[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Aug 22 16:47:57 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c63baef7 by Moritz Muehlenhoff at 2018-08-22T15:46:59Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -29,13 +29,13 @@ CVE-2018-15672 (An issue was discovered in the HDF HDF5 1.10.2 library. A SIGFPE
 CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack ...)
 	TODO: check
 CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary ...)
-	TODO: check
+	NOT-FOR-US: Bloop Airmail
 CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary ...)
-	TODO: check
+	NOT-FOR-US: Bloop Airmail
 CVE-2018-15668 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" ...)
-	TODO: check
+	NOT-FOR-US: Bloop Airmail
 CVE-2018-15667 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It ...)
-	TODO: check
+	NOT-FOR-US: Bloop Airmail
 CVE-2018-15666
 	RESERVED
 CVE-2018-15665
@@ -250,7 +250,7 @@ CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE
 	- flask 1.0.2-1
 	NOTE: https://github.com/pallets/flask/pull/2691
 CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference ...)
-	TODO: check
+	NOT-FOR-US: Jsish
 CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 ...)
 	- libtasn1-6 <unfixed> (bug #906768)
 	- libtasn1-3 <removed>
@@ -262,41 +262,41 @@ CVE-2018-1000652 (JabRef version <=4.3.1 contains a XML External Entity (XXE)
 	NOTE: https://github.com/JabRef/jabref/issues/4229
 	NOTE: https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
 CVE-2018-1000651 (Stroom version <5.4.5 contains a XML External Entity (XXE) ...)
-	TODO: check
+	NOT-FOR-US: Stroom
 CVE-2018-1000650 (LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: LibreHealthIO
 CVE-2018-1000649 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...)
-	TODO: check
+	NOT-FOR-US: LibreHealthIO
 CVE-2018-1000648 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...)
-	TODO: check
+	NOT-FOR-US: LibreHealthIO
 CVE-2018-1000647 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated ...)
-	TODO: check
+	NOT-FOR-US: LibreHealthIO
 CVE-2018-1000646 (LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated ...)
-	TODO: check
+	NOT-FOR-US: LibreHealthIO
 CVE-2018-1000645 (LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated ...)
-	TODO: check
+	NOT-FOR-US: LibreHealthIO
 CVE-2018-1000644 (Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External ...)
-	TODO: check
+	NOT-FOR-US: Eclipse RDF4j
 CVE-2018-1000643 (OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site ...)
-	TODO: check
+	NOT-FOR-US: OWASP OWASP ANTISAMY
 CVE-2018-1000642 (FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: FlightAirMap
 CVE-2018-1000641 (YesWiki version <= cercopitheque beta 1 contains a PHP Object ...)
-	TODO: check
+	NOT-FOR-US: YesWiki
 CVE-2018-1000640 (OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: OpenCart-Overclocked
 CVE-2018-1000639 (LatexDraw version <=4.0 contains a XML External Entity (XXE) ...)
-	TODO: check
+	NOT-FOR-US: LatexDraw
 CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2018-1000636 (JerryScript version Tested on commit ...)
-	TODO: check
+	NOT-FOR-US: JerryScript
 CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 ...)
-	TODO: check
+	NOT-FOR-US: Open Microscopy Environment
 CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 ...)
-	TODO: check
+	NOT-FOR-US: Open Microscopy Environment
 CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 ...)
-	TODO: check
+	NOT-FOR-US: Open Microscopy Environment
 CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...)
 	TODO: check
 CVE-2003-1605
@@ -409,9 +409,9 @@ CVE-2018-15536
 CVE-2018-15535
 	RESERVED
 CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of ...)
-	TODO: check
+	NOT-FOR-US: Geutebrueck
 CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebrueck ...)
-	TODO: check
+	NOT-FOR-US: Geutebrueck
 CVE-2018-15532
 	RESERVED
 CVE-2018-15531
@@ -421,7 +421,7 @@ CVE-2018-15530
 CVE-2018-15529
 	RESERVED
 CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
-	TODO: check
+	NOT-FOR-US: Java System Solutions SSO plugin
 CVE-2018-15527
 	RESERVED
 CVE-2018-15526
@@ -519,7 +519,7 @@ CVE-2018-15483
 CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect ...)
 	NOT-FOR-US: LG devices specific issue
 CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
-	TODO: check
+	NOT-FOR-US: UCOPIA
 CVE-2018-15480
 	RESERVED
 CVE-2018-15479
@@ -1965,11 +1965,11 @@ CVE-2018-14797
 CVE-2018-14796
 	RESERVED
 CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: DeltaV
 CVE-2018-14794
 	RESERVED
 CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: DeltaV
 CVE-2018-14792
 	RESERVED
 CVE-2018-14791
@@ -3882,11 +3882,11 @@ CVE-2018-14081
 CVE-2018-14080
 	RESERVED
 CVE-2018-14079 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote ...)
-	TODO: check
+	NOT-FOR-US: Wi2be SMART HP WMT
 CVE-2018-14078 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote ...)
-	TODO: check
+	NOT-FOR-US: Wi2be SMART HP WMT
 CVE-2018-14077 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote ...)
-	TODO: check
+	NOT-FOR-US: Wi2be SMART HP WMT
 CVE-2018-14076
 	RESERVED
 CVE-2018-14075
@@ -4082,7 +4082,7 @@ CVE-2018-14022
 CVE-2018-14021
 	RESERVED
 CVE-2018-14020 (An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and ...)
-	TODO: check
+	NOT-FOR-US: Paymorrow module for OXID shop
 CVE-2018-14019
 	RESERVED
 CVE-2018-14018
@@ -7488,7 +7488,7 @@ CVE-2018-12581 (An issue was discovered in js/designer/move.js in phpMyAdmin bef
 CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity ...)
 	NOT-FOR-US: DragonByte vBSecurity for vBulletin
 CVE-2018-12579 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop
 CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in ...)
 	{DLA-1463-1}
 	- sam2p <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c63baef7e28f08dff4d7888581e269121654ace0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c63baef7e28f08dff4d7888581e269121654ace0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180822/1e9ab116/attachment.html>

More information about the debian-security-tracker-commits mailing list