR-US: Fortinet FortiOS
 CVE-2018-9193
RESERVED
 CVE-2018-9192 (A plaintext recovery of encrypted messages or a 
Man-in-the-middle ...)
-   TODO: check
+   NOT-FOR-US: Fortinet FortiOS
 CVE-2018-9191
RESERVED
 CVE-2018-9190
@@ -40770,7 +40770,7 @@ CVE-2018-1355 (An open redirect vulnerability in 
Fortinet FortiManager 6.0.0 and
 CVE-2018-1354 (An improper access control vulnerability in Fortinet 
FortiManager ...)
NOT-FOR-US: Fortinet
 CVE-2018-1353 (An information disclosure vulnerability in Fortinet 
FortiManager 6.0.1 ...)
-   TODO: check
+   NOT-FOR-US: Fortinet FortiManager
 CVE-2018-1352
RESERVED
 CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet 
FortiManager ...)
@@ -44010,7 +44010,7 @@ CVE-2018-0658
 CVE-2018-0657
RESERVED
 CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital 
Paper ...)
-   TODO: check
+   NOT-FOR-US: Digital Paper App
 CVE-2018-0655
RESERVED
 CVE-2018-0654



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9914e6b34dd290f3f7f90fa26f4bd94c6389c276

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9914e6b34dd290f3f7f90fa26f4bd94c6389c276
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-03 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a79be50d by Salvatore Bonaccorso at 2018-09-03T20:21:57Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,7 @@
 CVE-2018-16417
RESERVED
 CVE-2018-16416 (Cross-site request forgery (CSRF) vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: FUEL CMS
 CVE-2018-16415
RESERVED
 CVE-2018-16414
@@ -15,9 +15,9 @@ CVE-2018-16411
 CVE-2018-16410 (Vanilla before 2.6.1 allows SQL injection via an invitationID 
array to ...)
TODO: check
 CVE-2018-16409 (In Gogs 0.11.53, an attacker can use migrate to send arbitrary 
HTTP GET ...)
-   TODO: check
+   NOT-FOR-US: Go Git Service
 CVE-2018-16408 (D-Link DIR-846 devices with firmware 100.26 allow remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: D-Link DIR-846 devices
 CVE-2018-16407 (An issue was discovered in Mayan EDMS before 3.0.3. The Tags 
app has ...)
TODO: check
 CVE-2018-16406 (An issue was discovered in Mayan EDMS before 3.0.2. The 
Cabinets app ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a79be50d45b8d9cf7601752890062620a3e98125

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a79be50d45b8d9cf7601752890062620a3e98125
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-02 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
14cf625e by Salvatore Bonaccorso at 2018-09-02T09:22:29Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -8,13 +8,13 @@ CVE-2018-16335 (newoffsets handling in 
ChopUpSingleUncompressedStrip in tif_dirr
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2809
NOTE: The fix for CVE-2017-11613 is possibly covering the bug.
 CVE-2018-16334 (An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and 
AC10 ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2018-16333 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
-   TODO: check
+   NOT-FOR-US: Tenda
 CVE-2018-16332 (An issue was discovered in iCMS 7.0.9. There is an ...)
-   TODO: check
+   NOT-FOR-US: iCMS
 CVE-2018-16331 (admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to 
change the ...)
-   TODO: check
+   NOT-FOR-US: DamiCMS
 CVE-2018-16330 (Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an 
invalid ...)
TODO: check
 CVE-2018-16329 (In ImageMagick before 7.0.8-8, a NULL pointer dereference 
exists in the ...)
@@ -26,7 +26,7 @@ CVE-2018-16327 (There is Stored XSS in Subrion 4.2.1 via the 
admin panel URL ...
 CVE-2018-16326
RESERVED
 CVE-2018-16325 (There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php 
title ...)
-   TODO: check
+   NOT-FOR-US: GetSimple CMS
 CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the 
/webmail/ ...)
NOT-FOR-US: IceWarp Server
 CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 
leaves data ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14cf625e7712c9e72de1cc4acf244c96d1a32858

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/14cf625e7712c9e72de1cc4acf244c96d1a32858
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-09-01 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9472dd6b by Salvatore Bonaccorso at 2018-09-01T20:27:32Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,5 +1,5 @@
 CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the 
/webmail/ ...)
-   TODO: check
+   NOT-FOR-US: IceWarp Server
 CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 
leaves data ...)
- imagemagick 
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
@@ -8,7 +8,7 @@ CVE-2018-16322
 CVE-2018-16321
RESERVED
 CVE-2018-16320 (idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory 
...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-16319
RESERVED
 CVE-2018-16318
@@ -16,13 +16,13 @@ CVE-2018-16318
 CVE-2018-16317
RESERVED
 CVE-2018-16316 (A stored Cross-site scripting (XSS) vulnerability in Portainer 
through ...)
-   TODO: check
+   NOT-FOR-US: Portainer
 CVE-2018-16315 (In waimai Super Cms 20150505, there is a CSRF vulnerability 
that can ...)
-   TODO: check
+   NOT-FOR-US: waimai Super Cms
 CVE-2018-16314 (An issue was discovered in admincp.php in idreamsoft iCMS 
7.0.11. When ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-16313 (Bludit 2.3.4 allows XSS via a user name. ...)
-   TODO: check
+   NOT-FOR-US: Bludit
 CVE-2018-16312
RESERVED
 CVE-2018-16311
@@ -32,7 +32,7 @@ CVE-2018-16310
 CVE-2018-16309
RESERVED
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows 
CSV ...)
-   TODO: check
+   NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-16307
RESERVED
 CVE-2018-16306
@@ -42,9 +42,9 @@ CVE-2018-16305
 CVE-2018-16304
RESERVED
 CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers 
to cause a ...)
-   TODO: check
+   NOT-FOR-US: PDF-XChange Editor
 CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a 
crafted ...)
-   TODO: check
+   NOT-FOR-US: MediaComm Zip-n-Go
 CVE-2018-16301
RESERVED
 CVE-2018-16300
@@ -26388,11 +26388,11 @@ CVE-2018-6261
 CVE-2018-6260
RESERVED
 CVE-2018-6259 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains 
a ...)
-   TODO: check
+   NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6258 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains 
a ...)
-   TODO: check
+   NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6257 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains 
a ...)
-   TODO: check
+   NOT-FOR-US: NVIDIA GeForce Experience
 CVE-2018-6256
RESERVED
 CVE-2018-6255



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9472dd6b0f25fca07aa72c25f62ec3f100a55a60

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9472dd6b0f25fca07aa72c25f62ec3f100a55a60
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1b240be9 by Salvatore Bonaccorso at 2018-08-31T20:23:45Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -5,11 +5,11 @@ CVE-2018-16280
 CVE-2018-16279
RESERVED
 CVE-2018-16278 (phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an ...)
-   TODO: check
+   NOT-FOR-US: phpkaiyuancms PhpOpenSourceCMS (POSCMS)
 CVE-2018-16277
RESERVED
 CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
-   TODO: check
+   NOT-FOR-US: OPSWAT MetaDefender
 CVE-2018-16276 (An issue was discovered in yurex_read in 
drivers/usb/misc/yurex.c in ...)
- linux 4.17.8-1
NOTE: Fixed by: 
https://git.kernel.org/linus/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 (4.18-rc5)
@@ -12960,13 +12960,13 @@ CVE-2018-11059 (RSA Archer, versions prior to 
6.4.0.1, contain a stored cross-si
 CVE-2018-11058
RESERVED
 CVE-2018-11057 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 
4.0.x) and ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-11056 (RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), 
and RSA ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-11055 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 
4.0.x) and ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-11054 (RSA BSAFE Micro Edition Suite, version 4.1.6, contains an 
integer ...)
-   TODO: check
+   NOT-FOR-US: RSA BSAFE Micro Edition Suite
 CVE-2018-11053 (Dell EMC iDRAC Service Module for all supported Linux and 
XenServer ...)
NOT-FOR-US: Dell
 CVE-2018-11052 (Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an 
authentication ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b240be9e116fe469881c3def8a8b5a18c54000a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b240be9e116fe469881c3def8a8b5a18c54000a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-30 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5d4a1c03 by Salvatore Bonaccorso at 2018-08-30T20:27:19Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -141,7 +141,7 @@ CVE-2018-16161
 CVE-2018-16160
RESERVED
 CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows 
SQL ...)
-   TODO: check
+   NOT-FOR-US: Gift Vouchers plugin for WordPress
 CVE-2018- [gitlab: Missing Authorization Control API Repository Storage]
- gitlab  (Only affects Enterprise edition)
NOTE: 
https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
@@ -165,7 +165,7 @@ CVE-2018- [gitlab: Persistent XSS in Pipeline Tooltip]
 CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 
13.4.0.10 ...)
NOT-FOR-US: Eaton Power Xpert Meter
 CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers 
to modify ...)
-   TODO: check
+   NOT-FOR-US: waimai Super Cms
 CVE-2018-16156
RESERVED
 CVE-2018-16155
@@ -1099,7 +1099,7 @@ CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local 
OS guest users to cause
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
 CVE-2018-15745 (Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated 
Directory ...)
-   TODO: check
+   NOT-FOR-US: Argus Surveillance DVR
 CVE-2018-15744
RESERVED
 CVE-2018-15743
@@ -1220,7 +1220,7 @@ CVE-2018-15693
 CVE-2018-15692
RESERVED
 CVE-2018-15691 (Insecure deserialization of a specially crafted serialized 
object, in ...)
-   TODO: check
+   NOT-FOR-US: CA Release Automation
 CVE-2018-15690
RESERVED
 CVE-2018-15689
@@ -1777,15 +1777,15 @@ CVE-2018-15482 (Certain LG devices based on Android 6.0 
through 8.1 have incorre
 CVE-2018-15481 (Improper input sanitization within the restricted 
administration shell ...)
NOT-FOR-US: UCOPIA
 CVE-2018-15480 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, 
WiFi ...)
-   TODO: check
+   NOT-FOR-US: myStrom
 CVE-2018-15479 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, 
WiFi ...)
-   TODO: check
+   NOT-FOR-US: myStrom
 CVE-2018-15478 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, 
WiFi ...)
-   TODO: check
+   NOT-FOR-US: myStrom
 CVE-2018-15477 (myStrom WiFi Switch V1 devices before 2.66 did not sanitize a 
...)
-   TODO: check
+   NOT-FOR-US: myStrom
 CVE-2018-15476 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, 
WiFi ...)
-   TODO: check
+   NOT-FOR-US: myStrom
 CVE-2018-15475
RESERVED
 CVE-2018-15474
@@ -1999,9 +1999,9 @@ CVE-2018-15366
 CVE-2018-15365
RESERVED
 CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information 
...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in 
Trend ...)
-   TODO: check
+   NOT-FOR-US: Trend Micro
 CVE-2018-15362
RESERVED
 CVE-2018-15361
@@ -2979,15 +2979,15 @@ CVE-2018-14905 (The Web server in 3CX version 
15.5.8801.3 is vulnerable to Refle
 CVE-2018-14904 (Samsung Syncthru Web Service V4.05.61 is vulnerable to 
Multiple ...)
NOT-FOR-US: Samsung Syncthru Web Service
 CVE-2018-14903 (EPSON WF-2750 printers with firmware JP02I2 do not properly 
validate ...)
-   TODO: check
+   NOT-FOR-US: EPSON WF-2750 printers
 CVE-2018-14902 (The ContentProvider in the EPSON iPrint application 6.6.3 for 
Android ...)
-   TODO: check
+   NOT-FOR-US: EPSON iPrint application for Android
 CVE-2018-14901 (The EPSON iPrint application 6.6.3 for Android contains 
hard-coded API ...)
-   TODO: check
+   NOT-FOR-US: EPSON iPrint application for Android
 CVE-2018-14900 (On EPSON WF-2750 printers with firmware JP02I2, there is no 
filtering ...)
-   TODO: check
+   NOT-FOR-US: EPSON WF-2750 printers
 CVE-2018-14899 (On the EPSON WF-2750 printer with firmware JP02I2, the Web 
interface ...)
-   TODO: check
+   NOT-FOR-US: EPSON WF-2750 printer
 CVE-2018-14898
RESERVED
 CVE-2018-14897
@@ -4682,7 +4682,7 @@ CVE-2018-14319
 CVE-2018-14318
RESERVED
 CVE-2018-14317 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-14316 (This vulnerability allows remote attackers to disclose 
sensitive ...)
NOT-FOR-US: Foxit Reader
 CVE-2018-14315 (This vulnerability allows remote attackers to execute 
arbitrary code ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d4a1c036ad123edbe76b42d1477a7f47b639af0

