[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-24 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8b7135fa by Salvatore Bonaccorso at 2018-05-24T22:42:47+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-11417
 CVE-2018-11416
RESERVED
 CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected 
Cross Site ...)
-   TODO: check
+   NOT-FOR-US: SAP Internet Transaction Server
 CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is ...)
TODO: check
 CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can 
download ...)
@@ -254,7 +254,7 @@ CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a 
NULL DACL that allow
 CVE-2018-11333
RESERVED
 CVE-2018-11332 (Stored cross-site scripting (XSS) vulnerability in the 
Site Name ...)
-   TODO: check
+   NOT-FOR-US: ClipperCMS
 CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code 
...)
NOT-FOR-US: Pluck CMS
 CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is 
authenticated ...)
@@ -1977,11 +1977,11 @@ CVE-2018-10597
 CVE-2018-10596
RESERVED
 CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows 
an ...)
-   TODO: check
+   NOT-FOR-US: BD Kiestra and InoqulA systems
 CVE-2018-10594
RESERVED
 CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and 
...)
-   TODO: check
+   NOT-FOR-US: BD Kiestra and InoqulA systems
 CVE-2018-10592
RESERVED
 CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, 
WebAccess ...)
@@ -8456,7 +8456,7 @@ CVE-2018-7944
 CVE-2018-7943
RESERVED
 CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some 
Huawei ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass 
vulnerability. A ...)
NOT-FOR-US: Huawei
 CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier 
versions than ...)
@@ -8532,11 +8532,11 @@ CVE-2018-7906
 CVE-2018-7905
RESERVED
 CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a 
JSON ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7903 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a 
JSON ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a 
JSON ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software 
versions ...)
NOT-FOR-US: Huawei
 CVE-2018-7900
@@ -16065,11 +16065,11 @@ CVE-2018-5489
 CVE-2018-5488
RESERVED
 CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 
7.3 ...)
-   TODO: check
+   NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
 CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 
7.3 ...)
NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
 CVE-2018-5485 (NetApp OnCommand Unified Manager for Windows versions 7.2 
through 7.3 ...)
-   TODO: check
+   NOT-FOR-US: NetApp OnCommand Unified Manager for Windows
 CVE-2018-5484
RESERVED
 CVE-2018-5483
@@ -28717,7 +28717,7 @@ CVE-2017-17317
 CVE-2017-17316
RESERVED
 CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, 
...)
NOT-FOR-US: Huawei
 CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with 
Versions ...)
@@ -29031,7 +29031,7 @@ CVE-2017-17160 (Huawei AR120-S V200R006C10, 
V200R007C00, AR1200 V200R006C10, ...
 CVE-2017-17159 (Some Huawei smart phones with software of NXT-AL10C00B386, ...)
NOT-FOR-US: Huawei
 CVE-2017-17158 (Some Huawei smart phones with the versions before ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17157 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
NOT-FOR-US: Huawei
 CVE-2017-17156 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7135fab625b5ad82aff98bf6c215eb38215d89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b7135fab625b5ad82aff98bf6c215eb38215d89
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-22 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4bbb4ce by Salvatore Bonaccorso at 2018-05-22T10:26:22+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37,19 +37,19 @@ CVE-2018-11348
 CVE-2018-11347
RESERVED
 CVE-2018-11346 (An insecure direct object reference vulnerability in 
download.cgi in ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in 
ASUSTOR ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR 
AS6202T ADM ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11343 (A persistent cross site scripting vulnerability in 
playlistmanger.cgi ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR 
AS6202T ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 
3.1.0.RFQ3 ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in 
ASUSTOR ...)
-   TODO: check
+   NOT-FOR-US: ASUSTOR
 CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop 
b1036e5 ...)
TODO: check
 CVE-2018-11338
@@ -67,9 +67,9 @@ CVE-2018-11333
 CVE-2018-11332
RESERVED
 CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code 
...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is 
authenticated ...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2018-11329 (The DrugDealer function of a smart contract implementation for 
Ether ...)
TODO: check
 CVE-2018-11328
@@ -8906,7 +8906,7 @@ CVE-2018-7689
 CVE-2018-7688
RESERVED
 CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a 
...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Client for OES
 CVE-2018-7686
RESERVED
 CVE-2018-7685



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4bbb4cec8f32d876ba8ca8ebcdb881ce0a536a9

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4bbb4cec8f32d876ba8ca8ebcdb881ce0a536a9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-20 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d717b472 by Salvatore Bonaccorso at 2018-05-20T16:05:00+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27598,9 +27598,9 @@ CVE-2018-1150
 CVE-2018-1149
RESERVED
 CVE-2018-1148 (In Nessus before 7.1.0, Session Fixation exists due to 
insufficient ...)
-   TODO: check
+   NOT-FOR-US: Nessus
 CVE-2018-1147 (In Nessus before 7.1.0, a XSS vulnerability exists due to 
improper ...)
-   TODO: check
+   NOT-FOR-US: Nessus
 CVE-2018-1146 (A remote unauthenticated user can enable telnet on the Belkin 
N750 ...)
NOT-FOR-US: Belkin
 CVE-2018-1145 (A remote unauthenticated user can overflow a stack buffer in 
the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d717b4722639a803f706a3f879919321a99ec597

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d717b4722639a803f706a3f879919321a99ec597
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-19 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f2c8fc0 by Salvatore Bonaccorso at 2018-05-19T23:09:05+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5901,7 +5901,7 @@ CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly 
all input fields allow 
 CVE-2018-8868
RESERVED
 CVE-2018-8867 (In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i 
CPE330 ...)
-   TODO: check
+   NOT-FOR-US: GE PACSystems
 CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker 
on an ...)
NOT-FOR-US: Vecna VGo Robot
 CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer 
overflow ...)
@@ -17225,13 +17225,13 @@ CVE-2018-4996
 CVE-2018-4995
RESERVED
 CVE-2018-4994 (Adobe Connect versions 9.7.5 and earlier have an exploitable 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4993
RESERVED
 CVE-2018-4992 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and 
earlier ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4991 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and 
earlier ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4990
RESERVED
 CVE-2018-4989
@@ -17329,17 +17329,17 @@ CVE-2018-4945
 CVE-2018-4944 (Adobe Flash Player versions 29.0.0.140 and earlier have an 
exploitable ...)
NOT-FOR-US: Adobe
 CVE-2018-4943 (Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4942 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 
Update 13 ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4941 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 
Update 13 ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4940 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 
Update 13 ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4939 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 
Update 13 ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4938 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 
Update 13 ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4937 (Adobe Flash Player versions 29.0.0.113 and earlier have an 
exploitable ...)
NOT-FOR-US: Adobe
 CVE-2018-4936 (Adobe Flash Player versions 29.0.0.113 and earlier have an 
exploitable ...)
@@ -17353,35 +17353,35 @@ CVE-2018-4933 (Adobe Flash Player versions 29.0.0.113 
and earlier have an exploi
 CVE-2018-4932 (Adobe Flash Player versions 29.0.0.113 and earlier have an 
exploitable ...)
NOT-FOR-US: Adobe
 CVE-2018-4931 (Adobe Experience Manager versions 6.1 and earlier have an 
exploitable ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4930 (Adobe Experience Manager versions 6.3 and earlier have an 
exploitable ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4929 (Adobe Experience Manager versions 6.2 and earlier have an 
exploitable ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4928 (Adobe InDesign versions 13.0 and below have an exploitable 
Memory ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4927 (Adobe InDesign versions 13.0 and below have an exploitable 
Untrusted ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4926 (Adobe Digital Editions versions 4.5.7 and below have an 
exploitable ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4925 (Adobe Digital Editions versions 4.5.7 and below have an 
exploitable ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4924 (Adobe Dreamweaver CC versions 18.0 and earlier have an OS 
Command ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4923 (Adobe Connect versions 9.7 and earlier have an exploitable OS 
Command ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4922
RESERVED
 CVE-2018-4921 (Adobe Connect versions 9.7 and earlier have an exploitable 
unrestricted ...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4920 (Adobe Flash Player versions 28.0.0.161 and earlier have an 
exploitable ...)
NOT-FOR-US: Adobe
 CVE-2018-4919 (Adobe Flash Player versions 28.0.0.161 and earlier have an 
exploitable ...)
NOT-FOR-US: Adobe
 CVE-2018-4918 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4917 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 
...)
-   TODO: check
+   NOT-FOR-US: Adobe
 CVE-2018-4916 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
NOT-FOR-US: Adobe
 CVE-2018-4915 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 
and ...)
@@ -17469,7 +17469,7 @@ CVE-2018-4875 (Adobe 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0be110d1 by Salvatore Bonaccorso at 2018-05-16T22:23:14+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12,9 +12,9 @@ CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer 
over-read in the ...)
- tinyxml2 
NOTE: https://github.com/leethomason/tinyxml2/issues/675
 CVE-2018-11209 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. ...)
-   TODO: check
+   NOT-FOR-US: Z-BlogPHP
 CVE-2018-11208 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. 
There is a ...)
-   TODO: check
+   NOT-FOR-US: Z-BlogPHP
 CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in 
H5Dchunk.c in ...)
TODO: check
 CVE-2018-11206 (A out of bounds read was discovered in H5O_fill_new_decode and 
...)
@@ -850,7 +850,7 @@ CVE-2018-10812 (The Bitpie application through 3.2.4 for 
Android and iOS uses cl
 CVE-2018-10811
RESERVED
 CVE-2018-10810 (chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior 
is ...)
-   TODO: check
+   NOT-FOR-US: LiveZilla Live Chat
 CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file 
(2345NetFirewall.sys) ...)
NOT-FOR-US: 2345 Security Guard
 CVE-2018-10808
@@ -1004,9 +1004,9 @@ CVE-2018-10762
 CVE-2018-10761
RESERVED
 CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in 
...)
-   TODO: check
+   NOT-FOR-US: Files plugin in ProjectPier
 CVE-2018-10759 (PHP remote file inclusion vulnerability in 
public/patch/patch.php in ...)
-   TODO: check
+   NOT-FOR-US: Project Pier
 CVE-2018- [Checker config files allow arbitrary code execution scenarios]
- vim-syntastic 3.9.0-1 (bug #894736)
NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
@@ -2254,9 +2254,9 @@ CVE-2014-10073 (The create_response function in 
server/server.c in Psensor befor
[jessie] - psensor  (Minor issue)
NOTE: 
http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
 CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 
15.1.6 ...)
-   TODO: check
+   NOT-FOR-US: SolarWinds Serv-U
 CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated 
users a ...)
-   TODO: check
+   NOT-FOR-US: SolarWinds Serv-U
 CVE-2018-10239
RESERVED
 CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer 
overflow in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0be110d1e0f7c56cdfd45938d93d32d867ca9707

