[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Feb 20 18:49:59 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9379a4ad by Moritz Muehlenhoff at 2018-02-20T19:49:32+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,7 +3,7 @@ CVE-2018-7261
 CVE-2018-7260
 	RESERVED
 CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...)
-	TODO: check
+	NOT-FOR-US: Flight Sim Labs
 CVE-2018-7258
 	RESERVED
 CVE-2018-7257
@@ -23,11 +23,11 @@ CVE-2018-7249
 CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the ...)
 	TODO: check
 CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: Datto ALTO and SIRIS devices
 CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: Datto ALTO and SIRIS devices
 CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...)
-	TODO: check
+	NOT-FOR-US: Datto ALTO and SIRIS devices
 CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack ...)
 	- wavpack <unfixed> (bug #889274)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present)
@@ -128,7 +128,7 @@ CVE-2018-7214
 CVE-2018-7213
 	RESERVED
 CVE-2018-7212 (An issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Sinatra
 CVE-2018-7211 (An issue was discovered in iDashboards 9.6b. The SSO implementation is ...)
 	NOT-FOR-US: iDashboards
 CVE-2018-7210 (An issue was discovered in iDashboards 9.6b. It allows remote attackers ...)
@@ -4101,7 +4101,7 @@ CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync befo
 	[jessie] - rsync <no-dsa> (Minor issue)
 	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
 CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop Enterprise Edition
 CVE-2018-5762
 	RESERVED
 CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found ...)
@@ -16979,7 +16979,7 @@ CVE-2017-17103 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php 
 CVE-2017-17102 (Fiyo CMS 2.0.7 has SQL injection in /system/site.php via ...)
 	NOT-FOR-US: Fiyo CMS
 CVE-2017-17101 (An issue was discovered in Apexis APM-H803-MPC software, as used with ...)
-	TODO: check
+	NOT-FOR-US: Apexis
 CVE-2017-17100
 	RESERVED
 CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow vulnerability ...)
@@ -20099,7 +20099,7 @@ CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 
 CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
 	NOT-FOR-US: Arris TG1682G devices
 CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has ...)
-	TODO: check
+	NOT-FOR-US: Photo Video Locker-Calculator application for Android 
 CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...)
 	- pnp4nagios <not-affected> (/etc/pnp4nagios and its content is installed as root by the Debian package)
 	NOTE: https://github.com/lingej/pnp4nagios/issues/140
@@ -20357,9 +20357,9 @@ CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...)
 CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...)
 	NOT-FOR-US: Hola VPN
 CVE-2017-16756 (An issue was discovered in Userscape HelpSpot before 4.7.2. A ...)
-	TODO: check
+	NOT-FOR-US: Userscape HelpSpot
 CVE-2017-16755 (An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected ...)
-	TODO: check
+	NOT-FOR-US: Userscape HelpSpot
 CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2017-16753 (An Improper Input Validation issue was discovered in Advantech ...)
@@ -26946,11 +26946,11 @@ CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of ser
 CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
 	NOT-FOR-US: XnView
 CVE-2017-14537 (trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to ...)
-	TODO: check
+	NOT-FOR-US: trixbox
 CVE-2017-14536 (trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or ...)
-	TODO: check
+	NOT-FOR-US: trixbox
 CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacters in ...)
-	TODO: check
+	NOT-FOR-US: trixbox
 CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
 	NOT-FOR-US: NexusPHP
 CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...)
@@ -29508,7 +29508,7 @@ CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 dev
 CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
 	NOT-FOR-US: FineCMS
 CVE-2017-13696 (A buffer overflow vulnerability lies in the web server component of ...)
-	TODO: check
+	NOT-FOR-US: Dup Scout Enterprise
 CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...)
 	- webkit2gtk 2.16.3-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2017-0007.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9379a4ad333beb75235e01647684143e339e8b8e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9379a4ad333beb75235e01647684143e339e8b8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/b1791a62/attachment.html>

More information about the Secure-testing-commits mailing list