-- 
View it on GitLab: 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-29 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1472e4d7 by Salvatore Bonaccorso at 2018-08-29T21:00:54Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -436,7 +436,7 @@ CVE-2018-15914
 CVE-2018-15913
RESERVED
 CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in 
manjaro-system ...)
-   TODO: check
+   NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
 CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH 
through 7.8 ...)
- openssh  (bug #907503)
[stretch] - openssh  (Minor issue)
@@ -460,7 +460,7 @@ CVE-2018-15908 (In Artifex Ghostscript 9.23 before 
2018-08-23, attackers are abl
NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
NOTE: https://www.kb.cert.org/vuls/id/332928
 CVE-2018-15907 (Technicolor (formerly RCA) TC8305C devices have a Buffer 
Overflow. ...)
-   TODO: check
+   NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
 CVE-2018-15906
RESERVED
 CVE-2018-15905
@@ -1358,7 +1358,7 @@ CVE-2018-15564 (An issue was discovered in daveismyname 
simple-cms through 2014-
 CVE-2018-15563
RESERVED
 CVE-2018-15562 (CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or 
...)
-   TODO: check
+   NOT-FOR-US: CMS ISWEB
 CVE-2018-15561
RESERVED
 CVE-2018-15560 (PyCryptodome before 3.6.6 has an integer overflow in the 
data_len ...)
@@ -2956,7 +2956,7 @@ CVE-2018-14807
 CVE-2018-14806
RESERVED
 CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the 
system ...)
-   TODO: check
+   NOT-FOR-US: ABB eSOMS
 CVE-2018-14804
RESERVED
 CVE-2018-14803
@@ -3058,7 +3058,7 @@ CVE-2018-14770
 CVE-2018-14769
RESERVED
 CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, 
MS9*, SD9*, ...)
-   TODO: check
+   NOT-FOR-US: VIVOTEK devices
 CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins 
TraceTronic ...)
NOT-FOR-US: Jenkins plugin
 CVE-2018-1999026 (A server-side request forgery vulnerability exists in 
Jenkins ...)
@@ -7810,17 +7810,17 @@ CVE-2018-12813
 CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 
2017.011.30079 and ...)
NOT-FOR-US: Adobe
 CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12810 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 
before ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12809 (Adobe Experience Manager versions 6.4 and earlier have a 
Server-Side ...)
NOT-FOR-US: Adobe
 CVE-2018-12808 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12807 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have an ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12806 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12805 (Adobe Connect versions 9.7.5 and earlier have an Insecure 
Library ...)
NOT-FOR-US: Adobe
 CVE-2018-12804 (Adobe Connect versions 9.7.5 and earlier have an 
Authentication Bypass ...)
@@ -7834,7 +7834,7 @@ CVE-2018-12801
 CVE-2018-12800
RESERVED
 CVE-2018-12799 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12798 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
NOT-FOR-US: Adobe
 CVE-2018-12797 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
@@ -8018,7 +8018,7 @@ CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 
through 3.8.8 before 3.
 CVE-2018-12711 (An XSS issue was discovered in the language switcher module in 
Joomla! ...)
NOT-FOR-US: Joomla!
 CVE-2018-12710 (An issue was discovered on D-Link DIR-601 2.02NA devices. 
Being local ...)
-   TODO: check
+   NOT-FOR-US: D-Link DIR-601 2.02NA devices
 CVE-2016-10724 (Bitcoin Core before v0.13.0 allows denial of service (memory 
...)
- bitcoin 0.13.0-0.1
 CVE-2018-12709
@@ -24749,7 +24749,7 @@ CVE-2018-6599 (An issue was discovered on Orbic Wonder 
...)
 CVE-2018-6598 (An issue was discovered on Orbic Wonder ...)
TODO: check
 CVE-2018-6597 (The Alcatel A30 device with a build fingerprint of ...)
-   TODO: check
+   NOT-FOR-US: Alcatel A30 device
 CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 
is prone ...)
{DSA-4107-1}
- django-anymail 1.3-1 (bug #889450)



View it on GitLab: 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-28 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
18bc98f2 by Salvatore Bonaccorso at 2018-08-28T21:30:01Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -6315,7 +6315,7 @@ CVE-2018-13397
 CVE-2018-13396
RESERVED
 CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Jira
 CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions 
before ...)
NOT-FOR-US: Atlassian Confluence Questions
 CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence 
Questions ...)
@@ -6323,7 +6323,7 @@ CVE-2018-13393 (The convertCommentToAnswer resource in 
Atlassian Confluence Ques
 CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before 
version ...)
NOT-FOR-US: Atlassian
 CVE-2018-13391 (The ProfileLinkUserFormat component of Jira Server before 
version ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Jira Server
 CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via 
network from ...)
NOT-FOR-US: Atlassian
 CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 
6.6.1 ...)
@@ -32224,7 +32224,7 @@ CVE-2018-3910
 CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250-Firmware
 CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3906
@@ -32250,7 +32250,7 @@ CVE-2018-3897
 CVE-2018-3896
RESERVED
 CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
 CVE-2018-3894
RESERVED
 CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the ...)
@@ -42492,7 +42492,7 @@ CVE-2018-0717
 CVE-2018-0716
RESERVED
 CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station 
versions ...)
-   TODO: check
+   NOT-FOR-US: QNAP Photo Station
 CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and 
...)
NOT-FOR-US: Helpdesk
 CVE-2018-0713
@@ -160354,17 +160354,17 @@ CVE-2014-6051 (Integer overflow in the 
MallocFrameBuffer function in vncviewer.c
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: 
https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
 CVE-2014-6050 (phpMyFAQ before 2.8.13 allows remote attackers to bypass the 
CAPTCHA ...)
-   TODO: check
+   NOT-FOR-US: phpMyFAQ
 CVE-2014-6049 (phpMyFAQ before 2.8.13 allows remote authenticated users with 
admin ...)
-   TODO: check
+   NOT-FOR-US: phpMyFAQ
 CVE-2014-6048 (phpMyFAQ before 2.8.13 allows remote attackers to read 
arbitrary ...)
-   TODO: check
+   NOT-FOR-US: phpMyFAQ
 CVE-2014-6047 (phpMyFAQ before 2.8.13 allows remote authenticated users with 
certain ...)
-   TODO: check
+   NOT-FOR-US: phpMyFAQ
 CVE-2014-6046 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
phpMyFAQ ...)
-   TODO: check
+   NOT-FOR-US: phpMyFAQ
 CVE-2014-6045 (SQL injection vulnerability in phpMyFAQ before 2.8.13 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: phpMyFAQ
 CVE-2014-6044
RESERVED
 CVE-2014-6043 (ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 
build 8020 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18bc98f20bf079a67df55e72a03a968a995704d1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18bc98f20bf079a67df55e72a03a968a995704d1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-28 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
57f915f7 by Salvatore Bonaccorso at 2018-08-28T20:43:53Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -38393,7 +38393,7 @@ CVE-2018-1707
 CVE-2018-1706
RESERVED
 CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum 
...)
-   TODO: check
+   NOT-FOR-US: IBM Platform Symphony
 CVE-2018-1704
RESERVED
 CVE-2018-1703
@@ -163013,7 +163013,7 @@ CVE-2014-4934
 CVE-2014-4933
RESERVED
 CVE-2014-4932 (Cross-site scripting (XSS) vulnerability in the Wordfence 
Security ...)
-   TODO: check
+   NOT-FOR-US: Wordfence Security plugin for WordPress
 CVE-2014-4931
RESERVED
 CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in 
event/index2.do ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57f915f7433374b90e88faf055ab2fd6346c3769

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/57f915f7433374b90e88faf055ab2fd6346c3769
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-28 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
32f2e53c by Salvatore Bonaccorso at 2018-08-28T20:31:18Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -311,7 +311,7 @@ CVE-2018-15903
 CVE-2018-15902
RESERVED
 CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of 
changing ...)
-   TODO: check
+   NOT-FOR-US: e107
 CVE-2018-15900
RESERVED
 CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a 
post.php?date= XSS ...)
@@ -356,7 +356,7 @@ CVE-2018-15886
 CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission 
of ...)
NOT-FOR-US: Ovation FindMe
 CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
-   TODO: check
+   NOT-FOR-US: RICOH MP C4504ex devices
 CVE-2018-15883
RESERVED
 CVE-2018-15882
@@ -497,7 +497,7 @@ CVE-2018-15841
 CVE-2018-15840
RESERVED
 CVE-2018-15839 (D-Link DIR-615 devices have a buffer overflow via a long 
Authorization ...)
-   TODO: check
+   NOT-FOR-US: D-Link DIR-615 devices
 CVE-2018-15838
RESERVED
 CVE-2018-15837
@@ -702,7 +702,7 @@ CVE-2018-15742
 CVE-2018-15741
RESERVED
 CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the 
Workflow ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine ADManager Plus
 CVE-2018-15739
RESERVED
 CVE-2018-15738
@@ -980,7 +980,7 @@ CVE-2018-15610
 CVE-2018-15609
RESERVED
 CVE-2018-15608 (Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection 
on the ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine ADManager Plus
 CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 
0x36 0x36 ...)
- imagemagick  (low)
[stretch] - imagemagick  (Minor issue)
@@ -1179,7 +1179,7 @@ CVE-2018-15572 (The spectre_v2_select_mitigation function 
in arch/x86/kernel/cpu
- linux 4.17.15-1
NOTE: 
https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
 CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress 
allows CSV ...)
-   TODO: check
+   NOT-FOR-US: Export Users to CSV plugin for WordPress
 CVE-2018-15570 (In waimai Super Cms 20150505, there is stored XSS via the ...)
NOT-FOR-US: waimai Super Cms
 CVE-2018-15569 (my little forum 2.4.12 allows CSRF for deletion of users. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/32f2e53ce3a59d6f7a1f05ec01f8b872cacf7691

