[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 11 11:50:48 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc74fc94 by Salvatore Bonaccorso at 2018-04-11T12:49:58+02:00
Process NFUs
- - - - -
56e74fca by Salvatore Bonaccorso at 2018-04-11T12:50:34+02:00
Add CVE-2018-9918/qpdf
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -222,7 +222,8 @@ CVE-2018-9920
CVE-2018-9919
RESERVED
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary ...)
- TODO: check
+ - qpdf <unfixed>
+ NOTE: https://github.com/qpdf/qpdf/issues/202
CVE-2018-9917
RESERVED
CVE-2018-9916
@@ -20203,7 +20204,7 @@ CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.
CVE-2018-2407
RESERVED
CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability ...)
- TODO: check
+ NOT-FOR-US: Crystal Reports Server
CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center ...)
NOT-FOR-US: SAP
CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file ...)
@@ -127919,7 +127920,7 @@ CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 befo
CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: IBM
CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere MQ
CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: IBM
CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
@@ -135672,7 +135673,7 @@ CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server (WAS)
CVE-2015-0173 (The HTTP connection-management functionality in Internet Pass-Thru ...)
NOT-FOR-US: IBM
CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: IBM Security SiteProtector System
CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector System ...)
NOT-FOR-US: IBM
CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
@@ -154207,7 +154208,7 @@ CVE-2014-1897
CVE-2014-1890
RESERVED
CVE-2014-1889 (The Group creation process in the Buddypress plugin before 1.9.2 for ...)
- TODO: check
+ NOT-FOR-US: Buddypress plugin for WordPress
CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin ...)
NOT-FOR-US: BuddyPress plugin for WordPress
CVE-2014-1880
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0cbe883c26c134b1fbcb12a5dcc6255c323fb4b...56e74fcaf407ccf79d7c47d278915c194c9dd3ab
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d0cbe883c26c134b1fbcb12a5dcc6255c323fb4b...56e74fcaf407ccf79d7c47d278915c194c9dd3ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180411/84073bee/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list