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0be110d1e0f7c56cdfd45938d93d32d867ca9707
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-12 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d54fe1e6 by Salvatore Bonaccorso at 2018-05-12T10:38:38+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and 
loginPwd ...)
-   TODO: check
+   NOT-FOR-US: ruibaby Halo
 CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field 
to ...)
-   TODO: check
+   NOT-FOR-US: ruibaby Halo
 CVE-2018-11010
RESERVED
 CVE-2018-11009
@@ -15,9 +15,9 @@ CVE-2018-11006
 CVE-2018-11005
RESERVED
 CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request 
forgery ...)
-   TODO: check
+   NOT-FOR-US: SDcms
 CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request 
forgery ...)
-   TODO: check
+   NOT-FOR-US: YXcms
 CVE-2018-11002
RESERVED
 CVE-2018-11001
@@ -31,7 +31,7 @@ CVE-2018-10998 (An issue was discovered in Exiv2 0.26. 
readMetadata in jp2image.
 CVE-2018-10997
RESERVED
 CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link 
DIR-629-B1 ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-10995
RESERVED
 CVE-2018-10994
@@ -384,7 +384,7 @@ CVE-2018-10834
 CVE-2018-10833
RESERVED
 CVE-2018-10832 (ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) 
attack. ...)
-   TODO: check
+   NOT-FOR-US: ModbusPal
 CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution 
verifier ...)
NOT-FOR-US: Z-NOMP
 CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d54fe1e6b67dd6e7a77066a1dbe3f6776172d9d3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d54fe1e6b67dd6e7a77066a1dbe3f6776172d9d3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-11 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8317e055 by Salvatore Bonaccorso at 2018-05-11T23:10:56+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,11 +5,11 @@ CVE-2018-10984
 CVE-2018-10983
RESERVED
 CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell 
Inspiron ...)
-   TODO: check
+   NOT-FOR-US: Absolute Computrace Agent
 CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 
executes code ...)
-   TODO: check
+   NOT-FOR-US: Absolute Computrace Agent
 CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a 
digital ...)
-   TODO: check
+   NOT-FOR-US: Absolute Computrace Agent
 CVE-2018- [Incomplete fix for CVE-2017-17523]
- lilypond 2.18.2-13 (bug #898373)
[jessie] - lilypond  (Incomplete fix not applied)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8317e05541b0f81ea96dc23967a17b8cae51eebc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8317e05541b0f81ea96dc23967a17b8cae51eebc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-11 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f5e1d58 by Salvatore Bonaccorso at 2018-05-11T11:17:35+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -71,11 +71,11 @@ CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file 
(2345BdPcSafe.sys, X
 CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
NOT-FOR-US: 2345 Security Guard
 CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
-   TODO: check
+   NOT-FOR-US: Zimbra
 CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
-   TODO: check
+   NOT-FOR-US: Zimbra
 CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
-   TODO: check
+   NOT-FOR-US: Zimbra
 CVE-2018-10948
RESERVED
 CVE-2018-10947
@@ -381,7 +381,7 @@ CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a 
memory leak in WriteTIFF
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
 CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add 
credentials ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
 CVE-2018-1000301
RESERVED
 CVE-2018-1000300



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5e1d5843c0710a7f68d696015f6d4e47069ebc

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6f5e1d5843c0710a7f68d696015f6d4e47069ebc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-11 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b56d327f by Salvatore Bonaccorso at 2018-05-11T10:36:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23164,23 +23164,23 @@ CVE-2018-2425
 CVE-2018-2424
RESERVED
 CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 
7.53, ...)
-   TODO: check
+   NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 
7.45, ...)
-   TODO: check
+   NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2421 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 
7.45, ...)
-   TODO: check
+   NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2420 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 
7.53, ...)
-   TODO: check
+   NOT-FOR-US: SAP Internet Graphics Server
 CVE-2018-2419 (SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 
1.01, ...)
-   TODO: check
+   NOT-FOR-US: SAP Enterprise Financial Services
 CVE-2018-2418 (SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an 
...)
-   TODO: check
+   NOT-FOR-US: SAP MaxDB ODBC driver
 CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass 
of ...)
-   TODO: check
+   NOT-FOR-US: SAP Identity Management
 CVE-2018-2416 (SAP Identity Management 8.0 does not sufficiently validate an 
XML ...)
-   TODO: check
+   NOT-FOR-US: SAP Identity Management
 CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP 
Service ...)
-   TODO: check
+   NOT-FOR-US: SAP NetWeaver Application Server Java Web Container and 
HTTP Service
 CVE-2018-2414
RESERVED
 CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...)
@@ -38145,21 +38145,21 @@ CVE-2017-1002001 (Vulnerability in wordpress plugin 
mobile-app-builder-by-wappre
 CVE-2017-1002000 (Vulnerability in wordpress plugin ...)
NOT-FOR-US: Wordpress plugin
 CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in 
MySQL ...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in 
MySQL ...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in 
MySQL ...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in 
MySQL ...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL 
...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL 
...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL 
...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL 
Multi-Master ...)
-   TODO: check
+   NOT-FOR-US: MySQL ulti-Master Replication Manager
 CVE-2017-14473 (An exploitable access control vulnerability exists in the 
data, ...)
NOT-FOR-US: Allen Bradley Micrologix
 CVE-2017-14472 (An exploitable access control vulnerability exists in the 
data, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b56d327ffb7a270b2730287a603a277428de3a2e

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b56d327ffb7a270b2730287a603a277428de3a2e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-10 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6570e8ee by Salvatore Bonaccorso at 2018-05-10T22:17:37+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,13 +5,13 @@ CVE-2018-10979
 CVE-2018-10978
RESERVED
 CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10973 (An integer overflow in the transferMulti function of a smart 
contract ...)
TODO: check
 CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 
0.3. The ...)
@@ -746,7 +746,7 @@ CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a 
denial of service fla
 CVE-2018-10656
RESERVED
 CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor 
(freeware) 5.72 ...)
-   TODO: check
+   NOT-FOR-US: DeviceLock Plug and Play Auditor
 CVE-2018-10654
RESERVED
 CVE-2018-10653
@@ -2710,7 +2710,7 @@ CVE-2018-9851 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Admin\TplAction.class.php 
 CVE-2018-9850 (In Gxlcms QY v1.0.0713, 
Lib\Lib\Action\Admin\DataAction.class.php ...)
NOT-FOR-US: Gxlcms QY
 CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x 
before ...)
-   TODO: check
+   NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
NOT-FOR-US: Gxlcms QY
 CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
@@ -4937,9 +4937,9 @@ CVE-2018-8917
 CVE-2018-8916
RESERVED
 CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center 
in ...)
-   TODO: check
+   NOT-FOR-US: Synology
 CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media 
Server ...)
-   TODO: check
+   NOT-FOR-US: Synology Media Server
 CVE-2018-8913
RESERVED
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in 
SYNO.NoteStation.Note in ...)
@@ -4947,7 +4947,7 @@ CVE-2018-8912 (Cross-site scripting (XSS) vulnerability 
in SYNO.NoteStation.Note
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview 
in ...)
NOT-FOR-US: Synology Note Station
 CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview 
in ...)
-   TODO: check
+   NOT-FOR-US: Synology
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows 
attackers to ...)
NOT-FOR-US: Wire application for Android
 CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. 
The ...)
@@ -7241,9 +7241,9 @@ CVE-2018-7943
 CVE-2018-7942
RESERVED
 CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass 
vulnerability. A ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier 
versions than ...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7939
RESERVED
 CVE-2018-7938
@@ -7257,7 +7257,7 @@ CVE-2018-7935
 CVE-2018-7934
RESERVED
 CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary 
...)
NOT-FOR-US: Huawei
 CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist 
mechanism ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6570e8eefec05d49865bcb275da4c71b95379e85

