[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU

Salvatore Bonaccorso carnil at debian.org
Fri Dec 21 05:24:49 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6c4dff8 by Salvatore Bonaccorso at 2018-12-21T05:24:01Z
Process one NFU

- - - - -
39e3d2c0 by Salvatore Bonaccorso at 2018-12-21T05:24:19Z
Add new issues in phpipam, itp'ed, #731713

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2018-20308
 CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory ...)
 	NOT-FOR-US: WeBid Auction Script
 CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a CWE-94: ...)
-	TODO: check
+	NOT-FOR-US: Traccar Traccar Server
 CVE-2018-1000880 (libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 ...)
 	- libarchive <unfixed> (bug #916960)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
@@ -64,15 +64,20 @@ CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a C
 CVE-2018-1000871 (HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL ...)
 	TODO: check
 CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in ...)
-	TODO: check
+	- phpipam <itp> (bug #731713)
+	NOTE: https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040
+	NOTE: https://github.com/phpipam/phpipam/issues/2326
 CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in ...)
-	TODO: check
+	- phpipam <itp> (bug #731713)
+	NOTE: https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d
+	NOTE: https://github.com/phpipam/phpipam/issues/2344
 CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross Site ...)
 	NOT-FOR-US: WeBid Auction Script
 CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL Injection ...)
 	NOT-FOR-US: WeBid Auction Script
 CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Scripting ...)
-	TODO: check
+	- phpipam <itp> (bug #731713)
+	NOTE: https://github.com/phpipam/phpipam/issues/2338
 CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery ...)
 	TODO: check
 CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9ea92ae37c2c502132f50304f837768420027e9b...39e3d2c0b70210bb1e4f8ffaf3ffbdf7d2cee499

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9ea92ae37c2c502132f50304f837768420027e9b...39e3d2c0b70210bb1e4f8ffaf3ffbdf7d2cee499
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/4b9c9dc6/attachment.html>

More information about the debian-security-tracker-commits mailing list