[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Apr 26 09:24:22 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55b2e766 by Salvatore Bonaccorso at 2018-04-26T10:24:11+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,13 +3,13 @@ CVE-2018-10427
 CVE-2018-10426
 	RESERVED
 CVE-2018-10425 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
-	TODO: check
+	NOT-FOR-US: Shanghai 2345 Security Guard
 CVE-2018-10424 (mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2018-10423 (mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2018-10422 (An issue was discovered in HongCMS 3.0.0. The post news feature has ...)
-	TODO: check
+	NOT-FOR-US: HongCMS
 CVE-2018-10421
 	RESERVED
 CVE-2018-10420
@@ -73,7 +73,7 @@ CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does 
 	- libvorbis <unfixed>
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
 CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email ...)
-	TODO: check
+	NOT-FOR-US: WUZHI CMS
 CVE-2018-10390
 	RESERVED
 CVE-2018-10389
@@ -93,7 +93,7 @@ CVE-2018-10383
 CVE-2018-10382
 	RESERVED
 CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
-	TODO: check
+	NOT-FOR-US: TunnelBear for Windows
 CVE-2018-10380
 	RESERVED
 CVE-2018-10379
@@ -3057,7 +3057,7 @@ CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not validate input from other so
 CVE-2018-9114
 	RESERVED
 CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows ...)
-	TODO: check
+	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
 CVE-2018-9112
 	RESERVED
 CVE-2018-9111
@@ -3075,13 +3075,13 @@ CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection) ex
 CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege escalation ...)
 	NOT-FOR-US: NordVPN
 CVE-2018-9104 (A vulnerability in the conferencing component of Mitel MiVoice ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-9103 (A vulnerability in the conferencing component of Mitel MiVoice ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-9102 (A vulnerability in the conferencing component of Mitel MiVoice ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-9101 (A vulnerability in the conferencing component of Mitel MiVoice ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2018-9100
 	RESERVED
 CVE-2018-9099
@@ -3393,7 +3393,7 @@ CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm th
 	- netpbm-free <not-affected> (Vulnerable code not present)
 	NOTE: Debian uses an unaffected fork
 CVE-2018-8974 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows ...)
-	TODO: check
+	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
 CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an article, as ...)
 	NOT-FOR-US: OTCMS
 CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in ...)
@@ -4173,7 +4173,7 @@ CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kerne
 CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...)
 	NOT-FOR-US: joyplus-cms
 CVE-2018-8716 (WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing ...)
-	TODO: check
+	NOT-FOR-US: WSO2 Identity Server
 CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3, have a ...)
 	NOT-FOR-US: Embedthis HTTP library / Appweb
 CVE-2018-8714
@@ -13293,7 +13293,7 @@ CVE-2018-5488
 CVE-2018-5487
 	RESERVED
 CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ...)
-	TODO: check
+	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
 CVE-2018-5485
 	RESERVED
 CVE-2018-5484



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55b2e766a15836d748431521c50484a37a7627e0

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55b2e766a15836d748431521c50484a37a7627e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180426/938771a2/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list