[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Dec 21 12:38:17 GMT 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d9e975a by Moritz Muehlenhoff at 2018-12-21T12:37:54Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,17 +25,17 @@ CVE-2018-20320
 CVE-2018-20319
 	RESERVED
 CVE-2018-20318 (An issue was discovered in weixin-java-tools v3.2.0. There is an XXE ...)
-	TODO: check
+	NOT-FOR-US: weixin-java-tools
 CVE-2018-1000886 (nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...)
 	- nasm <unfixed> (unimportant)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392514
 	NOTE: Crash in CLI, no security impact
 CVE-2018-1000885 (PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b ...)
-	TODO: check
+	NOT-FOR-US: PHKP
 CVE-2018-1000884 (Vesta CP version Prior to commit ...)
-	TODO: check
+	NOT-FOR-US: Vesta CP
 CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Elixir Plug, different from src:elixir-lang
 CVE-2018-20317
 	RESERVED
 CVE-2018-20316
@@ -119,13 +119,13 @@ CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Script
 CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery ...)
 	TODO: check
 CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory ...)
-	TODO: check
+	NOT-FOR-US: log-user-session
 CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the latest ...)
 	NOT-FOR-US: DomainMOD
 CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: easymon
 CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a CWE-74: ...)
-	TODO: check
+	NOT-FOR-US: esigate
 CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit ...)
 	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
 	- freerdp <removed>
@@ -133,25 +133,25 @@ CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit ...)
 	NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
 CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a ...)
-	TODO: check
+	NOT-FOR-US: Copay Bitcoin Wallet
 CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and 2.5.0 ...)
-	TODO: check
+	NOT-FOR-US: Square Retrofit
 CVE-2018-1000849 (Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 ...)
-	TODO: check
+	NOT-FOR-US: Alpine Linux
 CVE-2018-1000848 (Wampserver version prior to version 3.1.5 contains a Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Wampserver
 CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: FreshDNS
 CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite Request ...)
-	TODO: check
+	NOT-FOR-US: FreshDNS
 CVE-2018-1000845 (Avahi version 0.7 contains a Incorrect Access Control vulnerability in ...)
 	TODO: check
 CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit ...)
-	TODO: check
+	NOT-FOR-US: Square Retrofit
 CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit ...)
 	TODO: check
 CVE-2018-1000842 (FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, ...)
-	TODO: check
+	NOT-FOR-US: FatFreeCRM
 CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) ...)
 	TODO: check
 CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier contains a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d9e975ab4f2d54dfa9865a98a0eac25ae879729

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5d9e975ab4f2d54dfa9865a98a0eac25ae879729
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/0e1796a4/attachment.html>

More information about the debian-security-tracker-commits mailing list