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6570e8eefec05d49865bcb275da4c71b95379e85
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-10 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
275f9db2 by Salvatore Bonaccorso at 2018-05-10T10:20:33+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,7 +5,7 @@ CVE-2018-10963 (The TIFFWriteDirectorySec() function in 
tif_dirwrite.c in LibTIF
- tiff3 
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2795
 CVE-2018-10962 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 
...)
-   TODO: check
+   NOT-FOR-US: Shanghai 2345 Security Guard
 CVE-2018-10961
RESERVED
 CVE-2018-10960
@@ -15,17 +15,17 @@ CVE-2018-10959
 CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a 
SIGABRT ...)
TODO: check
 CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for 
example) a ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-10956
RESERVED
 CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, 
X64 ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
TODO: check
 CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 
before ...)
@@ -49,7 +49,7 @@ CVE-2018-10944
 CVE-2018-10943
RESERVED
 CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute 
Wizard ...)
-   TODO: check
+   NOT-FOR-US: Attribute Wizard addon for PrestaShop
 CVE-2018-10941
RESERVED
 CVE-2018-10940 (The cdrom_ioctl_media_changed function in 
drivers/cdrom/cdrom.c in the ...)
@@ -1529,7 +1529,7 @@ CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an 
endless while loop in th
 CVE-2018-10315
RESERVED
 CVE-2018-10314 (Cross-site scripting (XSS) vulnerability in Open-AudIT 
Community 2.2.0 ...)
-   TODO: check
+   NOT-FOR-US: Open-AudIT Community
 CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D 
parameter ...)
NOT-FOR-US: WUZHI CMS
 CVE-2018-10312 (index.php?m=memberv=pw_reset in WUZHI CMS 4.1.0 allows 
CSRF to change ...)
@@ -4383,9 +4383,9 @@ CVE-2018-9114
 CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 
allows ...)
NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
 CVE-2018-9112 (A low privileged admin account with a weak default password of 
admin ...)
-   TODO: check
+   NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
 CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO 
AP-FC4064-T ...)
-   TODO: check
+   NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
 CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory 
Traversal via ...)
NOT-FOR-US: Studio 42 elFinder
 CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via 
the ...)
@@ -5036,7 +5036,7 @@ CVE-2018-8862
 CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk 
environment ...)
NOT-FOR-US: Philips Brilliance
 CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker 
may be ...)
-   TODO: check
+   NOT-FOR-US: Vecna VGo Robot
 CVE-2018-8859
RESERVED
 CVE-2018-8858
@@ -5117,7 +5117,7 @@ CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, 
RT-AC1750, RT-ACRH13, and RT-N
 CVE-2018-8825
RESERVED
 CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu 
...)
-   TODO: check
+   NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
 CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu 
...)
NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
 CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel 
function in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/275f9db2e2de7f6d5f32135fbb0d3392b74d5ea3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/275f9db2e2de7f6d5f32135fbb0d3392b74d5ea3
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-09 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ff31f7d2 by Salvatore Bonaccorso at 2018-05-09T22:33:08+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -234,7 +234,7 @@ CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file 
(2345BdPcSafe.sys, X
 CVE-2018-10829
RESERVED
 CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 
10.1.101.207. ...)
-   TODO: check
+   NOT-FOR-US: Alps Pointing-device Driver
 CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of 
service ...)
NOT-FOR-US: LiteCart
 CVE-2018-10826
@@ -386,7 +386,7 @@ CVE-2018-10771 (Stack-based buffer overflow in the get_key 
function in parse.c i
NOTE: 
https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
NOTE: Crash in CLI tool (neutralised by toolchain hardening), no 
security impact
 CVE-2018-10770 (download.rsp on ShenZhen Anni 5 in 1 XVR devices 
allows remote ...)
-   TODO: check
+   NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
 CVE-2018-10769
RESERVED
 CVE-2018-10768 (There is a NULL pointer dereference in the 
AnnotPath::getCoordsLength ...)
@@ -4857,9 +4857,9 @@ CVE-2018-8914
 CVE-2018-8913
RESERVED
 CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in 
SYNO.NoteStation.Note in ...)
-   TODO: check
+   NOT-FOR-US: Synology Note Station
 CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview 
in ...)
-   TODO: check
+   NOT-FOR-US: Synology Note Station
 CVE-2018-8910
RESERVED
 CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows 
attackers to ...)
@@ -4980,7 +4980,7 @@ CVE-2018-8868
 CVE-2018-8867
RESERVED
 CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker 
on an ...)
-   TODO: check
+   NOT-FOR-US: Vecna VGo Robot
 CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer 
overflow ...)
NOT-FOR-US: Lantech
 CVE-2018-8864
@@ -6537,75 +6537,75 @@ CVE-2018-8181
 CVE-2018-8180
RESERVED
 CVE-2018-8179 (A remote code execution vulnerability exists when Microsoft 
Edge ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8178 (A remote code execution vulnerability exists in the way that 
Microsoft ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8177 (A remote code execution vulnerability exists in the way that 
the ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8176
RESERVED
 CVE-2018-8175
RESERVED
 CVE-2018-8174 (A remote code execution vulnerability exists in the way that 
the ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft 
InfoPath ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8172
RESERVED
 CVE-2018-8171
RESERVED
 CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that 
the ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8169
RESERVED
 CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows 
Common ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8166 (An elevation of privilege vulnerability exists in Windows when 
the ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8165 (An elevation of privilege vulnerability exists when the DirectX 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8164 (An elevation of privilege vulnerability exists in Windows when 
the ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8163 (An information disclosure vulnerability exists when Microsoft 
Excel ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8162 (A remote code execution vulnerability exists in Microsoft Excel 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8161 (A remote code execution vulnerability exists in Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8160 (An information disclosure vulnerability exists in Outlook when 
a ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8159 (An elevation of privilege vulnerability exists when Microsoft 
Exchange ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8158 (A remote code execution vulnerability exists in Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8157 (A remote code execution vulnerability exists in Microsoft 
Office ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8156 (An elevation of privilege vulnerability exists 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-09 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1bb8beac by Salvatore Bonaccorso at 2018-05-09T20:39:21+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21,7 +21,7 @@ CVE-2018-10829
 CVE-2018-10828
RESERVED
 CVE-2018-10827 (LiteCart 2.1.2 allows remote attackers to cause a denial of 
service ...)
-   TODO: check
+   NOT-FOR-US: LiteCart
 CVE-2018-10826
RESERVED
 CVE-2018-10825
@@ -51,7 +51,7 @@ CVE-2018-10814
 CVE-2018-10813
RESERVED
 CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses 
cleartext ...)
-   TODO: check
+   NOT-FOR-US: Bitpie application for Android and iOS
 CVE-2018-10811
RESERVED
 CVE-2018-10810
@@ -104,7 +104,7 @@ CVE-2018-10797
 CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file 
(2345NetFirewall.sys) ...)
NOT-FOR-US: 2345 Security Guard
 CVE-2018-10795 (Liferay 6.2.x and before has an FCKeditor configuration that 
allows an ...)
-   TODO: check
+   NOT-FOR-US: Liferay
 CVE-2017-18265 [prosody crashed on error handling for stream errors]
- prosody 0.10.0-1 (bug #875829)
NOTE: https://prosody.im/issues/issue/987
@@ -25898,9 +25898,9 @@ CVE-2018-1250
 CVE-2018-1249
RESERVED
 CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console 
and ...)
-   TODO: check
+   NOT-FOR-US: RSA Authentication Mamager
 CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and 
earlier, ...)
-   TODO: check
+   NOT-FOR-US: RSA Authentication Manager
 CVE-2018-1246
RESERVED
 CVE-2018-1245



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bb8beac470bbf5dce39c40872234907da4257bf

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1bb8beac470bbf5dce39c40872234907da4257bf
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-08 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2c33351b by Salvatore Bonaccorso at 2018-05-08T22:14:27+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,13 +7,13 @@ CVE-2018-10811
 CVE-2018-10810
RESERVED
 CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file 
(2345NetFirewall.sys) ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10808
RESERVED
 CVE-2018-10807
RESERVED
 CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a 
reflected Cross ...)
-   TODO: check
+   NOT-FOR-US: Frog CMS
 CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in 
ReadYCBCRImage ...)
TODO: check
 CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in 
WriteTIFFImage ...)
@@ -49,7 +49,7 @@ CVE-2018-10798 (A hang issue was discovered in Brave before 
0.14.0 (on, for exam
 CVE-2018-10797
RESERVED
 CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file 
(2345NetFirewall.sys) ...)
-   TODO: check
+   NOT-FOR-US: 2345 Security Guard
 CVE-2018-10795 (Liferay 6.2.x and before has an FCKeditor configuration that 
allows an ...)
TODO: check
 CVE-2018- [prosody crashed on error handling for stream errors]
@@ -204,7 +204,7 @@ CVE-2018-10736
 CVE-2018-10735
RESERVED
 CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a 
...)
-   TODO: check
+   NOT-FOR-US: KONGTOP DVR devices
 CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
- libgxps  (low; bug #897954)
[wheezy] - libgxps  (Minor issue)
@@ -24722,7 +24722,7 @@ CVE-2018-1415 (IBM Maximo Asset Management 7.6 is 
vulnerable to cross-site scrip
 CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL 
...)
NOT-FOR-US: IBM Maximo Asset Management
 CVE-2018-1413 (IBM Cognos Analytics 11.0 is vulnerable to cross-site 
scripting. This ...)
-   TODO: check
+   NOT-FOR-US: IBM Cognos Analytics
 CVE-2018-1412
RESERVED
 CVE-2018-1411 (IBM Notes Diagnostics (IBM Client Application Access and IBM 
Notes) ...)
@@ -25193,9 +25193,9 @@ CVE-2017-17542
 CVE-2017-17541
RESERVED
 CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 
allows ...)
-   TODO: check
+   NOT-FOR-US: Fortinet FortiWLC
 CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC 
7.0.11 and ...)
-   TODO: check
+   NOT-FOR-US: Fortinet FortiWLC
 CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a 
denial of ...)
NOT-FOR-US: MikroTik
 CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an 
unauthenticated ...)
@@ -25854,7 +25854,7 @@ CVE-2018-1241
 CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an 
...)
NOT-FOR-US: EMC ViPR Controller
 CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to ...)
-   TODO: check
+   NOT-FOR-US: EMC Unity Operating Environment
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command 
injection ...)
NOT-FOR-US: EMC ScaleIO
 CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper 
restriction ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c33351be1dae98c9fcfa122deb7da7dbf6a36a1

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c33351be1dae98c9fcfa122deb7da7dbf6a36a1
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-05 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
aee4b384 by Salvatore Bonaccorso at 2018-05-06T00:15:02+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete 
action ...)
-   TODO: check
+   NOT-FOR-US: Datenstrom Yellow
 CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and 
resultant ...)
-   TODO: check
+   NOT-FOR-US: CSP MySQL User Manager
 CVE-2018-10756
RESERVED
 CVE-2018-10755



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee4b384c9b37d77c97d003058498006ea7c4d69

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aee4b384c9b37d77c97d003058498006ea7c4d69
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-05 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
64d0232a by Salvatore Bonaccorso at 2018-05-05T10:36:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,7 +5,7 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL 
Pointer Derefere
 CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in 
music.c ...)
TODO: check
 CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the 
title ...)
-   TODO: check
+   NOT-FOR-US: Tagregator plugin for WordPress
 CVE-2018-10751
RESERVED
 CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An 
...)
@@ -1173,7 +1173,7 @@ CVE-2018-10253 (Paessler PRTG Network Monitor before 
18.1.39.1648 mishandles sta
 CVE-2018-10252
RESERVED
 CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, 
ES440, and ...)
-   TODO: check
+   NOT-FOR-US: Sierra Wireless AirLink routers
 CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in 
a ...)
NOT-FOR-US: iCMS
 CVE-2018-10249 (baijiacms V3 has CSRF via ...)
@@ -35592,7 +35592,7 @@ CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer 
over-read in fill_buffer in 
 CVE-2017-15044 (The default installation of DocuWare Fulltext Search server 
through ...)
NOT-FOR-US: DocuWare Fulltext Search server
 CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, 
ES440, and ...)
-   TODO: check
+   NOT-FOR-US: Sierra Wireless AirLink routers
 CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 
1.9.x ...)
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/64d0232a07019098deac4b5851a44a2537953568

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/64d0232a07019098deac4b5851a44a2537953568
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-04 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5af9d455 by Salvatore Bonaccorso at 2018-05-04T10:16:10+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-10722 (In Cylance CylancePROTECT before 1470, an unprivileged local 
user can ...)
-   TODO: check
+   NOT-FOR-US: Cylance CylancePROTECT
 CVE-2018-10721
RESERVED
 CVE-2018-10720
@@ -180,7 +180,7 @@ CVE-2018-10643
 CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows 
remote ...)
NOT-FOR-US: Combodo iTop
 CVE-2018-10641 (D-Link DIR-601 A1 1.02NA devices do not require the old 
password for a ...)
-   TODO: check
+   NOT-FOR-US: D-Link
 CVE-2018-10640
RESERVED
 CVE-2018-10639
@@ -346,9 +346,9 @@ CVE-2018-10564 (XSS exists in Flexense DiskPulse Enterprise 
from v10.4 to v10.7.
 CVE-2018-10563 (An XSS in Flexense SyncBreeze affects all versions (tested 
from ...)
NOT-FOR-US: Flexense SyncBreeze
 CVE-2018-10562 (An issue was discovered on Dasan GPON home routers. Command 
Injection ...)
-   TODO: check
+   NOT-FOR-US: Dasan GPON home routers
 CVE-2018-10561 (An issue was discovered on Dasan GPON home routers. It is 
possible to ...)
-   TODO: check
+   NOT-FOR-US: Dasan GPON home routers
 CVE-2018-10560
RESERVED
 CVE-2018-10559
@@ -6472,7 +6472,7 @@ CVE-2018-8005
 CVE-2018-8004
RESERVED
 CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a 
directory ...)
-   TODO: check
+   NOT-FOR-US: Apache Ambari
 CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in 
...)
- libpodofo  (low; bug #892557)
[stretch] - libpodofo  (Minor issue)
@@ -51579,9 +51579,9 @@ CVE-2017-9660 (A Heap-Based Buffer Overflow was 
discovered in Fuji Electric Moni
 CVE-2017-9659 (A Stack-Based Buffer Overflow issue was discovered in Fuji 
Electric ...)
NOT-FOR-US: Fuji Electric Monitouch V-SFT
 CVE-2017-9658 (Certain 802.11 network management messages have been determined 
to ...)
-   TODO: check
+   NOT-FOR-US: Philips IntelliVue MX40
 CVE-2017-9657 (Under specific 802.11 network conditions, a partial 
re-association of ...)
-   TODO: check
+   NOT-FOR-US: Philips IntelliVue MX40
 CVE-2017-9656 (The backend database of the Philips DoseWise Portal application 
...)
NOT-FOR-US: Philips DoseWise Portal
 CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI 
Integrator ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af9d4551a9c0ef66ea015f3866811df4ba8ccdd

