[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Apr 4 22:18:50 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8b515bf by Moritz Muehlenhoff at 2018-04-04T23:18:20+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -250,7 +250,7 @@ CVE-2018-9207
CVE-2018-9206
RESERVED
CVE-2018-9205 (Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php ...)
- TODO: check
+ NOT-FOR-US: avatar_uploader
CVE-2018-9204
RESERVED
CVE-2018-9203
@@ -438,7 +438,7 @@ CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted
CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard ...)
- botan 2.4.0-5 (bug #894648)
CVE-2018-9126 (The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-9125
RESERVED
CVE-2018-9124
@@ -452,7 +452,7 @@ CVE-2018-9121 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a
CVE-2018-9120 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. ...)
NOT-FOR-US: Crea8social
CVE-2018-9119 (An attacker with physical access to a BrilliantTS FUZE card (MCU ...)
- TODO: check
+ NOT-FOR-US: BrilliantTS FUZE card
CVE-2018-9118
RESERVED
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a remote ...)
@@ -460,7 +460,7 @@ CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a rem
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a remote ...)
NOT-FOR-US: WireMock
CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not validate input from other sources ...)
- TODO: check
+ NOT-FOR-US: Systematic SitaWare
CVE-2018-9114
RESERVED
CVE-2018-9113
@@ -632,9 +632,9 @@ CVE-2018-9037
CVE-2018-9036
RESERVED
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-9033
RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...)
@@ -2974,7 +2974,7 @@ CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka
NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
NOTE: Negligable security impact
CVE-2018-8049 (The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before ...)
- TODO: check
+ NOT-FOR-US: Unisys Stealth SVG
CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML ...)
- ruby-loofah 2.2.1-1 (bug #893596)
NOTE: https://github.com/flavorjones/loofah/issues/144
@@ -6465,9 +6465,9 @@ CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as u
CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows attackers ...)
NOT-FOR-US: KeepKey
CVE-2018-6874 (CSRF exists in the Auth0 authentication service through 14591 if the ...)
- TODO: check
+ NOT-FOR-US: Auth0
CVE-2018-6873 (The Auth0 authentication service before 2017-10-15 allows privilege ...)
- TODO: check
+ NOT-FOR-US: Auth0
CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor ...)
- binutils 2.30-4
[stretch] - binutils <ignored> (Minor issue)
@@ -7137,7 +7137,7 @@ CVE-2017-18149
CVE-2017-18148
RESERVED
CVE-2017-18147 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18146
RESERVED
CVE-2017-18145
@@ -7667,7 +7667,7 @@ CVE-2017-18098
CVE-2017-18097
RESERVED
CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Application Links
CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
NOT-FOR-US: Atlassian Crucible
CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version ...)
@@ -13706,7 +13706,7 @@ CVE-2018-4132 (An issue was discovered in certain Apple products. macOS before .
CVE-2018-4131 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
NOT-FOR-US: Apple
CVE-2018-4130 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4129 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
- webkit2gtk <unfixed> (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
@@ -13734,7 +13734,7 @@ CVE-2018-4122 (An issue was discovered in certain Apple products. iOS before 11.
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
NOTE: Not covered by security support
CVE-2018-4121 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2018-4120 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
- webkit2gtk <unfixed> (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
@@ -14957,7 +14957,7 @@ CVE-2018-3691
CVE-2018-3690
RESERVED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2018-3688
RESERVED
CVE-2018-3687
@@ -32044,7 +32044,7 @@ CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14880 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
- TODO: check
+ NOT-FOR-US: Qualcomm component for Android
CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -34910,7 +34910,7 @@ CVE-2017-13906
CVE-2017-13905
RESERVED
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 ...)
NOT-FOR-US: Apple
CVE-2017-13902
@@ -34970,7 +34970,7 @@ CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13877 (An issue was discovered in certain Apple products. iOS before 11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before ...)
@@ -34978,7 +34978,7 @@ CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before
CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13873 (An issue was discovered in certain Apple products. iOS before 11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...)
NOT-FOR-US: Apple
CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before ...)
@@ -35002,7 +35002,7 @@ CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 11
CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud before 7.2 ...)
NOT-FOR-US: Apple
CVE-2017-13863 (An issue was discovered in certain Apple products. iOS before 11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
@@ -35022,15 +35022,15 @@ CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 11
CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13854 (An issue was discovered in certain Apple products. iOS before 11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13853 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
NOT-FOR-US: Apple
CVE-2017-13851 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13850 (An issue was discovered in certain Apple products. macOS before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
NOT-FOR-US: Apple
CVE-2017-13848 (An issue was discovered in certain Apple products. macOS before ...)
@@ -35052,11 +35052,11 @@ CVE-2017-13841 (An issue was discovered in certain Apple products. macOS before
CVE-2017-13840 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13839 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13838 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13835
@@ -35076,7 +35076,7 @@ CVE-2017-13829 (An issue was discovered in certain Apple products. macOS before
CVE-2017-13828 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13827 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13826
REJECTED
CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before ...)
@@ -35118,7 +35118,7 @@ CVE-2017-13808 (An issue was discovered in certain Apple products. macOS before
CVE-2017-13807 (An issue was discovered in certain Apple products. macOS before ...)
NOT-FOR-US: Apple
CVE-2017-13806 (An issue was discovered in certain Apple products. iOS before 11 is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2017-13805 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
NOT-FOR-US: Apple
CVE-2017-13804 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8b515bf36fc0eb3427f8fa5b0d7742f828a7c44
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8b515bf36fc0eb3427f8fa5b0d7742f828a7c44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180404/f140c292/attachment.html>
More information about the debian-security-tracker-commits
mailing list