[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Feb 19 22:01:42 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef75b531 by Salvatore Bonaccorso at 2018-02-19T23:01:20+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -71,7 +71,7 @@ CVE-2018-7221
 CVE-2018-7220
 	RESERVED
 CVE-2018-7219 (application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as ...)
-	TODO: check
+	NOT-FOR-US: NoneCms
 CVE-2018-7218
 	RESERVED
 CVE-2018-7217 (In Bravo Tejari Procurement Portal, uploaded files are not properly ...)
@@ -120,7 +120,7 @@ CVE-2018-7199
 CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the Add ...)
 	NOT-FOR-US: October CMS
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored cross-site ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2018-7196
 	RESERVED
 CVE-2018-7195
@@ -1716,7 +1716,7 @@ CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generat
 CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
 	NOT-FOR-US: MalwareFox AntiMalware
 CVE-2018-6592 (Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to ...)
-	TODO: check
+	NOT-FOR-US: Unisys Stealth Windows endpoints
 CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtain ...)
 	TODO: check
 CVE-2018-6590
@@ -2099,13 +2099,13 @@ CVE-2017-18097
 CVE-2017-18096
 	RESERVED
 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crucible
 CVE-2017-18094
 	RESERVED
 CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-18092 (The print snippet resource in Atlassian Crucible before version 4.4.3 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Crucible
 CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and Crucible ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 (the fixed ...)
@@ -3515,7 +3515,7 @@ CVE-2018-5989 (SQL Injection exists in the ccNewsletter 2.x component for Joomla
 CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to ...)
 	NOT-FOR-US: Flexible Poll
 CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Pinterest Clone Social Pinboard component for Joomla!
 CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row ...)
 	NOT-FOR-US: Easy Car Script
 CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for ...)
@@ -3523,13 +3523,13 @@ CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for 
 CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 ...)
 	NOT-FOR-US: Tumder
 CVE-2018-5983 (SQL Injection exists in the JquickContact 1.3.2.2.1 component for ...)
-	TODO: check
+	NOT-FOR-US: JquickContact component for Joomla!
 CVE-2018-5982 (SQL Injection exists in the Advertisement Board 3.1.0 component for ...)
-	TODO: check
+	NOT-FOR-US: Advertisement Board component for Joomla!
 CVE-2018-5981 (SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via ...)
-	TODO: check
+	NOT-FOR-US: Gallery WD component for Joomla!
 CVE-2018-5980 (SQL Injection exists in the Solidres 2.5.1 component for Joomla! via ...)
-	TODO: check
+	NOT-FOR-US: Solidres component for Joomla!
 CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 ...)
 	NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
 CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the ...)
@@ -3539,17 +3539,17 @@ CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management 
 CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...)
 	NOT-FOR-US: RSVP Invitation Online
 CVE-2018-5975 (SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Smart Shoutbox component for Joomla!
 CVE-2018-5974 (SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: SimpleCalendar component for Joomla!
 CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via ...)
 	NOT-FOR-US: Professional Local Directory Script
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...)
 	NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971 (SQL Injection exists in the MediaLibrary Free 4.0.12 component for ...)
-	TODO: check
+	NOT-FOR-US: MediaLibrary Free component for Joomla!
 CVE-2018-5970 (SQL Injection exists in the JGive 2.0.9 component for Joomla! via the ...)
-	TODO: check
+	NOT-FOR-US: JGive component for Joomla!
 CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...)
 	NOT-FOR-US: Photography CMS
 CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...)
@@ -4753,11 +4753,11 @@ CVE-2018-5477
 CVE-2018-5476
 	RESERVED
 CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line ...)
-	TODO: check
+	NOT-FOR-US: GE D60 Line Distance Relay devices
 CVE-2018-5474
 	RESERVED
 CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memory ...)
-	TODO: check
+	NOT-FOR-US: GE D60 Line Distance Relay devices
 CVE-2018-5472
 	RESERVED
 CVE-2018-5471
@@ -4825,7 +4825,7 @@ CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discove
 CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS ...)
 	NOT-FOR-US: 3S-Smart
 CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge E3 ...)
-	TODO: check
+	NOT-FOR-US: Nortek Linear eMerge E3 series
 CVE-2018-5438
 	RESERVED
 CVE-2018-5437



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef75b5317bae607f9fd9f392d49e038610ff098b

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef75b5317bae607f9fd9f392d49e038610ff098b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180219/87b05511/attachment.html>

More information about the Secure-testing-commits mailing list