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5af9d4551a9c0ef66ea015f3866811df4ba8ccdd
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-02 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
294c9d8e by Salvatore Bonaccorso at 2018-05-02T22:56:56+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-10681
RESERVED
 CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site 
Scripting ...)
-   TODO: check
+   NOT-FOR-US: Z-BlogPHP
 CVE-2018-10679
RESERVED
 CVE-2018-10678
@@ -9,7 +9,7 @@ CVE-2018-10678
 CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 
lacks ...)
TODO: check
 CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision 
DVR ...)
-   TODO: check
+   NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK 
Vision DVR devices
 CVE-2018-10674
RESERVED
 CVE-2018-10673
@@ -29,7 +29,7 @@ CVE-2018-10667
 CVE-2018-10666
RESERVED
 CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, 
related to ...)
-   TODO: check
+   NOT-FOR-US: ILIAS
 CVE-2018-10664
RESERVED
 CVE-2018-10663
@@ -3426,7 +3426,7 @@ CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL 
pointer dereference flaw. I
 CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for 
...)
NOT-FOR-US: Sophos
 CVE-2018-9232 (Due to the lack of firmware authentication in the upgrade 
process of ...)
-   TODO: check
+   NOT-FOR-US: T WIFI Repeater BE126 devices
 CVE-2018-9231
RESERVED
 CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters 
are ...)
@@ -4160,7 +4160,7 @@ CVE-2018-8940
 CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp 
Gold ...)
NOT-FOR-US: Ipswitch
 CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp 
in ...)
-   TODO: check
+   NOT-FOR-US: Ipswitch
 CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is 
possible ...)
NOT-FOR-US: Open-AudIT Professional
 CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile 
processor chips ...)
@@ -13975,23 +13975,23 @@ CVE-2018-5522
 CVE-2018-5521
RESERVED
 CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 
11.2.1-11.6.3.1 ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 
11.2.1-11.6.3.1, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root 
users ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a 
self IP ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 
11.2.1-11.6.3.1, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication 
responses ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 
request ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5513
RESERVED
 CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) 
and SYN ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management 
Microkernel ...)
@@ -24169,7 +24169,7 @@ CVE-2018-1504
 CVE-2018-1503
RESERVED
 CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 
and 9.5 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2018-1501
RESERVED
 CVE-2018-1500
@@ -24237,7 +24237,7 @@ CVE-2018-1470
 CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could 
allow ...)
NOT-FOR-US: IBM API Connect Developer Portal
 CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get 
access ...)
-   TODO: check
+   NOT-FOR-US: IBM API Connect
 CVE-2018-1467
RESERVED
 CVE-2018-1466
@@ -24313,7 +24313,7 @@ CVE-2018-1432
 CVE-2018-1431
RESERVED
 CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to 
cross-site ...)
-   TODO: check
+   NOT-FOR-US: IBM API Connect
 CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable 
to ...)
NOT-FOR-US: IBM
 CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 
and ...)
@@ -24395,7 +24395,7 @@ CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 
and 3.1.0 for ACH Service
 CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...)
NOT-FOR-US: IBM
 CVE-2018-1389 (IBM API Connect 5.0.0.0 through 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-01 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
41725b1a by Salvatore Bonaccorso at 2018-05-02T07:24:52+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -113,7 +113,7 @@ CVE-2018-10583 (An information disclosure vulnerability 
occurs when LibreOffice 
 CVE-2018-10582
RESERVED
 CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user 
is able ...)
-   TODO: check
+   NOT-FOR-US: Octopus Deploy
 CVE-2018-10580
RESERVED
 CVE-2018-10579
@@ -628,7 +628,7 @@ CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU 
Binutils 2.30 allows remot
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23064
NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
 CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent 
plugin ...)
-   TODO: check
+   NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
 CVE-2018-1000178 [Implement custom deserializer to add our own sanity checks]
- quassel 1:0.12.5-1 (bug #896914)
NOTE: 
https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f
 (master)
@@ -650,7 +650,7 @@ CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. 
The content-manageme
 CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user 
management) ...)
NOT-FOR-US: Users (aka Front-end user management) plugin for October CMS
 CVE-2018-10365 (An XSS issue was discovered in the Threads to Link plugin 1.3 
for ...)
-   TODO: check
+   NOT-FOR-US: Threads to Link plugin for MyBB
 CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via 
the name ...)
NOT-FOR-US: BigTree CMS
 CVE-2018-10363



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41725b1abbbd9cddd2a46cfc6c20d55289ab7cc6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/41725b1abbbd9cddd2a46cfc6c20d55289ab7cc6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-05-01 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ddab00ad by Salvatore Bonaccorso at 2018-05-01T10:29:39+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,11 +9,11 @@ CVE-2018-10578
 CVE-2018-10577
RESERVED
 CVE-2018-10576 (An issue was discovered on WatchGuard AP100, AP102, and AP200 
devices ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard devices
 CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 
devices ...)
-   TODO: check
+   NOT-FOR-US: WatchGuard devices
 CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier 
allows ...)
-   TODO: check
+   NOT-FOR-US: BigTree CMS
 CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains 
a Cross ...)
TODO: check
 CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows 
remote ...)
@@ -530,7 +530,7 @@ CVE-2018-10366 (An issue was discovered in the Users (aka 
Front-end user managem
 CVE-2018-10365
RESERVED
 CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via 
the name ...)
-   TODO: check
+   NOT-FOR-US: BigTree CMS
 CVE-2018-10363
RESERVED
 CVE-2018-10360



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddab00ad2df605344309904ec566c809bb7bfd37

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddab00ad2df605344309904ec566c809bb7bfd37
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-30 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
20ebb059 by Salvatore Bonaccorso at 2018-04-30T10:15:59+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,15 +11,15 @@ CVE-2018-10556
 CVE-2018-10555
RESERVED
 CVE-2018-10554 (An issue was discovered in Nagios XI 5.4.13. There is XSS 
exploitable ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-10553 (An issue was discovered in Nagios XI 5.4.13. A registered user 
is able ...)
-   TODO: check
+   NOT-FOR-US: Nagios XI
 CVE-2018-10552
RESERVED
 CVE-2018-10551
RESERVED
 CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag 
variable ...)
-   TODO: check
+   NOT-FOR-US: Octopus Deploy
 CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 
7.0.30, ...)
TODO: check
 CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 
7.0.30, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20ebb0597f04294ecf9b4a7bcb01f25ef992e663

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/20ebb0597f04294ecf9b4a7bcb01f25ef992e663
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-26 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46421d05 by Salvatore Bonaccorso at 2018-04-27T06:42:10+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -74930,7 +74930,7 @@ CVE-2017-1752
 CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 
is ...)
NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
 CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 
through ...)
-   TODO: check
+   NOT-FOR-US: IBM Jazz Reporting Service
 CVE-2017-1749
RESERVED
 CVE-2017-1748
@@ -74982,13 +74982,13 @@ CVE-2017-1726
 CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational 
Products: ...)
NOT-FOR-US: IBM
 CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to 
cross-site ...)
-   TODO: check
+   NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote 
attacker to ...)
-   TODO: check
+   NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL 
injection. A ...)
-   TODO: check
+   NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an 
unauthenticated ...)
-   TODO: check
+   NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute 
...)
NOT-FOR-US: IBM Notes
 CVE-2017-1719
@@ -147244,7 +147244,7 @@ CVE-2014-5017 (SQL injection vulnerability in CPDB in 
...)
 CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in 
LimeSurvey ...)
- limesurvey  (bug #472802)
 CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress 
allows ...)
-   TODO: check
+   NOT-FOR-US: WordPress Flash Uploader plugin for WordPress
 CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
RESERVED
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
@@ -158297,9 +158297,9 @@ CVE-2014-0884 (Cross-site scripting (XSS) 
vulnerability in the Admin Web UI in I
 CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware 
...)
NOT-FOR-US: IBM
 CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System, 
NeXtScale, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2014-0881 (The TPM on Integrated Management Module II (IMM2) on IBM Flex 
System ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2014-0880 (IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and 
V7000; ...)
NOT-FOR-US: IBM SAN Volume Controller
 CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX 
control ...)
@@ -158317,7 +158317,7 @@ CVE-2014-0874 (Cross-site scripting (XSS) 
vulnerability in IBM Content Navigator
 CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the (1) ...)
NOT-FOR-US: IBM InfoSphere
 CVE-2014-0872 (The installation process in IBM Security Key Lifecycle Manager 
2.5 ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 
before ...)
NOT-FOR-US: IBM Algo Credit Limits
 CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in 
IBM ...)
@@ -169724,7 +169724,7 @@ CVE-2013-3949 (The posix_spawn system call in the XNU 
kernel in Apple Mac OS X 1
 CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination 
of the ...)
NOT-FOR-US: Apple iOS
 CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 
8.0.7.5 ...)
-   TODO: check
+   NOT-FOR-US: AhnLab V3 Internet Security
 CVE-2013-3946
RESERVED
 CVE-2013-3945



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/46421d05bebfdb1c8b2b377ef53ef242178e7156

