[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Apr 2 21:40:34 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80e516f8 by Moritz Muehlenhoff at 2018-04-02T22:40:18+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-9231
 	RESERVED
 CVE-2018-9230 (In OpenResty before 1.13.6.1, URI parameters were obtained using the ...)
-	TODO: check
+	NOT-FOR-US: OpenResty
 CVE-2018-9229
 	RESERVED
 CVE-2018-9228
@@ -95,7 +95,7 @@ CVE-2018-9185
 CVE-2018-9184
 	RESERVED
 CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2018-9182
 	RESERVED
 CVE-2018-9181
@@ -136,7 +136,7 @@ CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8
 CVE-2018-9164
 	RESERVED
 CVE-2018-9163 (A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for ...)
 	NOT-FOR-US: Contec Smart Home
 CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...)
@@ -6741,11 +6741,11 @@ CVE-2018-6663
 CVE-2018-6662
 	RESERVED
 CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2018-6659 (Reflected Cross-Site Scripting vulnerability in McAfee ePolicy ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2018-6658
 	RESERVED
 CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through ...)
@@ -8131,11 +8131,11 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in DirectX and
 	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
 CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode ...)
 	- nvidia-graphics-drivers <unfixed> (bug #894338)
 	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -8148,9 +8148,9 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode
 	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
 CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows driver
 CVE-2018-6246
 	RESERVED
 CVE-2018-6245
@@ -21222,7 +21222,7 @@ CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x a
 CVE-2018-1296
 	RESERVED
 CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not ...)
-	TODO: check
+	NOT-FOR-US: Apache Ignite
 CVE-2018-1294 (If a user of Commons-Email (typically an application programmer) ...)
 	- commons-email <not-affected> (Fixed with first upload to Debian)
 	NOTE: https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
@@ -22724,7 +22724,7 @@ CVE-2018-1040
 CVE-2018-1039
 	RESERVED
 CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-1037
 	RESERVED
 CVE-2018-1036
@@ -24771,7 +24771,7 @@ CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco
 CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0192
@@ -77977,7 +77977,7 @@ CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exist
 CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists in the ...)
 	NOT-FOR-US: Moxa
 CVE-2016-8717 (An exploitable Use of Hard-coded Credentials vulnerability exists in ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2016-8716 (An exploitable Cleartext Transmission of Password vulnerability exists ...)
 	NOT-FOR-US: Moxa
 CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
@@ -125831,15 +125831,15 @@ CVE-2015-2006
 CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
 	NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might ...)
-	TODO: check
+	NOT-FOR-US: GraceNote GNSDK SDK
 CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might ...)
-	TODO: check
+	NOT-FOR-US: PJSIP PJSUA2 SDK
 CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow ...)
-	TODO: check
+	NOT-FOR-US: ESRI ArcGis Runtime SDK
 CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers to ...)
-	TODO: check
+	NOT-FOR-US: MetaIO SDK
 CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to ...)
-	TODO: check
+	NOT-FOR-US: Jumio SDK
 CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 ...)
 	NOT-FOR-US: IBM QRadar
 CVE-2015-1998



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80e516f8cf413749522ab9ce6b9853f0538ae286

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/80e516f8cf413749522ab9ce6b9853f0538ae286
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180402/0df7d2d7/attachment.html>


More information about the debian-security-tracker-commits mailing list