[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 17 10:21:33 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
85af1a2f by Salvatore Bonaccorso at 2018-02-17T11:21:20+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35,13 +35,13 @@ CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters i
- leptonlib 1.75.3-2 (bug #890548)
NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! ...)
- TODO: check
+ NOT-FOR-US: Saxum Astro component for Joomla!
CVE-2018-7179 (SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! ...)
- TODO: check
+ NOT-FOR-US: SquadManagement component for Joomla!
CVE-2018-7178 (SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! ...)
- TODO: check
+ NOT-FOR-US: Saxum Picker component for Joomla!
CVE-2018-7177 (SQL Injection exists in the Saxum Numerology 3.0.4 component for ...)
- TODO: check
+ NOT-FOR-US: Saxum Numerology component for Joomla!
CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a ...)
- frontaccounting <removed> (bug #890604)
[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973)
@@ -1618,11 +1618,11 @@ CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through 2017
NOTE: https://github.com/splitbrain/dokuwiki/issues/2029
NOTE: https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86
CVE-2018-6585 (SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via ...)
- TODO: check
+ NOT-FOR-US: JTicketing component for Joomla!
CVE-2018-6584 (SQL Injection exists in the DT Register 3.2.7 component for Joomla! via ...)
- TODO: check
+ NOT-FOR-US: DT Register component for Joomla!
CVE-2018-6583 (SQL Injection exists in the Timetable Responsive Schedule 1.5 component ...)
- TODO: check
+ NOT-FOR-US: Timetable Responsive Schedule component for Joomla!
CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! ...)
NOT-FOR-US: Zh GoogleMap component for Joomla!
CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a ...)
@@ -2183,11 +2183,11 @@ CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for
CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...)
NOT-FOR-US: Picture Calendar component for Joomla!
CVE-2018-6396 (SQL Injection exists in the Google Map Landkarten through 4.2.3 ...)
- TODO: check
+ NOT-FOR-US: Google Map Landkarten component for Joomla!
CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! ...)
NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the ...)
- TODO: check
+ NOT-FOR-US: InviteX component for Joomla!
CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
@@ -2308,17 +2308,17 @@ CVE-2018-6375
CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients ...)
NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
CVE-2018-6373 (SQL Injection exists in the Fastball 2.5 component for Joomla! via the ...)
- TODO: check
+ NOT-FOR-US: Fastball component for Joomla!
CVE-2018-6372 (SQL Injection exists in the JB Bus 2.3 component for Joomla! via the ...)
- TODO: check
+ NOT-FOR-US: JB Bus component for Joomla!
CVE-2018-6371
RESERVED
CVE-2018-6370 (SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via ...)
- TODO: check
+ NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2018-6369
RESERVED
CVE-2018-6368 (SQL Injection exists in the JomEstate PRO through 3.7 component for ...)
- TODO: check
+ NOT-FOR-US: JomEstate PRO component for Joomla!
CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 ...)
NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
CVE-2018-6366
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85af1a2fa7ec6afdd49437b96a12f4be90505161
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/85af1a2fa7ec6afdd49437b96a12f4be90505161
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180217/485ac971/attachment.html>
More information about the Secure-testing-commits
mailing list