Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c4919e4b by Salvatore Bonaccorso at 2018-02-02T23:11:43+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7,19 +7,19 @@ CVE-2018-6583
CVE-2018-6582
RESERVED
CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for
Joomla! via a ...)
- TODO: check
+ NOT-FOR-US: JMS Music component for Joomla!
CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5
component ...)
- TODO: check
+ NOT-FOR-US: Jimtawl component for Joomla!
CVE-2018-6579 (SQL Injection exists in the JEXTN Reverse Auction 3.1.0
component for ...)
- TODO: check
+ NOT-FOR-US: JEXTN Reverse Auction component for Joomla!
CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 3.0.0 component for
Joomla! ...)
- TODO: check
+ NOT-FOR-US: JE PayperVideo component for Joomla!
CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component
for ...)
- TODO: check
+ NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id
...)
TODO: check
CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component
for ...)
- TODO: check
+ NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6574
RESERVED
CVE-2018-6573
@@ -77,7 +77,7 @@ CVE-2018-6551 (The malloc implementation in the GNU C Library
(aka glibc or libc
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774
NOTE: Fixed by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2017-18122 (A signature-validation bypass issue was discovered in
SimpleSAMLphp ...)
- simplesamlphp 1.15.0-1
NOTE: https://simplesamlphp.org/security/201710-01
@@ -120,7 +120,7 @@ CVE-2018-6539
CVE-2018-6538
RESERVED
CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of
Flexense ...)
- TODO: check
+ NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon
creates ...)
- icinga2 <unfixed>
[stretch] - icinga2 <no-dsa> (Minor issue)
@@ -245,7 +245,7 @@ CVE-2018-6488
CVE-2018-6487
RESERVED
CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify
Audit ...)
- TODO: check
+ NOT-FOR-US: Micro Focus Fortify Audit Workbench
CVE-2017-18119
RESERVED
CVE-2017-18118
@@ -313,19 +313,19 @@ CVE-2017-18088
CVE-2017-18087
RESERVED
CVE-2017-18086 (Various resources in Atlassian Confluence Server before
version 6.4.2 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence
Server ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2017-18084 (The usermacros resource in Atlassian Confluence Server before
version ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2017-18083 (The editinword resource in Atlassian Confluence Server before
version ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2017-18082 (The plan configure branches resource in Atlassian Bamboo
before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2017-18081 (The signupUser resource in Atlassian Bamboo before version
6.3.1 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before
version ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign
in ...)
[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
- glibc <unfixed> (bug #878159)
@@ -2212,23 +2212,23 @@ CVE-2018-5752
CVE-2018-5751
RESERVED
CVE-2017-18042 (The update user administration resource in Atlassian Bamboo
before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in
Atlassian Bamboo ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2017-18040 (The viewDeploymentVersionCommits resource in Atlassian Bamboo
before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2017-18039 (The IncomingMailServers resource in Atlassian Jira from
version 6.2.1 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2017-18038 (The repository settings resource in Atlassian Bitbucket Server
before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18037 (The git repository tag rest resource in Atlassian Bitbucket
Server ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server
before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18035 (The
/rest/review-coverage-chart/1.0/data/<repository_name>/.json ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible
before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version
7.6.1 ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the
Linux ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4919e4bd85863200ae8b8505848df59be8970ec
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c4919e4bd85863200ae8b8505848df59be8970ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