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/46421d05bebfdb1c8b2b377ef53ef242178e7156
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-26 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55b2e766 by Salvatore Bonaccorso at 2018-04-26T10:24:11+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,13 +3,13 @@ CVE-2018-10427
 CVE-2018-10426
RESERVED
 CVE-2018-10425 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 
...)
-   TODO: check
+   NOT-FOR-US: Shanghai 2345 Security Guard
 CVE-2018-10424 (mc-admin/post-edit.php in MiniCMS 1.10 allows full path 
disclosure via ...)
-   TODO: check
+   NOT-FOR-US: MiniCMS
 CVE-2018-10423 (mc-admin/post.php in MiniCMS 1.10 allows remote attackers to 
obtain a ...)
-   TODO: check
+   NOT-FOR-US: MiniCMS
 CVE-2018-10422 (An issue was discovered in HongCMS 3.0.0. The post news 
feature has ...)
-   TODO: check
+   NOT-FOR-US: HongCMS
 CVE-2018-10421
RESERVED
 CVE-2018-10420
@@ -73,7 +73,7 @@ CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org 
libvorbis 1.3.6 does 
- libvorbis 
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
 CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via 
the email ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10390
RESERVED
 CVE-2018-10389
@@ -93,7 +93,7 @@ CVE-2018-10383
 CVE-2018-10382
RESERVED
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege 
...)
-   TODO: check
+   NOT-FOR-US: TunnelBear for Windows
 CVE-2018-10380
RESERVED
 CVE-2018-10379
@@ -3057,7 +3057,7 @@ CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not 
validate input from other so
 CVE-2018-9114
RESERVED
 CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 
allows ...)
-   TODO: check
+   NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
 CVE-2018-9112
RESERVED
 CVE-2018-9111
@@ -3075,13 +3075,13 @@ CVE-2018-9106 (CSV Injection (aka Excel Macro Injection 
or Formula Injection) ex
 CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege 
escalation ...)
NOT-FOR-US: NordVPN
 CVE-2018-9104 (A vulnerability in the conferencing component of Mitel MiVoice 
...)
-   TODO: check
+   NOT-FOR-US: Mitel
 CVE-2018-9103 (A vulnerability in the conferencing component of Mitel MiVoice 
...)
-   TODO: check
+   NOT-FOR-US: Mitel
 CVE-2018-9102 (A vulnerability in the conferencing component of Mitel MiVoice 
...)
-   TODO: check
+   NOT-FOR-US: Mitel
 CVE-2018-9101 (A vulnerability in the conferencing component of Mitel MiVoice 
...)
-   TODO: check
+   NOT-FOR-US: Mitel
 CVE-2018-9100
RESERVED
 CVE-2018-9099
@@ -3393,7 +3393,7 @@ CVE-2018-8975 (The pm_mallocarray2 function in 
lib/util/mallocvar.c in Netpbm th
- netpbm-free  (Vulnerable code not present)
NOTE: Debian uses an unaffected fork
 CVE-2018-8974 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 
allows ...)
-   TODO: check
+   NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
 CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an 
article, as ...)
NOT-FOR-US: OTCMS
 CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has 
CSRF in ...)
@@ -4173,7 +4173,7 @@ CVE-2017-18232 (The Serial Attached SCSI (SAS) 
implementation in the Linux kerne
 CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an 
administrator ...)
NOT-FOR-US: joyplus-cms
 CVE-2018-8716 (WSO2 Identity Server before 5.5.0 has XSS via the dashboard, 
allowing ...)
-   TODO: check
+   NOT-FOR-US: WSO2 Identity Server
 CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3, 
have a ...)
NOT-FOR-US: Embedthis HTTP library / Appweb
 CVE-2018-8714
@@ -13293,7 +13293,7 @@ CVE-2018-5488
 CVE-2018-5487
RESERVED
 CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 
7.3 ...)
-   TODO: check
+   NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
 CVE-2018-5485
RESERVED
 CVE-2018-5484



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55b2e766a15836d748431521c50484a37a7627e0

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55b2e766a15836d748431521c50484a37a7627e0
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-25 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55ca3d2f by Salvatore Bonaccorso at 2018-04-25T22:21:57+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,9 +7,9 @@ CVE-2018-10377
 CVE-2018-10376 (An integer overflow in the transferProxy function of a smart 
contract ...)
TODO: check
 CVE-2018-10375 (A file uploading vulnerability exists in ...)
-   TODO: check
+   NOT-FOR-US: DedeCMS
 CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box 
value) ...)
-   TODO: check
+   NOT-FOR-US: EasyCMS
 CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor 
(BFD) library ...)
TODO: check
 CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows 
remote ...)
@@ -29,11 +29,11 @@ CVE-2018-10370
 CVE-2018-10369
RESERVED
 CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The 
Extension Module - ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The 
content-management ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user 
management) ...)
-   TODO: check
+   NOT-FOR-US: Users (aka Front-end user management) plugin for October CMS
 CVE-2018-10365
RESERVED
 CVE-2018-10364
@@ -152,7 +152,7 @@ CVE-2018-10312 (index.php?m=memberv=pw_reset in WUZHI 
CMS 4.1.0 allows CSRF
 CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is 
persistent ...)
NOT-FOR-US: WUZHI CMS
 CVE-2018-10310 (A persistent cross-site scripting vulnerability has been 
identified in ...)
-   TODO: check
+   NOT-FOR-US: web interface of the Catapult UK Cookie Consent plugin for 
WordPress
 CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress 
...)
NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
 CVE-2018-10308
@@ -364,21 +364,21 @@ CVE-2018-10215
 CVE-2018-10214
RESERVED
 CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 
17.05.31. ...)
-   TODO: check
+   NOT-FOR-US: Vaultize Enterprise File Sharing
 CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the ...)
NOT-FOR-US: HyperHQ Hyper
 CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege 
escalation ...)
@@ -23572,7 +23572,7 @@ CVE-2018-1365
 CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML 
External ...)
NOT-FOR-US: IBM Content Navigator
 CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 
through ...)
-   TODO: check
+   NOT-FOR-US: IBM Jazz Reporting Service
 CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 
7.0.1 ...)
NOT-FOR-US: IBM Curam Social Program Management
 CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
@@ -41665,15 +41665,15 @@ CVE-2017-12718 (A Classic Buffer Overflow issue was 
discovered in Smiths Medical
 CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in 
Advantech ...)
NOT-FOR-US: Advantech WebAccess
 CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured 
prior to ...)
-   TODO: check
+   NOT-FOR-US: Abbott Laboratories Accent and Anthem pacemakers
 CVE-2017-12715
RESERVED
 CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 
2017 do ...)
-   TODO: check
+   NOT-FOR-US: Abbott Laboratories pacemakers
 CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-24 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
23bef396 by Salvatore Bonaccorso at 2018-04-24T10:47:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected 
XSS on ...)
TODO: check
 CVE-2018-10328 (Momentum Axel 720P 5.1.8 devices have a hardcoded password of 
streaming ...)
-   TODO: check
+   NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-10327
RESERVED
 CVE-2018-10326
@@ -15,13 +15,13 @@ CVE-2018-10323 (The xfs_bmap_extents_to_btree function in 
fs/xfs/libxfs/xfs_bmap
 CVE-2018-10322 (The xfs_dinode_verify function in 
fs/xfs/libxfs/xfs_inode_buf.c in the ...)
TODO: check
 CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability 
via ...)
-   TODO: check
+   NOT-FOR-US: Frog CMS
 CVE-2018-10320 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit 
layout[name] ...)
-   TODO: check
+   NOT-FOR-US: Frog CMS
 CVE-2018-10319 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit 
snippet[name] ...)
-   TODO: check
+   NOT-FOR-US: Frog CMS
 CVE-2018-10318 (Frog CMS 0.9.5 has XSS via the admin/?/page/edit 
page[keywords] ...)
-   TODO: check
+   NOT-FOR-US: Frog CMS
 CVE-2018-10317
RESERVED
 CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in 
the ...)
@@ -31,15 +31,15 @@ CVE-2018-10315
 CVE-2018-10314
RESERVED
 CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D 
parameter ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10312 (index.php?m=memberv=pw_reset in WUZHI CMS 4.1.0 allows 
CSRF to change ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is 
persistent ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10310
RESERVED
 CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress 
...)
-   TODO: check
+   NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
 CVE-2018-10308
RESERVED
 CVE-2018-10307
@@ -51,9 +51,9 @@ CVE-2018-10305 (The MessageSearch2 function in 
PersonalMessage.php in Simple Mac
 CVE-2018-10304
RESERVED
 CVE-2018-10303 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF 
before 9.1 ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018-10302 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF 
before 9.1 ...)
-   TODO: check
+   NOT-FOR-US: Foxit Reader
 CVE-2018- [Authorization bypass]
- phpliteadmin  (bug #896682)
NOTE: https://github.com/phpLiteAdmin/pla/issues/11
@@ -10094,7 +10094,7 @@ CVE-2018-6493
 CVE-2018-6492
RESERVED
 CVE-2018-6491 (Local Escalation of Priviledge vulnerability to Micro Focus 
Universal ...)
-   TODO: check
+   NOT-FOR-US: Micro Focus Universal CMDB
 CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
NOT-FOR-US: Micro Focus Operations Orchestration Software
 CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project 
and ...)
@@ -39870,7 +39870,7 @@ CVE-2017-13075
 CVE-2017-13074
RESERVED
 CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS 
application Photo ...)
-   TODO: check
+   NOT-FOR-US: NAP NAS application Photo Station
 CVE-2017-13072
RESERVED
 CVE-2017-13071 (QNAP has already patched this vulnerability. This security 
concern ...)
@@ -74544,7 +74544,7 @@ CVE-2017-1788 (IBM WebSphere Application Server 9 
installations using Form Login
 CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed 
...)
NOT-FOR-US: IBM Publishing Engine
 CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 
under ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated 
remote ...)
NOT-FOR-US: IBM API Connect
 CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary 
files ...)
@@ -74588,7 +74588,7 @@ CVE-2017-1766 (Due to incorrect authorization in IBM 
Business Process Manager 8.
 CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated 
user ...)
NOT-FOR-US: IBM
 CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 
10.2.2, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2017-1763
RESERVED
 CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle 
Management ...)
@@ -74714,7 +74714,7 @@ CVE-2017-1703
 CVE-2017-1702
RESERVED
 CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 
6.0.3, ...)
-   TODO: check
+   NOT-FOR-US: IBM
 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-23 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0da169b3 by Salvatore Bonaccorso at 2018-04-23T22:14:04+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,9 @@ CVE-2018- [Authorization bypass]
NOTE: https://github.com/phpLiteAdmin/pla/issues/11
NOTE: Fixed by: 
https://github.com/phpLiteAdmin/pla/commit/41545fe058e674a983f557bff13787df53167274
 CVE-2018-10301 (Cross-site scripting (XSS) vulnerability in the Web-Dorado 
Instagram ...)
-   TODO: check
+   NOT-FOR-US: Web-Dorado Instagram Feed WD plugin Premium for WordPress
 CVE-2018-10300 (Cross-site scripting (XSS) vulnerability in the Web-Dorado 
Instagram ...)
-   TODO: check
+   NOT-FOR-US: Web-Dorado Instagram Feed WD plugin for WordPress
 CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart 
contract ...)
TODO: check
 CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
@@ -150,9 +150,9 @@ CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to 
execute arbitrary PHP c
 CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP 
code via ...)
NOT-FOR-US: POSCMS
 CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile 
 ...)
-   TODO: check
+   NOT-FOR-US: User Profile & Membership plugin for WordPress
 CVE-2018-10233 (The User Profile  Membership plugin before 2.0.7 for 
WordPress has no ...)
-   TODO: check
+   NOT-FOR-US: User Profile & Membership plugin for WordPress
 CVE-2018-10232
RESERVED
 CVE-2018-10231
@@ -907,7 +907,7 @@ CVE-2018-9923 (An issue was discovered in idreamsoft iCMS 
through 7.0.7. CSRF ex
 CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. 
Physical path ...)
NOT-FOR-US: idreamsoft iCMS
 CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it 
possible ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-9920
RESERVED
 CVE-2018-9919
@@ -3376,7 +3376,7 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a 
heap-based buffer over-
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
NOTE: 
http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 
(nasm-2.13.02rc3)
 CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) 
doesn't check ...)
-   TODO: check
+   NOT-FOR-US: Lutron Quantum BACnet Integration
 CVE-2018-8879
RESERVED
 CVE-2018-8878
@@ -14823,7 +14823,7 @@ CVE-2018-4849
 CVE-2018-4848
RESERVED
 CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA 
Operator iOS ...)
-   TODO: check
+   NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
 CVE-2018-4846
RESERVED
 CVE-2018-4845



