[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Aug 4 18:49:13 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7d09849 by Salvatore Bonaccorso at 2018-08-04T17:48:36Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18103,7 +18103,7 @@ CVE-2018-7749 (The SSH server implementation of AsyncSSH before 1.12.1 does not 
 	- python-asyncssh 1.12.1-1 (bug #892787)
 	NOTE: https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
 CVE-2018-7748 (report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier ...)
-	TODO: check
+	NOT-FOR-US: ServiceNow
 CVE-2018-7747 (Multiple cross-site scripting (XSS) vulnerabilities in the Caldera ...)
 	NOT-FOR-US: Caldera Forms plugin for WordPress
 CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...)
@@ -29397,7 +29397,7 @@ CVE-2018-3926
 CVE-2018-3925
 	RESERVED
 CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing ...)
@@ -30022,7 +30022,7 @@ CVE-2018-3779
 CVE-2018-3778
 	RESERVED
 CVE-2018-3777 (Insufficient URI encoding in restforce before 3.0.0 allows attacker to ...)
-	TODO: check
+	NOT-FOR-US: restforce
 CVE-2018-3776
 	RESERVED
 CVE-2018-3775
@@ -30030,7 +30030,7 @@ CVE-2018-3775
 CVE-2018-3774
 	RESERVED
 CVE-2018-3773 (There is a stored Cross-Site Scripting vulnerability in Open Graph ...)
-	TODO: check
+	NOT-FOR-US: metascrape nodejs module
 CVE-2018-3772 (Concatenating unsanitized user input in the `whereis` npm module < ...)
 	NOT-FOR-US: whereis nodejs module
 CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected iframe in ...)
@@ -37561,9 +37561,9 @@ CVE-2018-1157
 CVE-2018-1156
 	RESERVED
 CVE-2018-1155 (In SecurityCenter versions prior to 5.7.0, a cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: SecurityCenter
 CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration ...)
-	TODO: check
+	NOT-FOR-US: SecurityCenter
 CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the ...)
 	NOT-FOR-US: Burp Suite (different from src:burp)
 CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
@@ -46363,7 +46363,7 @@ CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to store
 CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console typically ...)
 	NOT-FOR-US: 3CX Phone System
 CVE-2017-15358 (Race condition in the Charles Proxy Settings suid binary in Charles ...)
-	TODO: check
+	NOT-FOR-US: Charles Proxy
 CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 ...)
 	NOT-FOR-US: Arq
 CVE-2017-15356 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, ...)
@@ -74678,9 +74678,9 @@ CVE-2017-6217
 CVE-2017-6216
 	RESERVED
 CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the ...)
-	TODO: check
+	NOT-FOR-US: PayPal permissions-sdk-php
 CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in ...)
-	TODO: check
+	NOT-FOR-US: PayPal invoice-sdk-php
 CVE-2017-6212
 	REJECTED
 CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -76120,7 +76120,7 @@ CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Dr
 CVE-2017-5693 (Firmware in the Intel Puma 5, 6, and 7 Series might experience ...)
 	NOT-FOR-US: Intel Puma
 CVE-2017-5692 (Out-of-bounds read condition in older versions of some Intel Graphics ...)
-	TODO: check
+	NOT-FOR-US: Intel Graphics Driver for Windows
 CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...)
 	NOT-FOR-US: Intel CPUs
 CVE-2017-5690



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7d09849244199ca2fcc23cfc7108ea1cd48945e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a7d09849244199ca2fcc23cfc7108ea1cd48945e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180804/76619b26/attachment.html>

More information about the debian-security-tracker-commits mailing list