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/32f2e53ce3a59d6f7a1f05ec01f8b872cacf7691
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-27 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
77544866 by Salvatore Bonaccorso at 2018-08-27T20:33:49Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -18,7 +18,7 @@ CVE-2018-15906
 CVE-2018-15905
RESERVED
 CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 
...)
-   TODO: check
+   NOT-FOR-US: A10 ACOS Web Application Firewall
 CVE-2018-15903
RESERVED
 CVE-2018-15902
@@ -63,7 +63,7 @@ CVE-2015-9263 (An issue was discovered in post2file.php in 
Up.Time Monitoring St
 CVE-2014-10074 (Umbraco before 7.2.0 has a remote PHP code execution 
vulnerability ...)
NOT-FOR-US: Umbraco
 CVE-2018-15887 (Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is 
prone to ...)
-   TODO: check
+   NOT-FOR-US: ASUS DSL-N12E_C1
 CVE-2018-15886
RESERVED
 CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission 
of ...)
@@ -271,7 +271,7 @@ CVE-2018-15812
 CVE-2018-15811
RESERVED
 CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory 
...)
-   TODO: check
+   NOT-FOR-US: Visiology Flipbox Software Suite
 CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure 
Authenticated Users: ...)
NOT-FOR-US: AccuPOS
 CVE-2018-15808 (POSIM EVO 15.13 for Windows includes hardcoded database 
credentials for ...)
@@ -505,17 +505,17 @@ CVE-2018-15701
 CVE-2018-15700
RESERVED
 CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for 
a ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated 
remote ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15697 (ASUSTOR Data Master 3.1.5 and below allows authenticated 
remote ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15696 (ASUSTOR Data Master 3.1.5 and below allows authenticated 
remote ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below allows authenticated 
remote ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated 
remote ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR Data Master
 CVE-2018-15693
RESERVED
 CVE-2018-15692
@@ -31880,7 +31880,7 @@ CVE-2018-3929 (An exploitable heap corruption exists in 
the PowerPoint document
 CVE-2018-3928
RESERVED
 CVE-2018-3927 (An exploitable information disclosure vulnerability exists in 
the ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3926
RESERVED
 CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the 
remote ...)
@@ -31898,7 +31898,7 @@ CVE-2018-3920
 CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists 
in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of 
Samsung ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware 
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3916
@@ -31912,21 +31912,21 @@ CVE-2018-3913
 CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware 
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in 
the ...)
-   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3910
RESERVED
 CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
-   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3908
RESERVED
 CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
-   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3906
RESERVED
 CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the 
camera ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the 
camera ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3903 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware 
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the 
camera ...)
@@ -31948,7 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-24 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
07c58323 by Salvatore Bonaccorso at 2018-08-24T08:22:18Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -111,11 +111,11 @@ CVE-2018-15811
 CVE-2018-15810
RESERVED
 CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure 
Authenticated Users: ...)
-   TODO: check
+   NOT-FOR-US: AccuPOS
 CVE-2018-15808 (POSIM EVO 15.13 for Windows includes hardcoded database 
credentials for ...)
-   TODO: check
+   NOT-FOR-US: POSIM EVO for Windows
 CVE-2018-15807 (POSIM EVO 15.13 for Windows includes an Emergency 
Override ...)
-   TODO: check
+   NOT-FOR-US: POSIM EVO for Windows
 CVE-2018-15806
RESERVED
 CVE-2018-15805
@@ -31725,15 +31725,15 @@ CVE-2018-3913
 CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware 
version ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in 
the ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3910
RESERVED
 CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3908
RESERVED
 CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of 
video-core's ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3906
RESERVED
 CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the 
camera ...)
@@ -31787,7 +31787,7 @@ CVE-2018-3882
 CVE-2018-3881 (An exploitable unauthenticated XML external injection 
vulnerability ...)
NOT-FOR-US: FocalScope
 CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists 
in the ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the 
credentials ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in 
the ...)
@@ -31803,7 +31803,7 @@ CVE-2018-3874
 CVE-2018-3873
RESERVED
 CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the 
credentials ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing 
...)
NOT-FOR-US: Canvas Draw
 CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing 
...)
@@ -31815,7 +31815,7 @@ CVE-2018-3868 (A specially crafted TIFF image processed 
via the application can 
 CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists 
in the ...)
NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3866 (An exploitable buffer overflow vulnerability exists in the ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3865
RESERVED
 CVE-2018-3864
@@ -31835,7 +31835,7 @@ CVE-2018-3858 (An exploitable heap overflow exists in 
the TIFF parsing functiona
 CVE-2018-3857 (An exploitable heap overflow exists in the TIFF parsing 
functionality ...)
NOT-FOR-US: Canvas Draw
 CVE-2018-3856 (An exploitable vulnerability exists in the smart cameras RTSP 
...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
NOT-FOR-US: Hyland Perceptive Document Filters
 CVE-2018-3854



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/07c58323a4c36ad6499a66c57c62a87a975227f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/07c58323a4c36ad6499a66c57c62a87a975227f1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-23 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aec3b5a3 by Salvatore Bonaccorso at 2018-08-23T20:19:08Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-15806
 CVE-2018-15805
RESERVED
 CVE-2018-15804 (An issue was discovered in the MapR File System in MapR 
Converged Data ...)
-   TODO: check
+   NOT-FOR-US: MapR File System
 CVE-2018-15803
RESERVED
 CVE-2018-15802
@@ -115,7 +115,7 @@ CVE-2018-15750
 CVE-2018-15749
RESERVED
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 
2.70.05.02, ...)
-   TODO: check
+   NOT-FOR-US: Dell 2335dn printers
 CVE-2018-15747
RESERVED
 CVE-2018-15746
@@ -2215,15 +2215,15 @@ CVE-2018-14803
 CVE-2018-14802
RESERVED
 CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 
Cardiographs, all ...)
-   TODO: check
+   NOT-FOR-US: Philips PageWriter
 CVE-2018-14800
RESERVED
 CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 
Cardiographs, all ...)
-   TODO: check
+   NOT-FOR-US: Philips PageWriter
 CVE-2018-14798
RESERVED
 CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 
allow a ...)
-   TODO: check
+   NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14796
RESERVED
 CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is 
vulnerable ...)
@@ -2235,15 +2235,15 @@ CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 
13.3.1, and R5 is vulner
 CVE-2018-14792
RESERVED
 CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 
may ...)
-   TODO: check
+   NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14790
RESERVED
 CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV 
Version ...)
-   TODO: check
+   NOT-FOR-US: Philips
 CVE-2018-14788
RESERVED
 CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV 
Version ...)
-   TODO: check
+   NOT-FOR-US: Philips
 CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe 
pumps ...)
TODO: check
 CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) 
with ...)
@@ -23586,7 +23586,7 @@ CVE-2018-6694
 CVE-2018-6693
RESERVED
 CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in 
Belkin ...)
-   TODO: check
+   NOT-FOR-US: Belkin Wemo Insight Smart Plug
 CVE-2018-6691
RESERVED
 CVE-2018-6690
@@ -28424,7 +28424,7 @@ CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are 
memory leaks in ReadPATTER
 CVE-2018-5245
RESERVED
 CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior 
to ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible 
to a ...)
NOT-FOR-US: Norton App Lock
 CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 
6.5, ...)
@@ -28434,13 +28434,13 @@ CVE-2018-5240 (The Inventory Plugin for Symantec 
Management Agent prior to 7.6 P
 CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a 
bypass ...)
NOT-FOR-US: Norton
 CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 
2.1.242) ...)
-   TODO: check
+   NOT-FOR-US: Norton
 CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 
MP10 ...)
NOT-FOR-US: Symantec
 CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 
MP10 may ...)
NOT-FOR-US: Symantec
 CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a 
DLL ...)
-   TODO: check
+   NOT-FOR-US: Norton
 CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a 
command ...)
NOT-FOR-US: Norton Core router
 CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
@@ -31571,7 +31571,7 @@ CVE-2018-3927
 CVE-2018-3926
RESERVED
 CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the 
remote ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
@@ -31583,11 +31583,11 @@ CVE-2018-3921 (A memory corruption vulnerability 
exists in the PSD-parsing ...)
 CVE-2018-3920
RESERVED
 CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists 
in the ...)
-   TODO: check
+   NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
 CVE-2018-3918
RESERVED
 CVE-2018-3917 (On Samsung 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-21 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
39796ed7 by Salvatore Bonaccorso at 2018-08-21T20:28:48Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,9 @@ CVE-2018-15663
 CVE-2018-15662
RESERVED
 CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka 
...)
-   TODO: check
+   NOT-FOR-US: Ola Money application for Android
 CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka 
...)
-   TODO: check
+   NOT-FOR-US: Ola Money application for Android
 CVE-2018-15659
RESERVED
 CVE-2018-15658



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39796ed7361fac3257d11b01758a4d3e16433f6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/39796ed7361fac3257d11b01758a4d3e16433f6d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-21 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
94b7d131 by Salvatore Bonaccorso at 2018-08-21T08:44:27Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,9 +31,9 @@ CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a 
Buffer Overflow ...)
 CVE-2018-1000220
REJECTED
 CVE-2018-1000219 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting 
(XSS) ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-1000218 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting 
(XSS) ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-1000217 (Dave Gamble cJSON version 1.7.3 and earlier contains a 
CWE-416: Use ...)
TODO: check
 CVE-2018-1000216 (Dave Gamble cJSON version 1.7.2 and earlier contains a 
CWE-415: Double ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94b7d131e3c62cefe7cabb6c320f84e9f566b2fb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94b7d131e3c62cefe7cabb6c320f84e9f566b2fb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-21 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
90ea0ece by Salvatore Bonaccorso at 2018-08-21T08:41:11Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,18 +1,18 @@
 CVE-2018-15604
RESERVED
 CVE-2018-15603 (An issue was discovered in Victor CMS through 2018-05-10. 
There is XSS ...)
-   TODO: check
+   NOT-FOR-US: Victor CMS
 CVE-2018-15602
RESERVED
 CVE-2018-15601 (apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 
performs ...)
-   TODO: check
+   NOT-FOR-US: Elefant CMS
 CVE-2018-15600
RESERVED
 CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in 
Dropbear ...)
- dropbear 
NOTE: lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
 CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, 
exposes the ...)
-   TODO: check
+   NOT-FOR-US: Traefik
 CVE-2018-15597
RESERVED
 CVE-2018-15596



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90ea0ece607c8261127efd65d63e6fcb66d983cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90ea0ece607c8261127efd65d63e6fcb66d983cf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-18 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5be8fe1f by Salvatore Bonaccorso at 2018-08-18T08:43:03Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,11 +15,11 @@ CVE-2018-15507
 CVE-2018-15506
RESERVED
 CVE-2018-15505 (An issue was discovered in Embedthis GoAhead before 4.0.1 and 
Appweb ...)
-   TODO: check
+   NOT-FOR-US: Embedthis GoAhead
 CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and 
Appweb ...)
-   TODO: check
+   NOT-FOR-US: Embedthis GoAhead
 CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks 
correct size ...)
-   TODO: check
+   NOT-FOR-US: Swoole
 CVE-2018-15502
RESERVED
 CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 
and 0.27.x ...)
@@ -43,9 +43,9 @@ CVE-2018-15494 (In Dojo Toolkit before 1.14, there is 
unescaped string injection
 CVE-2018-15493
RESERVED
 CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel 
License ...)
-   TODO: check
+   NOT-FOR-US: Sentinel License Manager
 CVE-2018-15491 (A vulnerability in the permission and encryption 
implementation of ...)
-   TODO: check
+   NOT-FOR-US: Zemana Anti-Logger
 CVE-2018-15490
RESERVED
 CVE-2018-15489
@@ -63,7 +63,7 @@ CVE-2018-15484
 CVE-2018-15483
RESERVED
 CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have 
incorrect ...)
-   TODO: check
+   NOT-FOR-US: LG devices specific issue
 CVE-2018-15481
RESERVED
 CVE-2018-15480
@@ -1095,9 +1095,9 @@ CVE-2018-14984
 CVE-2018-14983
RESERVED
 CVE-2018-14982 (Certain LG devices based on Android 6.0 through 8.1 have 
incorrect ...)
-   TODO: check
+   NOT-FOR-US: LG devices specific issue
 CVE-2018-14981 (Certain LG devices based on Android 6.0 through 8.1 have 
incorrect ...)
-   TODO: check
+   NOT-FOR-US: LG devices specific issue
 CVE-2018-14980
RESERVED
 CVE-2018-14979



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5be8fe1fd355c73e665cf6d4c3f524a722fb016e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5be8fe1fd355c73e665cf6d4c3f524a722fb016e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-17 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc0f0c15 by Salvatore Bonaccorso at 2018-08-17T21:19:39Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -231,27 +231,27 @@ CVE-2018-15362
 CVE-2018-15361
RESERVED
 CVE-2018-15360 (An attacker without authentication can login with default 
credentials ...)
-   TODO: check
+   NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15359 (An authenticated attacker with low privileges can use insecure 
sudo ...)
-   TODO: check
+   NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15358 (An authenticated attacker with low privileges can activate 
high ...)
-   TODO: check
+   NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15357 (An authenticated attacker with low privileges can extract 
password ...)
-   TODO: check
+   NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15356 (An authenticated attacker can execute arbitrary code using 
command ...)
-   TODO: check
+   NOT-FOR-US: Eltex ESP-200 firmware
 CVE-2018-15355 (Usage of SSLv2 and SSLv3 leads to transmitted data decryption 
in ...)
-   TODO: check
+   NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15354 (A Buffer Overflow exploited through web interface by remote 
attacker ...)
-   TODO: check
+   NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15353 (A Buffer Overflow exploited through web interface by remote 
attacker ...)
-   TODO: check
+   NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15352 (An attacker with low privileges can cause denial of service in 
...)
-   TODO: check
+   NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15351 (Denial of service via crafting malicious link and sending it 
to a ...)
-   TODO: check
+   NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware 
version ...)
-   TODO: check
+   NOT-FOR-US: Kraftway 24F2XG Router firmware
 CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration 
vulnerability due to ...)
- openssh 1:7.7p1-4 (bug #906236)
NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
@@ -3387,10 +3387,11 @@ CVE-2018-14060 (OS command injection in the AP mode 
settings feature in /cgi-bin
NOT-FOR-US: Xiaomi R3D
 CVE-2018-14059
RESERVED
+   NOT-FOR-US: Pimcore
 CVE-2018-14058 (Pimcore before 5.3.0 allows SQL Injection via the REST web 
service ...)
-   TODO: check
+   NOT-FOR-US: Pimcore
 CVE-2018-14057 (Pimcore before 5.3.0 allows remote attackers to conduct 
cross-site ...)
-   TODO: check
+   NOT-FOR-US: Pimcore
 CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted 
lines coming ...)
{DSA-4252-1 DLA-1427-1}
- znc 1.7.1-1 (bug #903787)
@@ -26736,9 +26737,9 @@ CVE-2018-5549
 CVE-2018-5548
RESERVED
 CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior 
to ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM 
client prior ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5545
RESERVED
 CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders 
certain ...)
@@ -89011,7 +89012,7 @@ CVE-2017-1734 (IBM Jazz Team Server affecting the 
following IBM Rational Product
 CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log 
files ...)
NOT-FOR-US: IBM
 CVE-2017-1732 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 
does ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
provide ...)
NOT-FOR-US: IBM WebSphere Application Server
 CVE-2017-1730