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da169b3f2575505e32553800fec15ca268fef0a

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da169b3f2575505e32553800fec15ca268fef0a
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-22 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
835778e3 by Salvatore Bonaccorso at 2018-04-22T08:21:33+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...)
-   TODO: check
+   NOT-FOR-US: Adaltech G-Ticket v70 EME104
 CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the 
patch/remote.php ...)
-   TODO: check
+   NOT-FOR-US: CliqueMania loja virtual
 CVE-2018-10282
RESERVED
 CVE-2018-10281
@@ -31,13 +31,13 @@ CVE-2018-10270
 CVE-2018-10269
RESERVED
 CVE-2018-10268 (An issue was discovered in FastAdmin V1.0.0.20180417_beta. 
There is XSS ...)
-   TODO: check
+   NOT-FOR-US: FastAdmin
 CVE-2018-10267 (WTCMS 1.0 has a CSRF vulnerability to add an administrator 
account via ...)
-   TODO: check
+   NOT-FOR-US: WTCMS
 CVE-2018-10266 (BEESCMS 4.0 has a CSRF vulnerability to add an administrator 
account ...)
-   TODO: check
+   NOT-FOR-US: BEESCMS
 CVE-2018-10265 (An issue was discovered in HongCMS v3.0.0. There is a CSRF ...)
-   TODO: check
+   NOT-FOR-US: HongCMS
 CVE-2018-10264
RESERVED
 CVE-2018-10263



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/835778e3b096ea5fdaf99735f7c77c4d92189d67

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/835778e3b096ea5fdaf99735f7c77c4d92189d67
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-21 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c7a73540 by Salvatore Bonaccorso at 2018-04-21T11:04:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles 
stack ...)
-   TODO: check
+   NOT-FOR-US: Paessler PRTG Network Monitor
 CVE-2018-10252
RESERVED
 CVE-2018-10251
@@ -201,13 +201,13 @@ CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an 
infinite loop in the ...)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
NOTE: 
https://github.com/ImageMagick/ImageMagick/commit/9fdda6391e38aaad3bfd6a30bd6a72bd31aeee02
 CVE-2018-10176 (Digital Guardian Management Console 7.1.2.0015 has a Directory 
...)
-   TODO: check
+   NOT-FOR-US: Digital Guardian Management Console
 CVE-2018-10175 (Digital Guardian Management Console 7.1.2.0015 has an XXE 
issue. ...)
-   TODO: check
+   NOT-FOR-US: Digital Guardian Management Console
 CVE-2018-10174 (Digital Guardian Management Console 7.1.2.0015 has an SSRF 
issue that ...)
-   TODO: check
+   NOT-FOR-US: Digital Guardian Management Console
 CVE-2018-10173 (Digital Guardian Management Console 7.1.2.0015 allows 
authenticated ...)
-   TODO: check
+   NOT-FOR-US: Digital Guardian Management Console
 CVE-2018-10172 (7-Zip through 18.01 on Windows implements the Large 
memory pages ...)
NOT-FOR-US: 7-Zip
 CVE-2018-10171
@@ -432,11 +432,11 @@ CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 
contains an admin password
 CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
 CVE-2018-10079 (Geist WatchDog Console 3.2.2 uses a weak ACL for the ...)
-   TODO: check
+   NOT-FOR-US: Geist WatchDog Console
 CVE-2018-10078 (Cross-site scripting (XSS) vulnerability in Geist WatchDog 
Console ...)
-   TODO: check
+   NOT-FOR-US: Geist WatchDog Console
 CVE-2018-10077 (XML external entity (XXE) vulnerability in Geist WatchDog 
Console ...)
-   TODO: check
+   NOT-FOR-US: Geist WatchDog Console
 CVE-2018-10076
RESERVED
 CVE-2018-10075
@@ -2761,7 +2761,7 @@ CVE-2018-9061
 CVE-2018-9060
RESERVED
 CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web 
Server 7.2 ...)
-   TODO: check
+   NOT-FOR-US: Easy File Sharing (EFS)
 CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop 
in the ...)
- lrzip  (unimportant)
NOTE: https://github.com/ckolivas/lrzip/issues/93
@@ -3374,7 +3374,7 @@ CVE-2018-8828 (A Buffer Overflow issue was discovered in 
Kamailio before 4.4.7, 
 CVE-2018-8827
RESERVED
 CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and 
RT-N12 D1 ...)
-   TODO: check
+   NOT-FOR-US: ASUS routers
 CVE-2018-8825
RESERVED
 CVE-2018-8824
@@ -5888,7 +5888,7 @@ CVE-2018-7749 (The SSH server implementation of AsyncSSH 
before 1.12.1 does not 
 CVE-2018-7748
RESERVED
 CVE-2018-7747 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Caldera ...)
-   TODO: check
+   NOT-FOR-US: Caldera Forms plugin for WordPress
 CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. 
...)
NOT-FOR-US: Western Bridge Cobub Razor
 CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. 
...)
@@ -26860,7 +26860,7 @@ CVE-2018-0566
 CVE-2018-0565
RESERVED
 CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, 
EC-CUBE ...)
-   TODO: check
+   NOT-FOR-US: EC-CUBE
 CVE-2018-0563
RESERVED
 CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine 
Free ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7a735401d7830f201cc68edd518906f8f9e8a95

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c7a735401d7830f201cc68edd518906f8f9e8a95
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-21 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2c6af1f6 by Salvatore Bonaccorso at 2018-04-21T07:59:38+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,9 +1,9 @@
 CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in 
a ...)
-   TODO: check
+   NOT-FOR-US: iCMS
 CVE-2018-10249 (baijiacms V3 has CSRF via ...)
-   TODO: check
+   NOT-FOR-US: baijiacms
 CVE-2018-10248 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF 
...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10247
RESERVED
 CVE-2018-10246
@@ -100,7 +100,7 @@ CVE-2018-10203
 CVE-2018-10202
RESERVED
 CVE-2018-10201 (An issue was discovered in NcMonitorServer.exe in NC Monitor 
Server in ...)
-   TODO: check
+   NOT-FOR-US: NC Monitor Server
 CVE-2017-18261 (The arch_timer_reg_read_stable macro in ...)
- linux 4.13.4-1
NOTE: Fixed by: 
https://git.kernel.org/linus/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4 (4.13-rc6)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c6af1f6eae0c66c4d8f6541b1d9958b563576f2

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2c6af1f6eae0c66c4d8f6541b1d9958b563576f2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-20 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f15d5a3 by Salvatore Bonaccorso at 2018-04-20T10:53:11+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4931,7 +4931,7 @@ CVE-2018-8120
 CVE-2018-8119
RESERVED
 CVE-2018-8118 (A remote code execution vulnerability exists when Internet 
Explorer ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft 
...)
NOT-FOR-US: Microsoft
 CVE-2018-8116 (A denial of service vulnerability exists in the way that 
Windows ...)
@@ -25174,13 +25174,13 @@ CVE-2017-17315
 CVE-2017-17314
RESERVED
 CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with 
Versions ...)
-   TODO: check
+   NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones
 CVE-2017-17312
RESERVED
 CVE-2017-17311
RESERVED
 CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2017-17309
RESERVED
 CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, 
...)
@@ -27545,27 +27545,27 @@ CVE-2018-0278
 CVE-2018-0277
RESERVED
 CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0275 (A vulnerability in the support tunnel feature of Cisco Identity 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0274
RESERVED
 CVE-2018-0273 (A vulnerability in the IPsec Manager of Cisco StarOS for Cisco 
...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0272 (A vulnerability in the Secure Sockets Layer (SSL) Engine of 
Cisco ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0271
RESERVED
 CVE-2018-0270
RESERVED
 CVE-2018-0269 (A vulnerability in the web framework of the Cisco Digital 
Network ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0268
RESERVED
 CVE-2018-0267 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified 
Communications ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0265
RESERVED
 CVE-2018-0264
@@ -27577,25 +27577,25 @@ CVE-2018-0262
 CVE-2018-0261
RESERVED
 CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could 
allow an ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco 
MATE ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0258
RESERVED
 CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR 
Series ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0256 (A vulnerability in the peer-to-peer message processing 
functionality of ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco 
Industrial ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower 
System ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0253
RESERVED
 CVE-2018-0252
RESERVED
 CVE-2018-0251 (A vulnerability in the Web Server Authentication Required 
screen of the ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0250
RESERVED
 CVE-2018-0249
@@ -27609,21 +27609,21 @@ CVE-2018-0246
 CVE-2018-0245
RESERVED
 CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower 
System ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower 
System ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0242 (A vulnerability in the WebVPN web-based management interface of 
Cisco ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0241 (A vulnerability in the UDP broadcast forwarding function of 
Cisco IOS ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0240 (Multiple vulnerabilities in the Application Layer Protocol 
Inspection ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0239 (A vulnerability in the egress packet processing functionality 
of the ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0238 (A vulnerability in the role-based resource checking 
functionality of ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0237 (A vulnerability in the file type detection mechanism of the 
Cisco ...)
-   TODO: check
+   NOT-FOR-US: Cisco
 CVE-2018-0236
RESERVED
 CVE-2018-0235
@@ -27631,19 +27631,19 @@ CVE-2018-0235
 CVE-2018-0234
RESERVED
 CVE-2018-0233 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-19 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
80cfa868 by Salvatore Bonaccorso at 2018-04-19T22:28:15+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP 
code via ...)
-   TODO: check
+   NOT-FOR-US: POSCMS
 CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP 
code via ...)
-   TODO: check
+   NOT-FOR-US: POSCMS
 CVE-2018-10234
RESERVED
 CVE-2018-10233
@@ -17,23 +17,23 @@ CVE-2018-10229
 CVE-2018-10228
RESERVED
 CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link 
parameter. ...)
-   TODO: check
+   NOT-FOR-US: MiniCMS
 CVE-2018-10226
RESERVED
 CVE-2018-10225 (thinkphp 3.1.3 has SQL Injection via the index.php s 
parameter. ...)
TODO: check
 CVE-2018-10224 (An issue was discovered in YzmCMS 3.8. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: YzmCMS
 CVE-2018-10223 (An issue was discovered in YzmCMS 3.8. There is a CSRF 
vulnerability ...)
-   TODO: check
+   NOT-FOR-US: YzmCMS
 CVE-2018-10222 (An issue was discovered in idreamsoft iCMS V7.0. There is a 
CSRF ...)
-   TODO: check
+   NOT-FOR-US: idreamsoft iCMS
 CVE-2018-10221 (An issue was discovered in WUZHI CMS V4.1.0. There is a 
persistent XSS ...)
-   TODO: check
+   NOT-FOR-US: WUZHI CMS
 CVE-2018-10220 (** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by 
the ...)
TODO: check
 CVE-2018-10219 (baijiacms V3 has physical path leakage via an ...)
-   TODO: check
+   NOT-FOR-US: baijiacms
 CVE-2018-10218
RESERVED
 CVE-2018-10217
@@ -2552,7 +2552,7 @@ CVE-2018-9138 (An issue was discovered in cplus-dem.c in 
GNU libiberty, as ...)
[wheezy] - binutils  (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
 CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)
-   TODO: check
+   NOT-FOR-US: Open-AudIT
 CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows 
attackers ...)
NOT-FOR-US: Jungo
 CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer 
over-read in ...)
@@ -5444,7 +5444,7 @@ CVE-2018-7922
 CVE-2018-7921
RESERVED
 CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 
...)
-   TODO: check
+   NOT-FOR-US: Huawei
 CVE-2018-7919
RESERVED
 CVE-2018-7918
@@ -5486,7 +5486,7 @@ CVE-2018-7901
 CVE-2018-7900
RESERVED
 CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart 
phones ...)
-   TODO: check
+   NOT-FOR-US: Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart 
phones
 CVE-2018-7898
RESERVED
 CVE-2018-7897
@@ -10489,7 +10489,7 @@ CVE-2018-6308 (Multiple SQL injections exist in 
SugarCRM Community Edition 6.5.2
 CVE-2018-6307
RESERVED
 CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as 
DLL ...)
-   TODO: check
+   NOT-FOR-US: Kaspersky Password Manager
 CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 
7.65 ...)
NOT-FOR-US: Gemalto
 CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK 
RTE ...)
@@ -16719,9 +16719,9 @@ CVE-2018-3845
 CVE-2018-3844
RESERVED
 CVE-2018-3843 (An exploitable type confusion vulnerability exists in the way 
Foxit ...)
-   TODO: check
+   NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3842 (An exploitable use of an uninitialized pointer vulnerability 
exists in ...)
-   TODO: check
+   NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3841
RESERVED
 CVE-2018-3840



