Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb73a334 by Salvatore Bonaccorso at 2018-03-17T08:57:35+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20532,7 +20532,7 @@ CVE-2018-1080 [Mishandled ACL configuration in
AAclAuthz.java reverses rules tha
CVE-2018-1079
RESERVED
CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenDayLight
CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing
for the ...)
NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
@@ -27632,7 +27632,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain
incorrectly formatted DCC CTCP me
CVE-2017-15720
RESERVED
CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and
...)
- TODO: check
+ NOT-FOR-US: Wicket jQuery UI
CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak
the ...)
- hadoop <itp> (bug #793644)
CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
@@ -31810,7 +31810,7 @@ CVE-2017-14386 (The web user interface of Dell 2335dn
and 2355dn Multifunction L
CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family,
versions ...)
NOT-FOR-US: EMC Data Domain DD OS
CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the ...)
- TODO: check
+ NOT-FOR-US: EMConfigMigration service
CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for
File ...)
NOT-FOR-US: EMC VNX
CVE-2017-14382
@@ -37356,7 +37356,7 @@ CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have
a privilege escalation .
CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored
cross ...)
NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a
reflected XSS ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-N14UHP devices
CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any
...)
NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices
CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0
interpreted ...)
@@ -50682,7 +50682,7 @@ CVE-2017-8015 (EMC AppSync (all versions prior to 3.5)
contains a SQL injection
CVE-2017-8014
RESERVED
CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x
before ...)
- TODO: check
+ NOT-FOR-US: EMC Data Protection Adv
CVE-2017-8012 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R
(Watch4Net) for SAS ...)
NOT-FOR-US: EMC
CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R
for SAS Solution ...)
@@ -143399,7 +143399,7 @@ CVE-2014-4619 (EMC RSA Identity Management and
Governance (IMG) 6.5.x before 6.5
CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before
7.1 ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4612 (Cross-site scripting (XSS) vulnerability in the keywords
manager ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used
in Yann ...)
- linux 3.14.9-1 (unimportant)
[wheezy] - linux <not-affected> (LZ4 support introduced in 3.11)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb73a3343ed31c435a7adacdead0f3ea95eb821a
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb73a3343ed31c435a7adacdead0f3ea95eb821a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
