[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a209a309 by Moritz Muehlenhoff at 2018-04-11T14:05:57+02:00
NFUs

- - - - -
bdd1de62 by Moritz Muehlenhoff at 2018-04-11T14:06:15+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -34562,7 +34562,7 @@ CVE-2017-14613
 CVE-2017-14612
 	RESERVED
 CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
 CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 ...)
 	- bareos <unfixed> (bug #877334)
 	[stretch] - bareos <no-dsa> (Minor issue)
@@ -35415,7 +35415,7 @@ CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was foun
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
 CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...)
-	TODO: check
+	NOT-FOR-US: Onethink
 CVE-2017-14322 (The function in charge to check whether the user is already logged in ...)
 	NOT-FOR-US: Interspire Email Marketer
 CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -76328,7 +76328,7 @@ CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscr
 CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could ...)
 	NOT-FOR-US: Mediatek driver for Android
 CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
 	NOT-FOR-US: Broadcom driver for Android
 CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
@@ -80988,7 +80988,7 @@ CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source
 CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU driver. ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA driver for Android
 CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
@@ -153773,7 +153773,7 @@ CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator
 CVE-2014-2074
 	RESERVED
 CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 ...)
-	TODO: check
+	NOT-FOR-US: Dassault Systemes Catia
 CVE-2014-2072
 	RESERVED
 	NOT-FOR-US: Dassault Systemes Catia
@@ -154041,7 +154041,7 @@ CVE-2014-1952
 CVE-2014-1951
 	RESERVED
 CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed ...)
-	TODO: check
+	NOT-FOR-US: OpenDocMan
 CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
 	NOT-FOR-US: OpenDocMan
 CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2c32160880a776e48f7b1051d5c59106598d85f2...bdd1de62c2618453a8f9dccf14f810930d5a8893

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/2c32160880a776e48f7b1051d5c59106598d85f2...bdd1de62c2618453a8f9dccf14f810930d5a8893
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180411/c1df8835/attachment.html>