[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Feb 6 21:45:20 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4209ce68 by Salvatore Bonaccorso at 2018-02-06T22:37:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -211,7 +211,7 @@ CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI thr
 CVE-2018-6657
 	RESERVED
 CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...)
-	TODO: check
+	NOT-FOR-US: Z-BlogPHP
 CVE-2018-6655
 	RESERVED
 CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
@@ -221,7 +221,7 @@ CVE-2018-6653
 CVE-2018-6652
 	RESERVED
 CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...)
-	TODO: check
+	NOT-FOR-US: uncurl
 CVE-2018-6650
 	RESERVED
 CVE-2018-6649
@@ -910,13 +910,13 @@ CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file 
 CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each ...)
 	NOT-FOR-US: Nibbleblog on macOS
 CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
-	TODO: check
+	NOT-FOR-US: flickrRSS plugin for WordPress
 CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
-	TODO: check
+	NOT-FOR-US: flickrRSS plugin for WordPress
 CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via ...)
 	TODO: check
 CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
-	TODO: check
+	NOT-FOR-US: flickrRSS plugin for WordPress
 CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...)
 	NOT-FOR-US: PropertyHive plugin for WordPress
 CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4209ce68b6bc9d1276c27b9fcb64b63cafd9168b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4209ce68b6bc9d1276c27b9fcb64b63cafd9168b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180206/228485a8/attachment-0001.html>

More information about the Secure-testing-commits mailing list