[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Wed, 11 Apr 2018 03:51:58 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc74fc94 by Salvatore Bonaccorso at 2018-04-11T12:49:58+02:00
Process NFUs

- - - - -
56e74fca by Salvatore Bonaccorso at 2018-04-11T12:50:34+02:00
Add CVE-2018-9918/qpdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -222,7 +222,8 @@ CVE-2018-9920
 CVE-2018-9919
        RESERVED
 CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain 
"expected dictionary ...)
-       TODO: check
+       - qpdf <unfixed>
+       NOTE: https://github.com/qpdf/qpdf/issues/202
 CVE-2018-9917
        RESERVED
 CVE-2018-9916
@@ -20203,7 +20204,7 @@ CVE-2018-2408 (Improper Session Management in SAP 
Business Objects, 4.0, from 4.
 CVE-2018-2407
        RESERVED
 CVE-2018-2406 (Unquoted windows search path (directory/path traversal) 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Crystal Reports Server
 CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work 
Center ...)
        NOT-FOR-US: SAP
 CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any 
file ...)
@@ -127919,7 +127920,7 @@ CVE-2015-1959 (IBM Tivoli Security Directory Server 
6.0 before iFix 75, 6.1 befo
 CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
        NOT-FOR-US: IBM
 CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 
allows ...)
-       TODO: check
+       NOT-FOR-US: IBM WebSphere MQ
 CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
        NOT-FOR-US: IBM
 CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
@@ -135672,7 +135673,7 @@ CVE-2015-0174 (The SNMP implementation in IBM 
WebSphere Application Server (WAS)
 CVE-2015-0173 (The HTTP connection-management functionality in Internet 
Pass-Thru ...)
        NOT-FOR-US: IBM
 CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: IBM Security SiteProtector System
 CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector 
System ...)
        NOT-FOR-US: IBM
 CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 
before ...)
@@ -154207,7 +154208,7 @@ CVE-2014-1897
 CVE-2014-1890
        RESERVED
 CVE-2014-1889 (The Group creation process in the Buddypress plugin before 
1.9.2 for ...)
-       TODO: check
+       NOT-FOR-US: Buddypress plugin for WordPress
 CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress 
plugin ...)
        NOT-FOR-US: BuddyPress plugin for WordPress
 CVE-2014-1880



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0cbe883c26c134b1fbcb12a5dcc6255c323fb4b...56e74fcaf407ccf79d7c47d278915c194c9dd3ab

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0cbe883c26c134b1fbcb12a5dcc6255c323fb4b...56e74fcaf407ccf79d7c47d278915c194c9dd3ab
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to