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc0f0c1507b6cb0ff0f6c6a3317b02b8425e8dfb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cc0f0c1507b6cb0ff0f6c6a3317b02b8425e8dfb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-17 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f569af91 by Salvatore Bonaccorso at 2018-08-17T08:19:28Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -534,7 +534,7 @@ CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox 
Smart Home Controller B
 CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home 
Controller ...)
NOT-FOR-US: Zipato
 CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 
2018.1.323.2 ...)
-   TODO: check
+   NOT-FOR-US: Telerik
 CVE-2018-15121
RESERVED
 CVE-2018-15120
@@ -4565,7 +4565,7 @@ CVE-2018-13447 (SQL injection vulnerability in 
product/card.php in Dolibarr ERP/
- dolibarr 
NOTE: 
https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
 CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
-   TODO: check
+   NOT-FOR-US: LINE jp.naver.line application for Android
 CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF 
vulnerability ...)
NOT-FOR-US: SeaCMS
 CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF 
vulnerability ...)
@@ -4591,9 +4591,9 @@ CVE-2018-13437
 CVE-2018-13436
RESERVED
 CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
-   TODO: check
+   NOT-FOR-US: LINE jp.naver.line application for iOS
 CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE 
jp.naver.line ...)
-   TODO: check
+   NOT-FOR-US: LINE jp.naver.line application for iOS
 CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown 
text, as ...)
NOT-FOR-US: Boostnote
 CVE-2018-13432
@@ -7687,7 +7687,7 @@ CVE-2018-12258 (An issue was discovered on Momentum Axel 
720P 5.1.8 devices. Cus
 CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. 
There is ...)
NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 
allows remote ...)
-   TODO: check
+   NOT-FOR-US: LiteCart
 CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the 
Quote PDF ...)
NOT-FOR-US: InvoicePlane
 CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 
component for ...)
@@ -9557,11 +9557,11 @@ CVE-2018-11513
 CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the 
Website's name ...)
NOT-FOR-US: wityCMS
 CVE-2018-11511 (The tree list functionality in the photo gallery application 
in ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR ADM
 CVE-2018-11510 (ASUSTOR ADM 3.1.2.RHG1 and earlier uses the same default 
root:admin ...)
NOT-FOR-US: ASUSTOR
 CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin 
username and ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR ADM
 CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux 
kernel ...)
- linux 4.16.12-1
[stretch] - linux  (Vulnerable code introduced later)
@@ -17553,9 +17553,9 @@ CVE-2018-8408
 CVE-2018-8407
RESERVED
 CVE-2018-8406 (An elevation of privilege vulnerability exists when the DirectX 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8405 (An elevation of privilege vulnerability exists when the DirectX 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8404 (An elevation of privilege vulnerability exists in Windows when 
the ...)
NOT-FOR-US: Microsoft
 CVE-2018-8403 (A remote code execution vulnerability exists in the way that 
Microsoft ...)
@@ -17563,9 +17563,9 @@ CVE-2018-8403 (A remote code execution vulnerability 
exists in the way that Micr
 CVE-2018-8402
RESERVED
 CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8400 (An elevation of privilege vulnerability exists when the DirectX 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8399 (An elevation of privilege vulnerability exists in Windows when 
the ...)
NOT-FOR-US: Microsoft
 CVE-2018-8398 (An information disclosure vulnerability exists when the Windows 
GDI ...)
@@ -54002,23 +54002,23 @@ CVE-2017-13110
 CVE-2017-13109
RESERVED
 CVE-2017-13108 (DFNDR Security Antivirus, Anti-hacking  Cleaner, 5.0.9, 
2017-11-01, ...)
-   TODO: check
+   NOT-FOR-US: DFNDR Security Antivirus, Anti-hacking & Cleaner
 CVE-2017-13107 (Live.me - live stream video chat, 3.7.20, 2017-11-06, Android 
...)
-   TODO: check
+   NOT-FOR-US: Live.me - live stream video chat Android application
 CVE-2017-13106 (Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, 
Efficient, ...)
-   TODO: check
+ 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
72c614b6 by Salvatore Bonaccorso at 2018-08-16T20:13:07Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13239,9 +13239,9 @@ CVE-2018-10142
 CVE-2018-10141
RESERVED
 CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks 
PAN-OS 8.1.2 ...)
-   TODO: check
+   NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2018-10139 (The PAN-OS response page for GlobalProtect in Palo Alto 
Networks ...)
-   TODO: check
+   NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly 
...)
NOT-FOR-US: DNN
 CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the 
manage_settings section of the ...)
@@ -36665,13 +36665,13 @@ CVE-2018-1717
 CVE-2018-1716
RESERVED
 CVE-2018-1715 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1714
RESERVED
 CVE-2018-1713
RESERVED
 CVE-2018-1712 (IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1711
RESERVED
 CVE-2018-1710



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c614b64b5a78d0db8527dd03a1f77ea0d50ee4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72c614b64b5a78d0db8527dd03a1f77ea0d50ee4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
31dc6f9f by Salvatore Bonaccorso at 2018-08-16T08:15:49Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -40098,7 +40098,7 @@ CVE-2018-0954 (A remote code execution vulnerability 
exists in the way the scrip
 CVE-2018-0953 (A remote code execution vulnerability exists in the way that 
the ...)
NOT-FOR-US: Microsoft
 CVE-2018-0952 (An Elevation of Privilege vulnerability exists when Diagnostics 
Hub ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-0951 (A remote code execution vulnerability exists in the way that 
the ...)
NOT-FOR-US: Microsoft
 CVE-2018-0950 (An information disclosure vulnerability exists when Office 
renders ...)
@@ -41556,9 +41556,9 @@ CVE-2018-0430
 CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before 
commit ...)
NOT-FOR-US: Cisco
 CVE-2018-0428 (A vulnerability in the account management subsystem of Cisco 
Web ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0427 (A vulnerability in the CronJob scheduler API of Cisco Digital 
Network ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0426
RESERVED
 CVE-2018-0425
@@ -41574,27 +41574,27 @@ CVE-2018-0421
 CVE-2018-0420
RESERVED
 CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of 
Cisco ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) 
feature ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0417
RESERVED
 CVE-2018-0416
RESERVED
 CVE-2018-0415 (A vulnerability in the implementation of Extensible 
Authentication ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0414
RESERVED
 CVE-2018-0413 (A vulnerability in the web-based management interface of Cisco 
Identity ...)
NOT-FOR-US: Cisco
 CVE-2018-0412 (A vulnerability in the implementation of Extensible 
Authentication ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0411 (A vulnerability in the web-based management interface of Cisco 
Unified ...)
NOT-FOR-US: Cisco
 CVE-2018-0410 (A vulnerability in the web proxy functionality of Cisco AsyncOS 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0409 (A vulnerability in the XCP Router service of the Cisco Unified 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0408 (A vulnerability in the web-based management interface of Cisco 
Small ...)
NOT-FOR-US: Cisco
 CVE-2018-0407 (A vulnerability in the web-based management interface of Cisco 
Small ...)
@@ -41640,7 +41640,7 @@ CVE-2018-0388
 CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) 
could ...)
NOT-FOR-US: Cisco
 CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0385 (A vulnerability in the detection engine parsing of Security 
Socket ...)
NOT-FOR-US: Cisco
 CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT 
System ...)
@@ -41678,7 +41678,7 @@ CVE-2018-0369 (A vulnerability in the reassembly logic 
for fragmented IPv4 packe
 CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) 
Center ...)
NOT-FOR-US: Cisco
 CVE-2018-0367 (A vulnerability in the web-based management interface of the 
Cisco ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco 
Web ...)
NOT-FOR-US: Cisco
 CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31dc6f9fa9b2ee46f82a9d81fd32217e0c46be80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31dc6f9fa9b2ee46f82a9d81fd32217e0c46be80
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d167d223 by Salvatore Bonaccorso at 2018-08-15T20:25:45Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -406,7 +406,7 @@ CVE-2018-15173 (Nmap through 7.70, when the -sV option is 
used, allows remote at
- nmap  (unimportant)
NOTE: No security impact
 CVE-2018-15172 (TP-Link WR840N devices have a buffer overflow via a long 
Authorization ...)
-   TODO: check
+   NOT-FOR-US: TP-Link WR840N devices
 CVE-2018-15171
RESERVED
 CVE-2018-15170
@@ -438,27 +438,27 @@ CVE-2018-15158
 CVE-2018-15157
RESERVED
 CVE-2018-15156 (OS command injection occurring in versions of OpenEMR before 
5.0.1.4 ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15155 (OS command injection occurring in versions of OpenEMR before 
5.0.1.4 ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15154 (OS command injection occurring in versions of OpenEMR before 
5.0.1.4 ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15153 (OS command injection occurring in versions of OpenEMR before 
5.0.1.4 ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15152 (Authentication bypass vulnerability in 
portal/account/register.php in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15151 (SQL injection vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15150 (SQL injection vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15149 (SQL injection vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15148 (SQL injection vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15147 (SQL injection vulnerability in 
interface/forms_admin/forms_admin.php ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15146 (SQL injection vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEMR
 CVE-2018-15145 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: OpenEMR
 CVE-2018-15144 (SQL injection vulnerability in ...)
@@ -474,7 +474,7 @@ CVE-2018-15140 (Directory traversal in 
portal/import_template.php in versions of
 CVE-2018-15139 (Unrestricted file upload in 
interface/super/manage_site_files.php in ...)
NOT-FOR-US: OpenEMR
 CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ...)
-   TODO: check
+   NOT-FOR-US: Ericsson-LG iPECS NMS 30M
 CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload 
any file ...)
NOT-FOR-US: CeLa Link CLR-M20 devices
 CVE-2018-15136
@@ -4671,9 +4671,9 @@ CVE-2018-13396
 CVE-2018-13395
RESERVED
 CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions 
before ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Confluence Questions
 CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence 
Questions ...)
-   TODO: check
+   NOT-FOR-US: Atlassian Confluence Questions
 CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before 
version ...)
NOT-FOR-US: Atlassian
 CVE-2018-13391
@@ -8127,7 +8127,7 @@ CVE-2018-12058
 CVE-2018-12057
RESERVED
 CVE-2018-12056 (The maxRandom function of a smart contract implementation for 
All For ...)
-   TODO: check
+   NOT-FOR-US: smart contract implementation for All For One
 CVE-2018-12055 (Multiple SQL Injections exist in PHP Scripts Mall Schools 
Alert ...)
NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
 CVE-2018-12054 (Arbitrary File Read exists in PHP Scripts Mall Schools Alert 
Management ...)
@@ -9083,7 +9083,7 @@ CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for 
Samsung DVR is vulnerable
 CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site 
scripting, ...)
NOT-FOR-US: Ignite Realtime Openfire
 CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart 
contract ...)
-   TODO: check
+   NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR)
 CVE-2018-11686
RESERVED
 CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the 
function ...)
@@ -10285,7 +10285,7 @@ CVE-2018-11249
 CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not 
check an ...)
NOT-FOR-US: FileDownloader
 CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2018-11246
RESERVED
 CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with 
cortex ...)
@@ -12308,11 +12308,11 @@ CVE-2018-10514
 CVE-2018-10513
RESERVED
 CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 
and 7.0) ...)
-   TODO: 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-09 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
faa69eca by Salvatore Bonaccorso at 2018-08-10T03:48:09Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23,9 +23,9 @@ CVE-2018-15200
 CVE-2018-15199 (AuraCMS 2.3 allows XSS via a Bukutamu - AddGuestbook 
action. ...)
NOT-FOR-US: AuraCMS
 CVE-2018-15198 (An issue was discovered in OneThink v1.1. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: OneThink
 CVE-2018-15197 (An issue was discovered in OneThink v1.1. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: OneThink
 CVE-2018-15196
RESERVED
 CVE-2018-15195