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80cfa8683da8a6fe170ea71a73fc9973252aa426

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80cfa8683da8a6fe170ea71a73fc9973252aa426
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-18 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ef08f1d by Salvatore Bonaccorso at 2018-04-19T07:41:41+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17,15 +17,15 @@ CVE-2018-1000167 (OISF suricata-update version 1.0.0a1 
contains an Insecure ...)
 CVE-2018-1000166
RESERVED
 CVE-2018-1000165 (LightSAML version prior to 1.3.5 contains a Incorrect Access 
Control ...)
-   TODO: check
+   NOT-FOR-US: LightSAML
 CVE-2018-1000163 (Floodlight version 1.2 and earlier contains a Cross Site 
Scripting ...)
-   TODO: check
+   NOT-FOR-US: Floodlight
 CVE-2018-1000162 (Parsedown version prior to 1.7.0 contains a Cross Site 
Scripting (XSS) ...)
TODO: check
 CVE-2018-1000160 (RisingStack protect version 1.2.0 and earlier contains a 
Cross Site ...)
TODO: check
 CVE-2018-1000158 (cmsmadesimple version 2.2.7 contains a Incorrect Access 
Control ...)
-   TODO: check
+   NOT-FOR-US: CMS Made Simple
 CVE-2018-10199 (In versions of mruby up to and including 1.4.0, a 
use-after-free ...)
- mruby  (bug #896021)
NOTE: https://github.com/mruby/mruby/issues/4001
@@ -41,7 +41,7 @@ CVE-2018-10191 (In versions of mruby up to and including 
1.4.0, an integer overf
 CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access 
(PIA) VPN ...)
NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client 
for Windows
 CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. 
It is ...)
-   TODO: check
+   NOT-FOR-US: Mautic
 CVE-2018-10188
RESERVED
 CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in 
the ...)
@@ -4944,7 +4944,7 @@ CVE-2018-8094
 CVE-2018-8093
RESERVED
 CVE-2018-8092 (Mautic before 2.13.0 allows CSV injection. ...)
-   TODO: check
+   NOT-FOR-US: Mautic
 CVE-2018-8091
RESERVED
 CVE-2018-8090
@@ -5006,7 +5006,7 @@ CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote 
attackers to execute arbitrar
 CVE-2018-8072
RESERVED
 CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. 
...)
-   TODO: check
+   NOT-FOR-US: Mautic
 CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
NOT-FOR-US: QCMS
 CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
@@ -10018,7 +10018,7 @@ CVE-2018-6415
 CVE-2018-6414
RESERVED
 CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S 
of ...)
-   TODO: check
+   NOT-FOR-US: Hikvision Camera DS-2CD9111-S
 CVE-2018-6412 (In the function sbusfb_ioctl_helper() in 
drivers/video/fbdev/sbuslib.c ...)
- linux  (unimportant)
NOTE: https://marc.info/?l=linux-fbdev=151734425901499=2
@@ -13088,17 +13088,17 @@ CVE-2018-5344 (In the Linux kernel through 4.14.13, 
drivers/block/loop.c mishand
 CVE-2018-5343
RESERVED
 CVE-2018-5342 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5341 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5340 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5339 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5338 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5337 (An issue was discovered in Zoho ManageEngine Desktop Central 
10.0.124 ...)
-   TODO: check
+   NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, 
NTP, ...)
{DSA-4101-1 DLA-1258-1}
- wireshark 2.4.4-1
@@ -24167,7 +24167,7 @@ CVE-2018-1242
 CVE-2018-1241
RESERVED
 CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an 
...)
-   TODO: check
+   NOT-FOR-US: EMC ViPR Controller
 CVE-2018-1239
RESERVED
 CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command 
injection ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef08f1da2a7adf1933fd48cd7492c38bce53a45

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef08f1da2a7adf1933fd48cd7492c38bce53a45
You're receiving this email because of your account on salsa.debian.org.
___

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-18 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ec974384 by Salvatore Bonaccorso at 2018-04-18T21:05:45+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,11 @@
 CVE-2018-10193 (LogMeIn LastPass through 4.9.1 allows remote attackers to 
cause a ...)
-   TODO: check
+   NOT-FOR-US: LogMeIn LastPass
 CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege 
escalation ...)
-   TODO: check
+   NOT-FOR-US: IPVanish for macOS
 CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer 
overflow ...)
TODO: check
 CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access 
(PIA) VPN ...)
-   TODO: check
+   NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client 
for Windows
 CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. 
It is ...)
TODO: check
 CVE-2018-10188
@@ -113,7 +113,7 @@ CVE-2018-10140
 CVE-2018-10139
RESERVED
 CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly 
...)
-   TODO: check
+   NOT-FOR-US: DNN
 CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the 
manage_settings section of the ...)
NOT-FOR-US: iScripts UberforX
 CVE-2018-10136 (iScripts UberforX 2.2 has Stored XSS in the 
manage_settings section ...)
@@ -3175,7 +3175,7 @@ CVE-2018-8840
 CVE-2018-8839
RESERVED
 CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions, 
CENTUM ...)
-   TODO: check
+   NOT-FOR-US: CENTUM
 CVE-2018-8837
RESERVED
 CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include 
a ...)
@@ -6482,7 +6482,7 @@ CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting 
issue was discovered in
 CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Wordpress plugin
 CVE-2018-7539 (On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, 
it is ...)
-   TODO: check
+   NOT-FOR-US: Appear TV XC5000 and XC5100 devices
 CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of 
Enalean ...)
NOT-FOR-US: Enalean Tuleap
 CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing 
x86 PVH ...)
@@ -71621,7 +71621,7 @@ CVE-2017-2873
 CVE-2017-2872
RESERVED
 CVE-2017-2871 (Insufficient security checks exist in the recovery procedure 
used by ...)
-   TODO: check
+   NOT-FOR-US: Foscam C1 Indoor HD Camera
 CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...)
- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec974384a1e04970e32c23ca3a3d484dcb145752

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec974384a1e04970e32c23ca3a3d484dcb145752
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-17 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5fb4adfd by Salvatore Bonaccorso at 2018-04-18T07:10:51+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,11 +3,11 @@ CVE-2018-10187
 CVE-2018-10186
RESERVED
 CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...)
-   TODO: check
+   NOT-FOR-US: TuziCMS
 CVE-2018-10184
RESERVED
 CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site 
...)
-   TODO: check
+   NOT-FOR-US: BigTree
 CVE-2018-10182
RESERVED
 CVE-2018-1000199
@@ -3156,7 +3156,7 @@ CVE-2018-8836 (Wago 750 Series PLCs with firmware version 
10 and prior include a
 CVE-2018-8835
RESERVED
 CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 
and ...)
-   TODO: check
+   NOT-FOR-US: Omron
 CVE-2018-8833
RESERVED
 CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable 
...)
@@ -6492,7 +6492,7 @@ CVE-2018-7532 (Unauthentication vulnerabilities have been 
identified in Geutebru
 CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI 
Data ...)
NOT-FOR-US: OSIsoft PI
 CVE-2018-7530 (Parsing malformed project files in Omron CX-One versions 4.42 
and ...)
-   TODO: check
+   NOT-FOR-US: Omron
 CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in 
OSIsoft PI ...)
NOT-FOR-US: OSIsoft PI
 CVE-2018-7528 (An SQL injection vulnerability has been identified in 
Geutebruck ...)
@@ -6524,7 +6524,7 @@ CVE-2018-7516 (A server-side request forgery 
vulnerability has been identified i
 CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7514 (Parsing malformed project files in Omron CX-One versions 4.42 
and ...)
-   TODO: check
+   NOT-FOR-US: Omron
 CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing 
malformed ...)
NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7512 (A cross-site scripting vulnerability has been identified in 
Geutebruck ...)
@@ -9740,7 +9740,7 @@ CVE-2017-18104
 CVE-2017-18103
RESERVED
 CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 
8.0.0 ...)
-   TODO: check
+   NOT-FOR-US: wiki markup component of atlassian-renderer
 CVE-2017-18101 (Various administrative external system import resources in 
Atlassian ...)
NOT-FOR-US: Atlassian
 CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 
7.8.1 ...)
@@ -13361,7 +13361,7 @@ CVE-2018-5192
 CVE-2018-5191
REJECTED
 CVE-2018-5190 (PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B 
allows ...)
-   TODO: check
+   NOT-FOR-US: PicturesPro Photo Cart
 CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to 
cause a ...)
NOT-FOR-US: Jungo Windriver
 CVE-2018-5188
@@ -22634,7 +22634,7 @@ CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 
7.2) and (IBM Spectrum Pr
 CVE-2018-1446
RESERVED
 CVE-2018-1445 (IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is 
vulnerable ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Portal
 CVE-2018-1444 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site 
...)
NOT-FOR-US: IBM
 CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single 
sign-on ...)
@@ -22782,7 +22782,7 @@ CVE-2018-1373 (IBM Security Guardium Big Data 
Intelligence (SonarG) 3.1 uses an 
 CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does 
not ...)
NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1371 (An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client 
connecting to a ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere MQ
 CVE-2018-1370
RESERVED
 CVE-2018-1369
@@ -40868,7 +40868,7 @@ CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) 
issue was discovered in West
 CVE-2017-12702 (An Externally Controlled Format String issue was discovered in 
...)
NOT-FOR-US: Advantech WebAccess
 CVE-2017-12701 (BMC Medical Luna CPAP Machines released prior to July 1, 2017, 
contain ...)
-   TODO: check
+   NOT-FOR-US: BMC Medical Luna CPAP Machines
 CVE-2017-12700
RESERVED
 CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in 
AzeoTech ...)
@@ -49729,15 +49729,15 @@ CVE-2017-9640 (A Path Traversal issue was discovered 
in Automated Logic Corporat
 CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 
3.3.22.0 and ...)
NOT-FOR-US: Fuji Electric V-Server
 CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code 
...)
-   TODO: check
+   NOT-FOR-US: Mitsubishi E-Designer
 

