[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 3 09:22:49 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5de1f871 by Salvatore Bonaccorso at 2018-08-03T08:22:31Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,7 +1,7 @@
 CVE-2018-14878
 	RESERVED
 CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site ...)
-	TODO: check
+	NOT-FOR-US: WeaselCMS
 CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in ...)
 	- flif <unfixed>
 	NOTE: https://github.com/FLIF-hub/FLIF/issues/520
@@ -40,7 +40,7 @@ CVE-2018-14860
 CVE-2018-14859
 	RESERVED
 CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
-	TODO: check
+	NOT-FOR-US: idreamsoft iCMS
 CVE-2018-14857
 	RESERVED
 CVE-2018-14856
@@ -5951,7 +5951,7 @@ CVE-2018-12450
 CVE-2018-12449
 	RESERVED
 CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but only a ...)
-	TODO: check
+	NOT-FOR-US: Whale Browser
 CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
 	NOT-FOR-US: libbpg
 CVE-2018-12446 (** DISPUTED ** An issue was discovered in the com.dropbox.android ...)
@@ -10838,7 +10838,7 @@ CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine 
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01 ...)
 	NOT-FOR-US: RSLinx
 CVE-2018-10618 (Davolink DVW-3200N all version prior to Version 1.00.06. The device ...)
-	TODO: check
+	NOT-FOR-US: Davolink DVW-3200N
 CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input validation ...)
@@ -18334,7 +18334,7 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Ne
 CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...)
 	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application
 CVE-2018-7649 (Monitorix before 3.10.1 allows XSS via CGI variables. ...)
-	TODO: check
+	NOT-FOR-US: Monitorix
 CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...)
 	- openjpeg2 <unfixed> (unimportant)
 	NOTE: https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
@@ -29232,11 +29232,11 @@ CVE-2018-3925
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	TODO: check
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
-	TODO: check
+	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
-	TODO: check
+	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing ...)
-	TODO: check
+	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3920
 	RESERVED
 CVE-2018-3919
@@ -35679,7 +35679,7 @@ CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
 CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to ...)
 	NOT-FOR-US: IBM FileNet Content Manager
 CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow ...)
 	NOT-FOR-US: IBM
 CVE-2018-1552
@@ -43239,7 +43239,7 @@ CVE-2017-16351
 CVE-2017-16350
 	RESERVED
 CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-16348
 	RESERVED
 CVE-2017-16347 (An attacker could send an authenticated HTTP request to trigger this ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5de1f8711cb5cb00880f8aa3d3e431f7a34f8a2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5de1f8711cb5cb00880f8aa3d3e431f7a34f8a2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180803/241579fd/attachment.html>

More information about the debian-security-tracker-commits mailing list