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/faa69eca6f2f9cc7ed533eb96376bca9f2f7ec92

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/faa69eca6f2f9cc7ed533eb96376bca9f2f7ec92
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-09 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ab03705 by Salvatore Bonaccorso at 2018-08-09T20:38:17Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -51,13 +51,13 @@ CVE-2018-15186
 CVE-2018-15185
RESERVED
 CVE-2018-15184 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 
has ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Naukri / Shine / Jobsite Clone Script
 CVE-2018-15183 (PHP Scripts Mall Myperfectresume / JobHero / Resume Clone 
Script 2.0.6 ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Myperfectresume / JobHero / Resume Clone 
Script
 CVE-2018-15182 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the 
FirstName and ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Car Rental Script
 CVE-2018-15181 (JioFi 4G Hotspot M2S devices allow attackers to cause a denial 
of ...)
-   TODO: check
+   NOT-FOR-US: JioFi 4G Hotspot M2S devices
 CVE-2018-15180
RESERVED
 CVE-2018-15179
@@ -67,11 +67,11 @@ CVE-2018-15178 (Open redirect vulnerability in Gogs before 
0.12 allows remote at
 CVE-2018-15177 (In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF 
attack can ...)
NOT-FOR-US: Gxlcms
 CVE-2018-15176 (XnView 2.45 allows remote attackers to cause a denial of 
service (User ...)
-   TODO: check
+   NOT-FOR-US: XnView
 CVE-2018-15175 (XnView 2.45 allows remote attackers to cause a denial of 
service (User ...)
-   TODO: check
+   NOT-FOR-US: XnView
 CVE-2018-15174 (XnView 2.45 allows remote attackers to cause a denial of 
service (Read ...)
-   TODO: check
+   NOT-FOR-US: XnView
 CVE-2018-15173 (Nmap through 7.70, when the -sV option is used, allows remote 
attackers ...)
TODO: check
 CVE-2018-15172
@@ -153,7 +153,7 @@ CVE-2018-15135
 CVE-2018-15134
RESERVED
 CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, 
remote ...)
-   TODO: check
+   NOT-FOR-US: Laravel
 CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP 
before ...)
TODO: check
 CVE-2018-15131
@@ -9027,7 +9027,7 @@ CVE-2018-11563
 CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in ...)
NOT-FOR-US: MISP
 CVE-2018-11561 (An integer overflow in the unprotected distributeToken 
function of a ...)
-   TODO: check
+   NOT-FOR-US: smart contract implementation for EETHER (EETHER)
 CVE-2018-11560 (The webService binary on Insteon HD IP Camera White 2864-222 
devices ...)
NOT-FOR-US: Insteon
 CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the 
/settings/profile/index.php ...)
@@ -9323,9 +9323,9 @@ CVE-2018-11456 (A vulnerability has been identified in 
Automation License Manage
 CVE-2018-11455 (A vulnerability has been identified in Automation License 
Manager 5 ...)
NOT-FOR-US: Automation License Manager
 CVE-2018-11454 (A vulnerability has been identified in SIMATIC STEP 7 (TIA 
Portal) and ...)
-   TODO: check
+   NOT-FOR-US: SIMATIC
 CVE-2018-11453 (A vulnerability has been identified in SIMATIC STEP 7 (TIA 
Portal) and ...)
-   TODO: check
+   NOT-FOR-US: SIMATIC
 CVE-2018-11452 (A vulnerability has been identified in Firmware variant IEC 
61850 for ...)
NOT-FOR-US: Siemens
 CVE-2018-11451 (A vulnerability has been identified in Firmware variant IEC 
61850 for ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ab03705b5854f9a814a67ac31a3d8ce7d577f49

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6ab03705b5854f9a814a67ac31a3d8ce7d577f49
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-09 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
502b99be by Salvatore Bonaccorso at 2018-08-09T14:41:09Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -34,9 +34,9 @@ CVE-2018-15195
 CVE-2018-15194
RESERVED
 CVE-2018-15193 (A CSRF vulnerability in the admin panel in Gogs through 
0.11.53 allows ...)
-   TODO: check
+   NOT-FOR-US: Go Git Service
 CVE-2018-15192 (An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 
and Gogs ...)
-   TODO: check
+   NOT-FOR-US: Go Git Service
 CVE-2018-15191
RESERVED
 CVE-2018-15190
@@ -64,7 +64,7 @@ CVE-2018-15180
 CVE-2018-15179
RESERVED
 CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: Go Git Service
 CVE-2018-15177 (In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF 
attack can ...)
NOT-FOR-US: Gxlcms
 CVE-2018-15176 (XnView 2.45 allows remote attackers to cause a denial of 
service (User ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/502b99befb865f21c54d8daa56ac64cf7c945d0e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/502b99befb865f21c54d8daa56ac64cf7c945d0e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-08 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
72ba36b5 by Salvatore Bonaccorso at 2018-08-08T09:19:19Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -14,15 +14,15 @@ CVE-2018-15205
 CVE-2018-15204
RESERVED
 CVE-2018-15203 (An issue was discovered in Ignited CMS through 2017-02-19. ...)
-   TODO: check
+   NOT-FOR-US: Ignited CMS
 CVE-2018-15202 (An issue was discovered in Juunan06 eCommerce through 
2018-08-05. There ...)
-   TODO: check
+   NOT-FOR-US: Juunan06 eCommerce
 CVE-2018-15201
RESERVED
 CVE-2018-15200
RESERVED
 CVE-2018-15199 (AuraCMS 2.3 allows XSS via a Bukutamu - AddGuestbook 
action. ...)
-   TODO: check
+   NOT-FOR-US: AuraCMS
 CVE-2018-15198 (An issue was discovered in OneThink v1.1. There is a CSRF 
vulnerability ...)
TODO: check
 CVE-2018-15197 (An issue was discovered in OneThink v1.1. There is a CSRF 
vulnerability ...)
@@ -66,7 +66,7 @@ CVE-2018-15179
 CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote 
attackers ...)
TODO: check
 CVE-2018-15177 (In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF 
attack can ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms
 CVE-2018-15176 (XnView 2.45 allows remote attackers to cause a denial of 
service (User ...)
TODO: check
 CVE-2018-15175 (XnView 2.45 allows remote attackers to cause a denial of 
service (User ...)
@@ -82,9 +82,9 @@ CVE-2018-15171
 CVE-2018-15170
RESERVED
 CVE-2018-15169 (A reflected Cross-site scripting (XSS) vulnerability in Zoho 
...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2018-15168 (A SQL Injection vulnerability exists in the Zoho ManageEngine 
...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2018-15167
RESERVED
 CVE-2018-15166
@@ -146,7 +146,7 @@ CVE-2018-15139
 CVE-2018-15138
RESERVED
 CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload 
any file ...)
-   TODO: check
+   NOT-FOR-US: CeLa Link CLR-M20 devices
 CVE-2018-15136
RESERVED
 CVE-2018-15135



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72ba36b52a123041bac6c576c2d0922ef3860c75

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72ba36b52a123041bac6c576c2d0922ef3860c75
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-07 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ad1d3afc by Salvatore Bonaccorso at 2018-08-08T04:35:46Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,7 +7,7 @@ CVE-2018-15132 (An issue was discovered in 
ext/standard/link_win32.c in PHP befo
 CVE-2018-15131
RESERVED
 CVE-2018-15130 (ThinkSAAS through 2018-07-25 has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: ThinkSAAS
 CVE-2013-7464
RESERVED
 CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the ...)
@@ -946,7 +946,7 @@ CVE-2018-14718
 CVE-2018-14717
RESERVED
 CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the 
SEOmatic ...)
-   TODO: check
+   NOT-FOR-US: SEOmatic plugin for Craft CMS
 CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the 
smart ...)
NOT-FOR-US: smart contract implementations for Cryptogs
 CVE-2018-14714
@@ -5310,7 +5310,7 @@ CVE-2018-12887
 CVE-2018-12886
RESERVED
 CVE-2018-12885 (The randMod() function of the smart contract implementation 
for ...)
-   TODO: check
+   NOT-FOR-US: MyCryptoChamp
 CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an 
authenticated user ...)
NOT-FOR-US: Octopus Deploy
 CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation 
vulnerability in ...)
@@ -9165,9 +9165,9 @@ CVE-2018-11458
 CVE-2018-11457
RESERVED
 CVE-2018-11456 (A vulnerability has been identified in Automation License 
Manager 5 ...)
-   TODO: check
+   NOT-FOR-US: Automation License Manager
 CVE-2018-11455 (A vulnerability has been identified in Automation License 
Manager 5 ...)
-   TODO: check
+   NOT-FOR-US: Automation License Manager
 CVE-2018-11454 (A vulnerability has been identified in SIMATIC STEP 7 (TIA 
Portal) and ...)
TODO: check
 CVE-2018-11453 (A vulnerability has been identified in SIMATIC STEP 7 (TIA 
Portal) and ...)
@@ -20910,11 +20910,11 @@ CVE-2018-7094
 CVE-2018-7093
RESERVED
 CVE-2018-7092 (A potential security vulnerability has been identified in HPE 
...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has 
open ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has 
local ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7089
RESERVED
 CVE-2018-7088
@@ -20938,27 +20938,27 @@ CVE-2018-7080
 CVE-2018-7079
RESERVED
 CVE-2018-7078 (A remote code execution was identified in HPE Integrated 
Lights-Out 4 ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7077
RESERVED
 CVE-2018-7076
RESERVED
 CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was 
identified in ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7074 (A remote code execution vulnerability was identified in HPE ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7073 (A local arbitrary file modification vulnerability was 
identified in ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7072 (A remote bypass of security restrictions vulnerability was 
identified ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7071 (HPE has identified a remote access to sensitive information ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7070 (HPE has identified a remote disclosure of information 
vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7069 (HPE has identified a remote unauthenticated access to files ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in 
HPE ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2018-7067
RESERVED
 CVE-2018-7066
@@ -36087,7 +36087,7 @@ CVE-2018-1692
 CVE-2018-1691
RESERVED
 CVE-2018-1690 (IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site 
...)
-   TODO: check
+   NOT-FOR-US: IBM Rhapsody Model Manager
 CVE-2018-1689
RESERVED
 CVE-2018-1688
@@ -66362,17 +66362,17 @@ CVE-2017-8994 (A input validation vulnerability in 
HPE Operations Orchestration 
 CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and 
...)
NOT-FOR-US: HPE Project and Portfolio Management
 CVE-2017-8992 (HPE has identified a remote privilege escalation vulnerability 
in HPE ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2017-8991 (HPE has identified a cross site scripting (XSS) vulnerability 
in HPE ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2017-8990 (A remote code execution vulnerability was identified in HPE ...)
-   TODO: check
+   NOT-FOR-US: HPE
 CVE-2017-8989 (A security vulnerability in HPE IceWall SSO Dfw 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-07 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b32f35db by Salvatore Bonaccorso at 2018-08-07T08:23:28Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -305,7 +305,7 @@ CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF 
exists via the ...)
 CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...)
NOT-FOR-US: QCMS
 CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...)
NOT-FOR-US: QCMSQCMS
 CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...)
@@ -541,7 +541,7 @@ CVE-2018-14871
 CVE-2018-14870
RESERVED
 CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address 
line 1, ...)
-   TODO: check
+   NOT-FOR-US: PHP Template Store Script
 CVE-2018-14868
RESERVED
 CVE-2018-14867
@@ -3086,7 +3086,7 @@ CVE-2018-13879 (A reflected XSS issue was discovered in 
the registration form in
 CVE-2018-13878 (An XSS issue was discovered in 
packages/rocketchat-mentions/Mentions.js ...)
NOT-FOR-US: Rocket.Chat
 CVE-2018-13877 (The doPayouts() function of the smart contract implementation 
for ...)
-   TODO: check
+   NOT-FOR-US: MegaCryptoPolis
 CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There 
is a ...)
- hdf5 
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
@@ -44062,7 +44062,7 @@ CVE-2017-16254
 CVE-2017-16253
RESERVED
 CVE-2017-16252 (Specially crafted commands sent through the PubNub service in 
Insteon ...)
-   TODO: check
+   NOT-FOR-US: Insteon Hub
 CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 
14.2, ...)
NOT-FOR-US: Mitel
 CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, 
could ...)
@@ -49810,7 +49810,7 @@ CVE-2017-14448 (An exploitable code execution 
vulnerability exists in the XCF im
NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
 CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the 
PubNub ...)
-   TODO: check
+   NOT-FOR-US: Insteon Hub
 CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability 
exists in ...)
NOT-FOR-US: Insteon Hub
 CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon 
Hub ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b32f35dbbce339bd86298cd8190fc08fa66abfeb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b32f35dbbce339bd86298cd8190fc08fa66abfeb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-06 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
682ca3f3 by Salvatore Bonaccorso at 2018-08-06T20:19:08Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -297,43 +297,43 @@ CVE-2018-14980
 CVE-2018-14979
RESERVED
 CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. ...)
TODO: check
 CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMSQCMS
 CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. ...)
-   TODO: check
+   NOT-FOR-US: QCMS
 CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. ...)
-   TODO: check
+   NOT-FOR-US: EMLsoft
 CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. ...)
-   TODO: check
+   NOT-FOR-US: EMLsoft
 CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The ...)
-   TODO: check
+   NOT-FOR-US: EMLsoft
 CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The ...)
-   TODO: check
+   NOT-FOR-US: EMLsoft
 CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the 
...)
-   TODO: check
+   NOT-FOR-US: EMLsoft
 CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. 
...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in 
...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql 
...)
-   TODO: check
+   NOT-FOR-US: zzcms
 CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...)
-   TODO: check
+   NOT-FOR-US: Xiao5uCompany
 CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create 
new pages ...)
NOT-FOR-US: WeaselCMS
 CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update 
the ...)
@@ -36308,7 +36308,7 @@ CVE-2018-1553 (IBM WebSphere Application Server Liberty 
prior to 18.0.0.2 could 
 CVE-2018-1552
RESERVED
 CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 
9.0.0.3 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1550
RESERVED
 CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 
6.0.5 ...)
@@ -36354,7 +36354,7 @@ CVE-2018-1530
 CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 
through ...)
NOT-FOR-US: IBM Rational DOORS Next Generation
 CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an 
...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1527
RESERVED
 CVE-2018-1526
@@ -36566,7 +36566,7 @@ CVE-2018-1424
 CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive 
information to ...)
NOT-FOR-US: IBM
 CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next 
Generation 5.0 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 
and ...)
NOT-FOR-US: IBM WebSphere DataPower Appliances
 CVE-2018-1420
@@ -88048,7 +88048,7 @@ CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable 
to SQL injection. A remo
 CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored 
locally ...)
NOT-FOR-US: IBM
 CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1754
RESERVED
 CVE-2017-1753
@@ -88734,13 +88734,13 @@ CVE-2017-1414
 CVE-2017-1413
RESERVED
 CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1410
RESERVED
 CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 
5.2.3.2 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1408
RESERVED
 CVE-2017-1407 (IBM Security Identity 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-05 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7b4ef7cd by Salvatore Bonaccorso at 2018-08-05T20:26:35Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create 
new pages ...)
-   TODO: check
+   NOT-FOR-US: WeaselCMS
 CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update 
the ...)
-   TODO: check
+   NOT-FOR-US: WeaselCMS
 CVE-2018-14957
RESERVED
 CVE-2018-14956



