[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Feb 10 09:58:11 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d93a434d by Salvatore Bonaccorso at 2018-02-10T10:57:56+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,14 +1,14 @@
 CVE-2018-6882
 	RESERVED
 CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2018-1000061 (ARM mbedTLS version development branch, 2.7.0 and earlier contains a ...)
 	- mbedtls <unfixed>
 	NOTE: https://github.com/ARMmbed/mbedtls/issues/1356
 CVE-2018-1000060 (Sensu, Inc. Sensu Core version Before 1.2.0 & before commit ...)
 	TODO: check
 CVE-2018-1000059 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection ...)
-	TODO: check
+	NOT-FOR-US: ValidFormBuilder
 CVE-2018-6881
 	RESERVED
 CVE-2018-6880
@@ -580,9 +580,9 @@ CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks pass
 CVE-2018-1000056 (Jenkins JUnit Plugin 1.23 and earlier processes XML external entities ...)
 	NOT-FOR-US: jenkins-plugin-junit
 CVE-2018-1000055 (Jenkins Android Lint Plugin 2.5 and earlier processes XML external ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Android Lint Plugin
 CVE-2018-1000054 (Jenkins CCM Plugin 3.1 and earlier processes XML external entities in ...)
-	TODO: check
+	NOT-FOR-US: Jenkins CCM Plugin
 CVE-2018-1000053 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request ...)
 	TODO: check
 CVE-2018-1000052 (fmtlib version prior to version 4.1.0 (before commit ...)
@@ -607,11 +607,11 @@ CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerabil
 CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA ...)
 	TODO: check
 CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a ...)
-	TODO: check
+	NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a ...)
-	TODO: check
+	NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a ...)
-	TODO: check
+	NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-1000041 (GNOME librsvg version before commit ...)
 	- librsvg 2.40.20-1
 	NOTE: Fixed by: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
@@ -1481,7 +1481,7 @@ CVE-2018-1000030 (Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well 
 	NOTE: where the 6401e56 commit was mostly reverted again.
 	NOTE: Needed: https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b
 CVE-2018-1000029 (mcholste Enterprise Log Search and Archive (ELSA) version revision ...)
-	TODO: check
+	NOT-FOR-US: mcholste Enterprise Log Search and Archive
 CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably well before ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.ozlabs.org/patch/859410/
@@ -1498,20 +1498,20 @@ CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation Err
 	NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
 	NOTE: Terminal emulators need to perform proper escaping
 CVE-2018-1000020 (OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2018-1000019 (OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: Croogo
 CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) ...)
 	- dolibarr <unfixed>
 	NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
 CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Invoice Plane
 CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) ...)
 	TODO: check
 CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers, a ...)
 	- pound <unfixed> (bug #888786)
 	[wheezy] - pound <ignored> (Minor issue)
@@ -4246,9 +4246,9 @@ CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the .
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876
 CVE-2018-5307 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2018-5305
 	RESERVED
 CVE-2018-5304



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d93a434ddc52dce4bf680d32bdc275aba5978e64

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d93a434ddc52dce4bf680d32bdc275aba5978e64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180210/ae010039/attachment.html>

More information about the Secure-testing-commits mailing list