[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Apr 11 11:50:48 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc74fc94 by Salvatore Bonaccorso at 2018-04-11T12:49:58+02:00
Process NFUs

- - - - -
56e74fca by Salvatore Bonaccorso at 2018-04-11T12:50:34+02:00
Add CVE-2018-9918/qpdf

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -222,7 +222,8 @@ CVE-2018-9920
 CVE-2018-9919
 	RESERVED
 CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...)
-	TODO: check
+	- qpdf <unfixed>
+	NOTE: https://github.com/qpdf/qpdf/issues/202
 CVE-2018-9917
 	RESERVED
 CVE-2018-9916
@@ -20203,7 +20204,7 @@ CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.
 CVE-2018-2407
 	RESERVED
 CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Crystal Reports Server
 CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center ...)
 	NOT-FOR-US: SAP
 CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file ...)
@@ -127919,7 +127920,7 @@ CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 befo
 CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
 	NOT-FOR-US: IBM
 CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere MQ
 CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
 	NOT-FOR-US: IBM
 CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
@@ -135672,7 +135673,7 @@ CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server (WAS)
 CVE-2015-0173 (The HTTP connection-management functionality in Internet Pass-Thru ...)
 	NOT-FOR-US: IBM
 CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote ...)
-	TODO: check
+	NOT-FOR-US: IBM Security SiteProtector System
 CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector System ...)
 	NOT-FOR-US: IBM
 CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
@@ -154207,7 +154208,7 @@ CVE-2014-1897
 CVE-2014-1890
 	RESERVED
 CVE-2014-1889 (The Group creation process in the Buddypress plugin before 1.9.2 for ...)
-	TODO: check
+	NOT-FOR-US: Buddypress plugin for WordPress
 CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin ...)
 	NOT-FOR-US: BuddyPress plugin for WordPress
 CVE-2014-1880



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0cbe883c26c134b1fbcb12a5dcc6255c323fb4b...56e74fcaf407ccf79d7c47d278915c194c9dd3ab

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0cbe883c26c134b1fbcb12a5dcc6255c323fb4b...56e74fcaf407ccf79d7c47d278915c194c9dd3ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180411/84073bee/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list