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b4ef7cdc026160bc8f17e82a21941cffca70a74

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b4ef7cdc026160bc8f17e82a21941cffca70a74
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-05 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3035b2a8 by Salvatore Bonaccorso at 2018-08-05T08:14:24Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,9 @@ CVE-2018-14938 (An issue was discovered in 
wifipcap/wifipcap.cpp in TCPFLOW thro
NOTE: 
https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
NOTE: https://github.com/simsong/tcpflow/issues/182
 CVE-2018-14937 (The Add page option in my little forum 2.4.12 allows XSS via 
the Menu ...)
-   TODO: check
+   NOT-FOR-US: My Little Forum
 CVE-2018-14936 (The Add page option in my little forum 2.4.12 allows XSS via 
the Title ...)
-   TODO: check
+   NOT-FOR-US: My Little Forum
 CVE-2018-14935
RESERVED
 CVE-2018-14934



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3035b2a8aa7aea04215f45f70077971d2ec845b2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3035b2a8aa7aea04215f45f70077971d2ec845b2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-03 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
94d1daa7 by Salvatore Bonaccorso at 2018-08-03T20:45:47Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8,21 +8,21 @@ CVE-2018-14912 (cgit_clone_objects in CGit before 1.2.1 has a 
directory traversa
NOTE: https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
NOTE: 
https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680
 CVE-2018-14911 (A file upload vulnerability exists in ukcms v1.1.7 and 
earlier. The ...)
-   TODO: check
+   NOT-FOR-US: ukcms
 CVE-2018-14910 (SeaCMS v6.61 allows Remote Code execution by placing PHP code 
in an ...)
-   TODO: check
+   NOT-FOR-US: SeaCMS
 CVE-2018-14909
RESERVED
 CVE-2018-14908 (Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on 
every ...)
-   TODO: check
+   NOT-FOR-US: Samsung Syncthru Web Service
 CVE-2018-14907 (The Web server in 3CX version 15.5.8801.3 is vulnerable to 
Information ...)
-   TODO: check
+   NOT-FOR-US: 3CX
 CVE-2018-14906 (The Web server in 3CX version 15.5.8801.3 is vulnerable to 
Reflected ...)
-   TODO: check
+   NOT-FOR-US: 3CX
 CVE-2018-14905 (The Web server in 3CX version 15.5.8801.3 is vulnerable to 
Reflected ...)
-   TODO: check
+   NOT-FOR-US: 3CX
 CVE-2018-14904 (Samsung Syncthru Web Service V4.05.61 is vulnerable to 
Multiple ...)
-   TODO: check
+   NOT-FOR-US: Samsung Syncthru Web Service
 CVE-2018-14903
RESERVED
 CVE-2018-14902
@@ -488,7 +488,7 @@ CVE-2018-14717
 CVE-2018-14716
RESERVED
 CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the 
smart ...)
-   TODO: check
+   NOT-FOR-US: smart contract implementations for Cryptogs
 CVE-2018-14714
RESERVED
 CVE-2018-14713
@@ -825,7 +825,7 @@ CVE-2018-14578
 CVE-2018-14577
RESERVED
 CVE-2018-14576 (The mintToken function of a smart contract implementation for 
...)
-   TODO: check
+   NOT-FOR-US: smart contract implementation for SunContract
 CVE-2018-14575
RESERVED
 CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x 
before ...)
@@ -968,7 +968,7 @@ CVE-2018-14543 (There exists one NULL pointer dereference 
vulnerability in ...)
 CVE-2018-14542
RESERVED
 CVE-2018-14541 (PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and 
Stored XSS ...)
-   TODO: check
+   NOT-FOR-US: PHP Scripts Mall Basic B2B Script
 CVE-2018-14540
RESERVED
 CVE-2018-14539
@@ -1075,7 +1075,7 @@ CVE-2018-14499
 CVE-2018-14498
RESERVED
 CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
-   TODO: check
+   NOT-FOR-US: Tenda D152 ADSL routers
 CVE-2018-14496
RESERVED
 CVE-2018-14495



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94d1daa7cdc900ab7a1fad4805f1517eead88262

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/94d1daa7cdc900ab7a1fad4805f1517eead88262
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-03 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5de1f871 by Salvatore Bonaccorso at 2018-08-03T08:22:31Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-14878
RESERVED
 CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via 
Site ...)
-   TODO: check
+   NOT-FOR-US: WeaselCMS
 CVE-2018-14876 (An issue was discovered in image_save_png in 
image/image-png.cpp in ...)
- flif 
NOTE: https://github.com/FLIF-hub/FLIF/issues/520
@@ -40,7 +40,7 @@ CVE-2018-14860
 CVE-2018-14859
RESERVED
 CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before 
V7.0.11 ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-14857
RESERVED
 CVE-2018-14856
@@ -5951,7 +5951,7 @@ CVE-2018-12450
 CVE-2018-12449
RESERVED
 CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but 
only a ...)
-   TODO: check
+   NOT-FOR-US: Whale Browser
 CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in 
libavcodec, as used ...)
NOT-FOR-US: libbpg
 CVE-2018-12446 (** DISPUTED ** An issue was discovered in the 
com.dropbox.android ...)
@@ -10838,7 +10838,7 @@ CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and 
v8.1SP1, and InTouch Machine 
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 
3.90.01 ...)
NOT-FOR-US: RSLinx
 CVE-2018-10618 (Davolink DVW-3200N all version prior to Version 1.00.06. The 
device ...)
-   TODO: check
+   NOT-FOR-US: Davolink DVW-3200N
 CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 
4.00.04 ...)
NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input 
validation ...)
@@ -18334,7 +18334,7 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an 
Insufficient Control of Ne
 CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 
3.1 ...)
NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified 
Application
 CVE-2018-7649 (Monitorix before 3.10.1 allows XSS via CGI variables. ...)
-   TODO: check
+   NOT-FOR-US: Monitorix
 CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 
2.3.0. The ...)
- openjpeg2  (unimportant)
NOTE: 
https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
@@ -29232,11 +29232,11 @@ CVE-2018-3925
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the 
JavaScript ...)
TODO: check
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
-   TODO: check
+   NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3920
RESERVED
 CVE-2018-3919
@@ -35679,7 +35679,7 @@ CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 
5.5.0 is vulnerable to ...)
 CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to 
...)
NOT-FOR-US: IBM FileNet Content Manager
 CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 
could allow ...)
NOT-FOR-US: IBM
 CVE-2018-1552
@@ -43239,7 +43239,7 @@ CVE-2017-16351
 CVE-2017-16350
RESERVED
 CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the 
...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2017-16348
RESERVED
 CVE-2017-16347 (An attacker could send an authenticated HTTP request to 
trigger this ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5de1f8711cb5cb00880f8aa3d3e431f7a34f8a2d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5de1f8711cb5cb00880f8aa3d3e431f7a34f8a2d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-08-02 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f1304340 by Salvatore Bonaccorso at 2018-08-02T08:29:33Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-14848
RESERVED
 CVE-2018-14847 (Winbox for MikroTik RouterOS through 6.42 allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Winbox for MikroTik RouterOS
 CVE-2018-14846
RESERVED
 CVE-2018-14845
@@ -15,17 +15,17 @@ CVE-2018-14842
 CVE-2018-14841
RESERVED
 CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it 
does not ...)
-   TODO: check
+   NOT-FOR-US: Subrion CMS
 CVE-2018-14839
RESERVED
 CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content 
parameter. ...)
-   TODO: check
+   NOT-FOR-US: rejucms
 CVE-2018-14837
RESERVED
 CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because 
user ...)
-   TODO: check
+   NOT-FOR-US: Subrion CMS
 CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no 
escaping ...)
-   TODO: check
+   NOT-FOR-US: Subrion CMS
 CVE-2018-14834
RESERVED
 CVE-2018-14833
@@ -5801,7 +5801,7 @@ CVE-2018-12470
 CVE-2018-12469
RESERVED
 CVE-2018-12468 (A vulnerability in the administration console of Micro Focus 
GroupWise ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus
 CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could 
delete ...)
- open-build-service 
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217
@@ -35499,7 +35499,7 @@ CVE-2018-1597
 CVE-2018-1596
RESERVED
 CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 
could ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1594
RESERVED
 CVE-2018-1593



