[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFU

Moritz Muehlenhoff jmm at debian.org
Sat Feb 10 13:32:49 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c867cbc by Moritz Muehlenhoff at 2018-02-10T14:32:29+01:00
NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,7 +20,7 @@ CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Sc
 CVE-2018-6877
 	RESERVED
 CVE-2018-6876 (THe OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...)
-	TODO: check
+	NOT-FOR-US: libfpx
 CVE-2018-6875
 	RESERVED
 CVE-2018-6874
@@ -596,17 +596,17 @@ CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnera
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698873
 	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
 CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer ...)
-	TODO: check
+	NOT-FOR-US: Sean Barrett stb_vorbis
 CVE-2018-1000049 (nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote ...)
-	TODO: check
+	NOT-FOR-US: nanopool Claymore Dual Miner
 CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 ...)
-	TODO: check
+	NOT-FOR-US: NASA RtRetrievalFramework
 CVE-2018-1000047 (NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak ...)
-	TODO: check
+	NOT-FOR-US: NASA Kodiak
 CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: NASA Pyblock
 CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA ...)
-	TODO: check
+	NOT-FOR-US: NASA Singledop
 CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a ...)
 	NOT-FOR-US: Security Onion Solutions Squert
 CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a ...)
@@ -944,7 +944,6 @@ CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-
 	[wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
 	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
-	TODO: check
 CVE-2018-6547
 	RESERVED
 CVE-2018-6546
@@ -1381,7 +1380,6 @@ CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in
 	[wheezy] - chromium-browser <end-of-life> (Not supported in wheezy LTS)
 	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
 	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
-	TODO: check
 CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...)
 	[experimental] - imagemagick 8:6.9.9.34+dfsg-1
 	- imagemagick <unfixed> (unimportant)
@@ -1491,9 +1489,9 @@ CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably wel
 	NOTE: https://git.kernel.org/linus/8914a595110a6eca69a5e275b323f5d09e18f4f9
 	NOTE: https://git.kernel.org/linus/2b16f048729bf35e6c28a40cbfad07239f9dcd90
 CVE-2018-1000025 (Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 ...)
-	TODO: check
+	NOT-FOR-US: Jerome Gamez Firebase Admin SDK for PHP
 CVE-2018-1000023 (Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a ...)
-	TODO: check
+	NOT-FOR-US: Bitpay/insight-api Insight-api
 CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation Error ...)
 	- git <unfixed> (unimportant; bug #889680)
 	NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
@@ -1510,7 +1508,7 @@ CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) .
 CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...)
 	NOT-FOR-US: Invoice Plane
 CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: Canvs Canvas
 CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site Scripting ...)
 	NOT-FOR-US: Mautic
 CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers, a ...)
@@ -22691,7 +22689,7 @@ CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section 
 CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS before ...)
 	NOT-FOR-US: ILIAS
 CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x ...)
-	TODO: check
+	NOT-FOR-US: Cloudera Data Science Workbench
 CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
 	- mongodb <not-affected> (wire protocol compression introduced in 3.4.x and disabled by default)
 	NOTE: https://jira.mongodb.org/browse/SERVER-31273



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c867cbcea1ce57a39c62740c211a321534f94fd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c867cbcea1ce57a39c62740c211a321534f94fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180210/4bdfc495/attachment.html>

More information about the Secure-testing-commits mailing list