[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23d96db0 by Salvatore Bonaccorso at 2018-12-20T21:01:14Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2018-20309
 CVE-2018-20308
 	RESERVED
 CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory ...)
-	TODO: check
+	NOT-FOR-US: WeBid Auction Script
 CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a CWE-94: ...)
 	TODO: check
 CVE-2018-1000880 (libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 ...)
@@ -68,9 +68,9 @@ CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerabil
 CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in ...)
 	TODO: check
 CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross Site ...)
-	TODO: check
+	NOT-FOR-US: WeBid Auction Script
 CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: WeBid Auction Script
 CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Scripting ...)
 	TODO: check
 CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery ...)
@@ -78,7 +78,7 @@ CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request For
 CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory ...)
 	TODO: check
 CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the latest ...)
-	TODO: check
+	NOT-FOR-US: DomainMOD
 CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) ...)
 	TODO: check
 CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a CWE-74: ...)
@@ -126,7 +126,7 @@ CVE-2018-1000833 (ZoneMinder version <= 1.32.2 contains a Other/Unknown vulne
 CVE-2018-1000832 (ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in ...)
 	TODO: check
 CVE-2018-1000831 (K9Mail version <= v5.600 contains a XML External Entity (XXE) ...)
-	TODO: check
+	NOT-FOR-US: K9Mail
 CVE-2018-1000830 (XR3Player version <= V3.124 contains a XML External Entity (XXE) ...)
 	TODO: check
 CVE-2018-1000829 (Anyplace version before commit 80359b4 contains a XML External Entity ...)
@@ -154,23 +154,23 @@ CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version Pri
 CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site ...)
 	TODO: check
 CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...)
-	TODO: check
+	NOT-FOR-US: Brave Software Inc. Brave
 CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a ...)
 	TODO: check
 CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Backdrop CMS
 CVE-2018-1000812 (&#xc1;rtica Soluciones Tecnol&#xf3;gicas Integria IMS version 5.0 MR56 ...)
 	TODO: check
 CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with ...)
 	TODO: check
 CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Virtual Traffic Manager
 CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Virtual Traffic Manager
 CVE-2018-20305 (D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code ...)
 	NOT-FOR-US: D-Link
 CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
-	TODO: check
+	NOT-FOR-US: libexcel
 CVE-2018-20303 (In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal ...)
 	NOT-FOR-US: Go Git Service
 CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d96db049f01440c540369a5e1f935141bd2b27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d96db049f01440c540369a5e1f935141bd2b27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181220/353a62a6/attachment.html>