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f130434004fd2ca0b6fa04580a7819e6f053787d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f130434004fd2ca0b6fa04580a7819e6f053787d
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-31 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
01fa1645 by Salvatore Bonaccorso at 2018-07-31T20:35:50Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -431,7 +431,7 @@ CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 
allows CSRF to add a bac
 CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF 
to add a ...)
NOT-FOR-US: BageCMS
 CVE-2018-14581 (Redgate .NET Reflector before 10.0.7.774 and SmartAssembly 
before ...)
-   TODO: check
+   NOT-FOR-US: Redgate .NET Reflector and SmartAssembly
 CVE-2018-14580
RESERVED
 CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains 
active ...)
@@ -592,7 +592,7 @@ CVE-2018-14535
 CVE-2018-14534
RESERVED
 CVE-2018-14533 (read_tmp and write_tmp in Inteno IOPSYS allow attackers to 
gain ...)
-   TODO: check
+   NOT-FOR-US: Inteno IOPSYS
 CVE-2018-14532 (An issue was discovered in Bento4 1.5.1-624. There is a 
heap-based ...)
NOT-FOR-US: Bento4
 CVE-2018-14531 (An issue was discovered in Bento4 1.5.1-624. There is an 
unspecified ...)
@@ -4253,17 +4253,17 @@ CVE-2018-12946
 CVE-2018-12945
RESERVED
 CVE-2018-12944 (Persistent Cross-Site Scripting (XSS) vulnerability in the ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2018-12943 (Cross-Site Scripting (XSS) vulnerability in every page that 
includes ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2018-12942 (SQL injection vulnerability in the Users 
management functionality in ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2018-12941 (This vulnerability allows remote attackers to execute 
arbitrary code ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2018-12940 (Unrestricted file upload vulnerability in 
op/op.UploadChunks.php in ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2018-12939 (A directory traversal flaw in SeedDMS (formerly LetoDMS and 
MyDMS) ...)
-   TODO: check
+   NOT-FOR-US: SeedDMS
 CVE-2018-12937
RESERVED
 CVE-2018-12938
@@ -8601,7 +8601,7 @@ CVE-2018-11340 (An unrestricted file upload vulnerability 
in importuser.cgi in A
 CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop 
b1036e5 ...)
NOT-FOR-US: Frappe ERPNext
 CVE-2018-11338 (Intuit Lacerte 2017 for Windows in a client/server environment 
...)
-   TODO: check
+   NOT-FOR-US: Intuit Lacerte
 CVE-2018-11337
RESERVED
 CVE-2018-11336
@@ -10528,11 +10528,11 @@ CVE-2018-10611 (Java remote method invocation (RMI) 
input port in GE MDS PulseNE
 CVE-2018-10610
RESERVED
 CVE-2018-10609 (Martem TELEM GW6 and GWM devices with firmware ...)
-   TODO: check
+   NOT-FOR-US: Martem TELEM GW6 and GWM devices
 CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be 
exploited ...)
NOT-FOR-US: SEL AcSELerator Architect
 CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware ...)
-   TODO: check
+   NOT-FOR-US: Martem TELEM GW6 and GWM devices
 CVE-2018-10606
RESERVED
 CVE-2018-10605
@@ -10540,7 +10540,7 @@ CVE-2018-10605
 CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full 
access to ...)
NOT-FOR-US: SEL Compass
 CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware ...)
-   TODO: check
+   NOT-FOR-US: Martem TELEM GW6 and GWM devices
 CVE-2018-10602
RESERVED
 CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
@@ -10562,7 +10562,7 @@ CVE-2018-10594 (Delta Industrial Automation COMMGR from 
Delta Electronics versio
 CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and 
...)
NOT-FOR-US: BD Kiestra and InoqulA systems
 CVE-2018-10592 (Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 
controllers ...)
-   TODO: check
+   NOT-FOR-US: Yokogawa
 CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, 
WebAccess ...)
NOT-FOR-US: Advantech
 CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, 
WebAccess ...)
@@ -17056,11 +17056,11 @@ CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on 
the Error page of the CSV 
 CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the ...)
NOT-FOR-US: Eramba
 CVE-2018-7994 (Some Huawei products IPS Module V500R001C50; NGFW Module 
V500R001C50; ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7993 (HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7992 (Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; 
Mate 9 ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7991
RESERVED
 CVE-2018-7990
@@ -17130,7 +17130,7 @@ CVE-2018-7959
 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-29 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e2bf553b by Salvatore Bonaccorso at 2018-07-29T08:40:23Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -91,9 +91,9 @@ CVE-2018-14688
 CVE-2018-14687
RESERVED
 CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted 
...)
-   TODO: check
+   NOT-FOR-US: XYCMS
 CVE-2018-14685 (The add function in 
www/Lib/Lib/Action/Admin/TplAction.class.php in ...)
-   TODO: check
+   NOT-FOR-US: Gxlcms
 CVE-2018-14684
RESERVED
 CVE-2018-14683



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2bf553b8ad47625a33b3ff09b80969bc54fb8fe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2bf553b8ad47625a33b3ff09b80969bc54fb8fe
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-28 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f60a32c2 by Salvatore Bonaccorso at 2018-07-29T04:00:59Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -221,13 +221,13 @@ CVE-2018-1002208 (sharplibzip before 1.0 RC1 is 
vulnerable to directory traversa
NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232
TODO: further checks
 CVE-2018-1002207 (mholt/archiver golang package before ...)
-   TODO: check
+   NOT-FOR-US: golang-github-mholt-archiver
 CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory 
traversal, ...)
-   TODO: check
+   NOT-FOR-US: SharpCompress library (for .NET Standard 1.0)
 CVE-2018-1002205 (DotNetZip.Semvered before 1.11.0 is vulnerable to directory 
traversal, ...)
-   TODO: check
+   NOT-FOR-US: DotNetZip.Semvered library (.NET)
 CVE-2018-1002203 (unzipper npm library before 0.8.13 is vulnerable to 
directory ...)
-   TODO: check
+   NOT-FOR-US: unzipper nodejs module
 CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a 
denial of ...)
NOT-FOR-US: wancms
 CVE-2018-14595
@@ -632,7 +632,7 @@ CVE-2018-14441 (An issue was discovered in cckevincyh SSH 
CompanyWebsite through
 CVE-2018-14440 (An issue was discovered in cckevincyh SSH CompanyWebsite 
through ...)
NOT-FOR-US: cckevincyh SSH CompanyWebsite
 CVE-2018-14439 (espritblock eos4j, an unofficial SDK for EOS, through 
2018-07-12 ...)
-   TODO: check
+   NOT-FOR-US: eos4j
 CVE-2018-14438 (In Wireshark through 2.6.2, the create_app_running_mutex 
function in ...)
- wireshark  (Problem with SetSecurityDescriptorDacl() is 
Windows specific issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921
@@ -1008,7 +1008,7 @@ CVE-2018-14337 (The CHECK macro in 
mrbgems/mruby-sprintf/src/sprintf.c in mruby 
 CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a 
denial of ...)
NOT-FOR-US: TP-Link
 CVE-2018-14335 (An issue was discovered in H2 1.4.197. Insecure handling of 
...)
-   TODO: check
+   NOT-FOR-US: H2 (different from src:python-h2)
 CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows 
arbitrary file ...)
NOT-FOR-US: joyplus-cms
 CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode 
format within ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60a32c273b4f032afdf0a90630e5bc5aefd40af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60a32c273b4f032afdf0a90630e5bc5aefd40af
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-26 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
68eef4f5 by Salvatore Bonaccorso at 2018-07-27T05:42:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -8916,13 +8916,13 @@ CVE-2018-11049 (RSA Identity Governance and Lifecycle, 
RSA Via Lifecycle and ...
 CVE-2018-11048
RESERVED
 CVE-2018-11047 (Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 
prior to ...)
-   TODO: check
+   NOT-FOR-US: Cloud Foundry
 CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and 
version ...)
NOT-FOR-US: Pivotal
 CVE-2018-11045 (Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 
2.0 prior ...)
NOT-FOR-US: Pivotal
 CVE-2018-11044 (Pivotal Apps Manager included in Pivotal Application Service, 
versions ...)
-   TODO: check
+   NOT-FOR-US: Pivotal
 CVE-2018-11043
RESERVED
 CVE-2018-11042
@@ -13937,7 +13937,7 @@ CVE-2018-9070 (For the Lenovo Smart Assistant Android 
app versions earlier than 
 CVE-2018-9069
RESERVED
 CVE-2018-9068 (The IMM2 First Failure Data Capture function collects 
management ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 
had ...)
NOT-FOR-US: Lenovo
 CVE-2018-9066
@@ -38886,11 +38886,11 @@ CVE-2018-0624
 CVE-2018-0623
RESERVED
 CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier 
does not ...)
-   TODO: check
+   NOT-FOR-US: DHC Online Shop App for Android
 CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION 
UTILITY ...)
-   TODO: check
+   NOT-FOR-US: LOGICOOL
 CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software 
versions ...)
-   TODO: check
+   NOT-FOR-US: LOGICOOL
 CVE-2018-0619 (Untrusted search path vulnerability in the installer of 
Glarysoft ...)
TODO: check
 CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and 
earlier ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/68eef4f5aaf1b4394253f680f84dc3b582eb430f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/68eef4f5aaf1b4394253f680f84dc3b582eb430f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-26 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
90a22d37 by Salvatore Bonaccorso at 2018-07-26T10:21:25+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -286,7 +286,7 @@ CVE-2018-14495
 CVE-2018-14494
RESERVED
 CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in 
...)
-   TODO: check
+   NOT-FOR-US: Open-Audit Community
 CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through 
V15.03.05.19(6318)_CN, ...)
NOT-FOR-US: Tenda devices
 CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval 
injection (CWE-95) ...)
@@ -444,7 +444,7 @@ CVE-2018-14432 [GET /v3/OS-FEDERATION/projects leaks 
project information]
 CVE-2018-14431
RESERVED
 CVE-2018-14430 (The Mondula Multi Step Form plugin through 1.2.5 for WordPress 
allows ...)
-   TODO: check
+   NOT-FOR-US:  Mondula Multi Step Form plugin for WordPress
 CVE-2018-14429
RESERVED
 CVE-2018-14428
@@ -1299,7 +1299,7 @@ CVE-2018-14085 (An issue was discovered in a smart 
contract implementation for .
 CVE-2018-14084 (An issue was discovered in a smart contract implementation for 
MKCB, an ...)
NOT-FOR-US: smart contract implementation for MKCB
 CVE-2018-14083 (LICA miniCMTS E8K(u/i/...) devices allow remote attackers to 
obtain ...)
-   TODO: check
+   NOT-FOR-US: LICA miniCMTS E8K(u/i/...) devices
 CVE-2018-14082 (PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has 
Cross-site ...)
NOT-FOR-US: PHP Scripts Mall JOB SITE (aka Job Portal)
 CVE-2018-14081
@@ -7822,9 +7822,9 @@ CVE-2018-11454
 CVE-2018-11453
RESERVED
 CVE-2018-11452 (A vulnerability has been identified in Firmware variant IEC 
61850 for ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2018-11451 (A vulnerability has been identified in Firmware variant IEC 
61850 for ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2018-11450 (A reflected Cross-Site-Scripting (XSS) vulnerability has been 
...)
NOT-FOR-US: Siemens PLM Software TEAMCENTER
 CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All 
versions). ...)
@@ -16313,7 +16313,7 @@ CVE-2018-8092 (Mautic before 2.13.0 allows CSV 
injection. ...)
 CVE-2018-8091
RESERVED
 CVE-2018-8090 (Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), 
(QHTSFT64.exe) - ...)
-   TODO: check
+   NOT-FOR-US: Quick Heal
 CVE-2018-8089
RESERVED
 CVE-2018-8088 (org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J 
before ...)
@@ -59050,11 +59050,11 @@ CVE-2017-10938
 CVE-2017-10937 (SQL injection vulnerability in all versions prior to 
V2.01.05.09 of ...)
TODO: check
 CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01 
of the ...)
-   TODO: check
+   NOT-FOR-US: ZTE ZXCDN-SNS
 CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S 
products ...)
-   TODO: check
+   NOT-FOR-US: ZTE ZXR10 1800-2S products
 CVE-2017-10934 (All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG 
product use ...)
-   TODO: check
+   NOT-FOR-US: ZTE ZXIPTV-EPG product
 CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an 
monitoring ...)
NOT-FOR-US: ZTE ZXDT22 SF01
 CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 
series ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90a22d373a0c3bae9129736a71dc6b414ec8c46a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90a22d373a0c3bae9129736a71dc6b414ec8c46a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-25 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4679329 by Salvatore Bonaccorso at 2018-07-25T22:19:19+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7728,7 +7728,7 @@ CVE-2018-11493 (An issue was discovered in WUZHI CMS 
4.1.0. There is a CSRF ...)
 CVE-2018-11492
RESERVED
 CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow 
unauthenticated ...)
-   TODO: check
+   NOT-FOR-US: ASUS HG100 devices
 CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB 
(possibly ...)
- giflib  (bug #904114)
[stretch] - giflib  (Minor issue)
@@ -19799,9 +19799,9 @@ CVE-2018-6974
 CVE-2018-6973
RESERVED
 CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ...)
-   TODO: check
+   NOT-FOR-US: VMware
 CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local 
...)
-   TODO: check
+   NOT-FOR-US: VMware
 CVE-2018-6970
RESERVED
 CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an 
out-of-bounds ...)
@@ -24495,19 +24495,19 @@ CVE-2018-5544
 CVE-2018-5543
RESERVED
 CVE-2018-5542 (F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 
HTTPS ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5541 (When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 
11.6.0-11.6.3.1, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, 
or ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5539 (Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5538 (On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express 
/ DNS ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5537 (A remote attacker may be able to disrupt services on F5 BIG-IP 
...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5536 (A remote attacker via undisclosed measures, may be able to 
exploit an ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5535 (On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 
...)
@@ -24517,9 +24517,9 @@ CVE-2018-5533 (Under certain conditions on F5 BIG-IP 
13.0.0, 12.1.0-12.1.2, ...)
 CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 
11.2.1-11.5.6 ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5531 (Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5530 (F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 
virtual ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 
7.1.7 ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core 
file ...)
@@ -25322,7 +25322,7 @@ CVE-2018-5242 (Norton App Lock prior to version 
1.3.0.329 can be susceptible to 
 CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 
6.5, ...)
NOT-FOR-US: Symantec
 CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 
POST ...)
-   TODO: check
+   NOT-FOR-US: Inventory Plugin for Symantec Management Agent
 CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a 
bypass ...)
NOT-FOR-US: Norton
 CVE-2018-5238