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-17 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
164f0443 by Salvatore Bonaccorso at 2018-04-17T10:46:59+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,7 +5,7 @@ CVE-2018-10180
 CVE-2018-10179
RESERVED
 CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome 
allows ...)
-   TODO: check
+   NOT-FOR-US: FromDocToPDF extension for Ghrome
 CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ...)
TODO: check
 CVE-2018-10176



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/164f0443e12e44d8f3494b60fe3b1da7c55c5188

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/164f0443e12e44d8f3494b60fe3b1da7c55c5188
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fdaf72f9 by Salvatore Bonaccorso at 2018-04-16T22:53:32+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26279,11 +26279,11 @@ CVE-2018-0564
 CVE-2018-0563
RESERVED
 CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine 
Free ...)
-   TODO: check
+   NOT-FOR-US: Installer of SoundEngine Free
 CVE-2018-0561 (Untrusted search path vulnerability in The installer of 
PhishWall ...)
-   TODO: check
+   NOT-FOR-US: Installer of PhishWall Client Internet Explorer
 CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote 
...)
-   TODO: check
+   NOT-FOR-US: Hatena Bookmark App for iOS
 CVE-2018-0559
RESERVED
 CVE-2018-0558
@@ -26301,13 +26301,13 @@ CVE-2018-0553 (The iRemoconWiFi App for Android 
version 4.1.7 and earlier does n
 CVE-2018-0552 (Untrusted search path vulnerability in The installer of 
PhishWall ...)
NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition 
for Windows)
 CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 
4.6.1 ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 
4.6.0 ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin 
prior to ...)
NOT-FOR-US: WP All Import plugin for WordPress
 CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin 
prior to ...)
@@ -26337,13 +26337,13 @@ CVE-2018-0535 (Cross-site scripting vulnerability in 
PHP 2chBBS version bbs18c a
 CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 
allows an ...)
NOT-FOR-US: ArsenoL
 CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 
allows ...)
-   TODO: check
+   NOT-FOR-US: Cybozu Garoon
 CVE-2018-0529
RESERVED
 CVE-2018-0528
@@ -60417,7 +60417,7 @@ CVE-2017-6325 (The Symantec Messaging Gateway can 
encounter a file inclusion ...
 CVE-2017-6324 (The Symantec Messaging Gateway, when processing a specific 
email ...)
NOT-FOR-US: Symantec
 CVE-2017-6323 (The Symantec Management Console prior to ITMS 8.1 RU1, ITMS ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2017-6322
RESERVED
 CVE-2017- [scanelf: out of bounds read in scanelf_file_get_symtabs 
(scanelf.c)]
@@ -79379,9 +79379,9 @@ CVE-2016-9096
 CVE-2016-9095
REJECTED
 CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in 
...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec 
Endpoint ...)
-   TODO: check
+   NOT-FOR-US: Symantec
 CVE-2016-9092
REJECTED
 CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and 
Content ...)
@@ -128314,7 +128314,7 @@ CVE-2015-1954 (Stack-based buffer overflow in the 
server in IBM Tivoli Storage .
 CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
NOT-FOR-US: IBM
 CVE-2015-1952 (Cross-site scripting (XSS) vulnerability in IBM AppScan 
Enterprise ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2015-1951 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 
7.5.0.8 ...)
NOT-FOR-US: IBM
 CVE-2015-1950 (IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not 
require ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdaf72f958e84ce133657538979f6ed6583e2f99

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fdaf72f958e84ce133657538979f6ed6583e2f99
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-16 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8f8247aa by Salvatore Bonaccorso at 2018-04-16T22:21:00+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,15 +1,15 @@
 CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the 
manage_settings section of the ...)
-   TODO: check
+   NOT-FOR-US: iScripts UberforX
 CVE-2018-10136 (iScripts UberforX 2.2 has Stored XSS in the 
manage_settings section ...)
-   TODO: check
+   NOT-FOR-US: iScripts UberforX
 CVE-2018-10135 (iScripts eSwap v2.4 has Reflected XSS via the 
catwiseproducts.php ...)
-   TODO: check
+   NOT-FOR-US: iScripts eSwap
 CVE-2018-10134
RESERVED
 CVE-2018-10133 (PbootCMS v0.9.8 allows PHP code injection via an IF label in 
...)
-   TODO: check
+   NOT-FOR-US: PbootCMS
 CVE-2018-10132 (PbootCMS v0.9.8 has CSRF via an ...)
-   TODO: check
+   NOT-FOR-US: PbootCMS
 CVE-2018-10131
RESERVED
 CVE-2018-10130
@@ -17,9 +17,9 @@ CVE-2018-10130
 CVE-2018-10129
RESERVED
 CVE-2018-10128 (An issue was discovered in XYHCMS 3.5. It has XSS via the test 
...)
-   TODO: check
+   NOT-FOR-US: XYHCMS
 CVE-2018-10127 (An issue was discovered in XYHCMS 3.5. It has CSRF via an ...)
-   TODO: check
+   NOT-FOR-US: XYHCMS
 CVE-2018-10126
RESERVED
 CVE-2018-10125



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f8247aaea133b4a1d8e3b591df16d20e6c18dca

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f8247aaea133b4a1d8e3b591df16d20e6c18dca
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-15 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6b2c2dc1 by Salvatore Bonaccorso at 2018-04-15T17:32:05+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18,7 +18,7 @@ CVE-2018-10111 (An issue was discovered in GEGL through 
0.3.32. The render_recta
 CVE-2018-10110
RESERVED
 CVE-2018-10109 (Monstra CMS 3.0.4 has a stored XSS vulnerability when an 
attacker has ...)
-   TODO: check
+   NOT-FOR-US: Monstra CMS
 CVE-2018-10108
RESERVED
 CVE-2018-10107



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b2c2dc10b4e32446d4086c1d31f3c96b11c21d5

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6b2c2dc10b4e32446d4086c1d31f3c96b11c21d5
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-14 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a90bed9a by Salvatore Bonaccorso at 2018-04-14T14:54:56+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -154012,7 +154012,7 @@ CVE-2014-2071 (Aruba Networks ClearPass Policy 
Manager 6.1.x, 6.2.x before ...)
 CVE-2014-2070
RESERVED
 CVE-2014-2069 (Absolute path traversal vulnerability in Eshtery CMS allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: Eshtery CMS
 CVE-2014-2068 (The doIndex function in hudson/util/RemotingDiagnostics.java in 
...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: 
https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a90bed9abb813afaf490e3b97023e1a905c224ca

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/a90bed9abb813afaf490e3b97023e1a905c224ca
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

2018-04-14 Thread Salvatore Bonaccorso
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3ad98196 by Salvatore Bonaccorso at 2018-04-14T07:21:17+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-10096 (joyplus-cms 1.6.0 has XSS via the device_name parameter in a 
...)
-   TODO: check
+   NOT-FOR-US: joyplus-cms
 CVE-2018-10095
RESERVED
 CVE-2018-10094
@@ -58,7 +58,7 @@ CVE-2018-10068 (The jDownloads extension before 3.2.59 for 
Joomla! has XSS. ...)
 CVE-2018-10067
RESERVED
 CVE-2018-10066 (An issue was discovered in MikroTik RouterOS 6.41.4. Missing 
OpenVPN ...)
-   TODO: check
+   NOT-FOR-US: MikroTik RouterOS
 CVE-2018-10065
RESERVED
 CVE-2018-10064
@@ -8001,9 +8001,9 @@ CVE-2018-6961
 CVE-2018-6960
RESERVED
 CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...)
-   TODO: check
+   NOT-FOR-US: VMware vRealize Automation
 CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a ...)
-   TODO: check
+   NOT-FOR-US: VMware vRealize Automation
 CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x 
before ...)
NOT-FOR-US: VMware
 CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the 
fs.protected_hardlinks ...)
@@ -9256,9 +9256,9 @@ CVE-2018-6548 (A use-after-free issue was discovered in 
libwebm through 2018-02-
NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
NOTE: 
https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
 CVE-2018-6547 (plays_service.exe in the plays.tv service before 1.27.7.0, as 
...)
-   TODO: check
+   NOT-FOR-US: plays_service.exe in the plays.tv service
 CVE-2018-6546 (plays_service.exe in the plays.tv service before 1.27.7.0, as 
...)
-   TODO: check
+   NOT-FOR-US: plays_service.exe in the plays.tv service
 CVE-2018-6545 (Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site 
Scripting ...)
NOT-FOR-US: Ipswitch MoveIt
 CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 
could ...)
@@ -12248,17 +12248,17 @@ CVE-2018-5513
 CVE-2018-5512
RESERVED
 CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management 
Microkernel ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a 
specifically ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5508 (On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 
11.6.0-11.6.2, ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5507 (On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, 
or ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5506 (In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 
11.2.1 ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are 
both ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM) 
does ...)
@@ -60760,13 +60760,13 @@ CVE-2017-6160 (In F5 BIG-IP AAM and PEM software 
version 12.0.0 to 12.1.1, 11.6.
 CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6158 (In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 
11.2.1 ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link 
...)
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6156 (When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, 
or ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 
11.4.1-11.5.5, or ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 
11.6.1 - ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6153
@@ -60780,7 +60780,7 @@ CVE-2017-6150 (Under certain conditions for F5 BIG-IP 
systems 13.0.0 or 12.1.0 -
 CVE-2017-6149
RESERVED
 CVE-2017-6148 (Responses to SOCKS proxy requests made through F5 BIG-IP 
version ...)
-   TODO: check
+   NOT-FOR-US: F5 BIG-IP
 CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link 
Controller, ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6146
@@ -60790,7 +60790,7 @@ CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, 
AFM, Analytics, APM, ASM, DN
 CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the 
Type ...)
NOT-FOR-US: F5 BIG-IP
 CVE-2017-6143 (X509