[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Tue, 23 Jan 2018 12:50:01 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8c857635 by Salvatore Bonaccorso at 2018-01-23T21:49:18+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-6029 (The copy function in application/admin/controller/Article.php 
in ...)
-       TODO: check
+       NOT-FOR-US: NoneCms
 CVE-2018-6028
        RESERVED
 CVE-2018-6027
@@ -13,7 +13,7 @@ CVE-2018-6024
 CVE-2018-6023
        RESERVED
 CVE-2018-6022 (Directory traversal vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: NoneCms
 CVE-2018-6021
        RESERVED
 CVE-2018-6020
@@ -31,15 +31,15 @@ CVE-2018-6015
 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from 
domain="*" Flash ...)
        TODO: check
 CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote 
users to ...)
-       TODO: check
+       NOT-FOR-US: BigTree CMS
 CVE-2018-6012
        RESERVED
 CVE-2018-6011
        RESERVED
 CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could 
obtain ...)
-       TODO: check
+       NOT-FOR-US: Yii Framework
 CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function 
in ...)
-       TODO: check
+       NOT-FOR-US: Yii Framework
 CVE-2018-6008
        RESERVED
 CVE-2018-6007
@@ -101,9 +101,9 @@ CVE-2017-18051
 CVE-2017-18050
        RESERVED
 CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x 
before ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe
 CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, 
which leads ...)
-       TODO: check
+       NOT-FOR-US: Monstra CMS
 CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID 
comparison logic ...)
        TODO: check
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser 
resulting ...)
@@ -115,13 +115,13 @@ CVE-2018-6003 (An issue was discovered in the 
_asn1_decode_simple_ber function i
        NOTE: Affected function introduced in: 
http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9
 (libtasn1_4_3)
        NOTE: Fixed by: 
http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97
 (libtasn1_4_13)
 CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress 
has ...)
-       TODO: check
+       NOT-FOR-US: Soundy Background Music plugin for WordPress
 CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress 
has ...)
-       TODO: check
+       NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
 CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. 
The ...)
-       TODO: check
+       NOT-FOR-US: AsusWRT
 CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In 
the ...)
-       TODO: check
+       NOT-FOR-US: AsusWRT
 CVE-2018-5998
        RESERVED
 CVE-2018-5997
@@ -197,27 +197,27 @@ CVE-2018-5964
 CVE-2018-5963
        RESERVED
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 
through ...)
-       TODO: check
+       NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 
v0.9.8.12 has ...)
-       TODO: check
+       NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input 
field of ...)
        TODO: check
 CVE-2018-5959
        RESERVED
 CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
-       TODO: check
+       NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
-       TODO: check
+       NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) 
allows local ...)
-       TODO: check
+       NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User 
controlled ...)
        TODO: check
 CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows 
remote FTP ...)
        TODO: check
 CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 
12.02-01121 ...)
-       TODO: check
+       NOT-FOR-US: Dasan GPON ONT WiFi Router devices
 CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to 
execute ...)
-       TODO: check
+       NOT-FOR-US: pfSense
 CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a 
denial of ...)
        TODO: check
 CVE-2018-5954



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to