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a46793296abf19df6d4007b84bd97a0d5d4e2768

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a46793296abf19df6d4007b84bd97a0d5d4e2768
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-25 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d1e7b3be by Salvatore Bonaccorso at 2018-07-25T11:10:46+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a 
denial of ...)
-   TODO: check
+   NOT-FOR-US: wancms
 CVE-2018-14595
RESERVED
 CVE-2018-14594



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1e7b3be7aef155ad531c1806bb193f44b199adb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d1e7b3be7aef155ad531c1806bb193f44b199adb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-24 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f5354b9a by Salvatore Bonaccorso at 2018-07-24T22:17:59+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,29 +5,29 @@ CVE-2018-14592
 CVE-2018-14591
RESERVED
 CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can 
occur in ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14589 (An issue has been discovered in Bento4 1.5.1-624. ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14588 (An issue has been discovered in Bento4 1.5.1-624. A NULL 
pointer ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14587 (An issue has been discovered in Bento4 1.5.1-624. ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14586 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can 
occur in ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14585 (An issue has been discovered in Bento4 1.5.1-624. 
AP4_BytesToUInt16BE ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14584 (An issue has been discovered in Bento4 1.5.1-624. 
AP4_AvccAtom::Create ...)
-   TODO: check
+   NOT-FOR-US: Bento4
 CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a 
background ...)
-   TODO: check
+   NOT-FOR-US: XYHCMS
 CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF 
to add a ...)
-   TODO: check
+   NOT-FOR-US: BageCMS
 CVE-2018-14581
RESERVED
 CVE-2018-14580
RESERVED
 CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains 
active ...)
-   TODO: check
+   NOT-FOR-US: GolemCMS
 CVE-2018-14578
RESERVED
 CVE-2018-14577
@@ -772,7 +772,7 @@ CVE-2018-14329 (In HTSlib 1.8, a race condition in 
cram/cram_io.c might allow lo
NOTE: https://github.com/samtools/htslib/issues/736
NOTE: Neutralised by kernel hardening
 CVE-2018-14328 (Brynamics Online Trade - Online trading and 
cryptocurrency investment ...)
-   TODO: check
+   NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency 
investment system"
 CVE-2018-14327
RESERVED
 CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 
has TCP ...)
@@ -2837,9 +2837,9 @@ CVE-2018-13388 (The review attachment resource in 
Atlassian Fisheye and Crucible
 CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server 
before ...)
NOT-FOR-US: Atlassian
 CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree 
for ...)
-   TODO: check
+   NOT-FOR-US: Sourcetree
 CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree 
for macOS ...)
-   TODO: check
+   NOT-FOR-US: Sourcetree
 CVE-2018-13384
RESERVED
 CVE-2018-13383
@@ -8843,9 +8843,9 @@ CVE-2018-11062
 CVE-2018-11061
RESERVED
 CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an 
authorization bypass ...)
-   TODO: check
+   NOT-FOR-US: RSA Archer
 CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored 
cross-site ...)
-   TODO: check
+   NOT-FOR-US: RSA Archer
 CVE-2018-11058
RESERVED
 CVE-2018-11057
@@ -10021,7 +10021,7 @@ CVE-2018-10634
 CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version 
...)
NOT-FOR-US: Universal Robots
 CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 
and ...)
-   TODO: check
+   NOT-FOR-US: Moxa
 CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision 
Clinician ...)
NOT-FOR-US: Medtronic
 CVE-2018-10630
@@ -10029,9 +10029,9 @@ CVE-2018-10630
 CVE-2018-10629
RESERVED
 CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 
2017 Update ...)
-   TODO: check
+   NOT-FOR-US: AVEVA
 CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions 
prior ...)
-   TODO: check
+   NOT-FOR-US: Echelon
 CVE-2018-10626
RESERVED
 CVE-2018-10625
@@ -10069,7 +10069,7 @@ CVE-2018-10610
 CVE-2018-10609
RESERVED
 CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be 
exploited ...)
-   TODO: check
+   NOT-FOR-US: SEL AcSELerator Architect
 CVE-2018-10607
RESERVED
 CVE-2018-10606
@@ -10077,7 +10077,7 @@ CVE-2018-10606
 CVE-2018-10605
RESERVED
 CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full 
access to ...)
-   TODO: check
+   NOT-FOR-US: SEL Compass
 CVE-2018-10603
RESERVED
 CVE-2018-10602
@@ -10085,7 +10085,7 @@ CVE-2018-10602
 CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including ...)
NOT-FOR-US: Philips
 CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-24 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0afbbdf5 by Salvatore Bonaccorso at 2018-07-24T10:21:55+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,13 +7,13 @@ CVE-2018-14575
 CVE-2018-14574
RESERVED
 CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web 
Interface ...)
-   TODO: check
+   NOT-FOR-US: TightRope Media Carousel Digital Signage
 CVE-2018-14572
RESERVED
 CVE-2018-14571
RESERVED
 CVE-2018-14570 (A file upload vulnerability in 
application/shop/controller/member.php ...)
-   TODO: check
+   NOT-FOR-US: Niushop B2B2C Multi-business basic
 CVE-2018-14569
RESERVED
 CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site 
Scripting ...)
@@ -16422,7 +16422,7 @@ CVE-2018-8033
 CVE-2018-8032
RESERVED
 CVE-2018-8031 (The TomEE console (tomee-webapp) has a XSS vulnerability which 
could ...)
-   TODO: check
+   NOT-FOR-US: Apache TomEE
 CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid 
Broker-J ...)
- qpid-java  (bug #840131)
 CVE-2018-8029



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0afbbdf53ad58af5d80f58b2f58301fa08312a2f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0afbbdf53ad58af5d80f58b2f58301fa08312a2f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-23 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
60e78c99 by Salvatore Bonaccorso at 2018-07-23T22:24:24+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4,11 +4,11 @@ CVE-2018-1999024 (MathJax version prior to version 2.7.4 
contains a Cross Site S
 CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval 
injection (CWE-95) ...)
TODO: check
 CVE-2018-1999021 (Gleezcms Gleez Cms version 1.3.0 contains a Cross Site 
Scripting (XSS) ...)
-   TODO: check
+   NOT-FOR-US: Gleezcms Gleez Cms
 CVE-2018-1999020 (Open Networking Foundation (ONF) ONOS version 1.13.2 and 
earlier ...)
-   TODO: check
+   NOT-FOR-US: ONOS
 CVE-2018-1999019 (Chamilo LMS version 11.x contains an Unserialization 
vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: Chamilo LMS
 CVE-2018-1999018 (Pydio version 8.2.1 and prior contains an Unvalidated user 
input ...)
TODO: check
 CVE-2018-1999017 (Pydio version 8.2.0 and earlier contains a Server-Side 
Request Forgery ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/60e78c9909d0e7681bf03ecb508d00863076b7b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/60e78c9909d0e7681bf03ecb508d00863076b7b8
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-22 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9aac3a92 by Salvatore Bonaccorso at 2018-07-23T07:08:13+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13,9 +13,9 @@ CVE-2018-14503
 CVE-2018-14502
RESERVED
 CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, 
as ...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the ...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-1999023 [arbitrary code execution/sandbox escape]
- wesnoth-1.14 
- wesnoth-1.12 
@@ -41,7 +41,7 @@ CVE-2018-14494
 CVE-2018-14493
RESERVED
 CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through 
V15.03.05.19(6318)_CN, ...)
-   TODO: check
+   NOT-FOR-US: Tenda devices
 CVE-2018- [CIVI-SA-2018-07: Remote code execution in QuickForm]
- civicrm 5.3.1+dfsg-1 (bug #904215)
NOTE: 
https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9aac3a92191d8ea446a06e6a616fb7781debc99a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9aac3a92191d8ea446a06e6a616fb7781debc99a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-07-20 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f591b3a9 by Salvatore Bonaccorso at 2018-07-20T23:36:34+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -473,7 +473,7 @@ CVE-2018-14337 (The CHECK macro in 
mrbgems/mruby-sprintf/src/sprintf.c in mruby 
NOTE: 
https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b
NOTE: 
https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a
 CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a 
denial of ...)
-   TODO: check
+   NOT-FOR-US: TP-Link
 CVE-2018-14335
RESERVED
 CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows 
arbitrary file ...)
@@ -3480,7 +3480,7 @@ CVE-2018-12961
 CVE-2018-12960
RESERVED
 CVE-2018-12959 (The approveAndCall function of a smart contract implementation 
for ...)
-   TODO: check
+   NOT-FOR-US: smart contract implementation for Aditus (ADI)
 CVE-2018-12958
RESERVED
 CVE-2018-12957
@@ -3847,19 +3847,19 @@ CVE-2018-12817
 CVE-2018-12816
RESERVED
 CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12814
RESERVED
 CVE-2018-12813
RESERVED
 CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 
2017.011.30079 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12811
RESERVED
 CVE-2018-12810
RESERVED
 CVE-2018-12809 (Adobe Experience Manager versions 6.4 and earlier have a 
Server-Side ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12808
RESERVED
 CVE-2018-12807
@@ -3867,13 +3867,13 @@ CVE-2018-12807
 CVE-2018-12806
RESERVED
 CVE-2018-12805 (Adobe Connect versions 9.7.5 and earlier have an Insecure 
Library ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12804 (Adobe Connect versions 9.7.5 and earlier have an 
Authentication Bypass ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12803 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12802 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12801
RESERVED
 CVE-2018-12800
@@ -3881,95 +3881,95 @@ CVE-2018-12800
 CVE-2018-12799
RESERVED
 CVE-2018-12798 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12797 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12796 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12795 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12794 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12793 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12792 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12791 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12790 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12789 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12788 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12787 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12786 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12785 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12784 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12783 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-12782 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 
2017.011.30080 and ...)
-   

  1   2   >