[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 21 11:58:33 UTC 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3042c4ac by Moritz Muehlenhoff at 2018-02-21T12:58:09+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -24204,7 +24204,7 @@ CVE-2017-15398
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...)
- TODO: check
+ NOT-FOR-US: ChromeVox in Google Chrome OS
CVE-2017-15396
RESERVED
{DSA-4020-1}
@@ -25643,7 +25643,7 @@ CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows rem
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x ...)
- TODO: check
+ NOT-FOR-US: OXID eShop Community Edition
CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) ...)
- docker.io <undetermined>
CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...)
@@ -30629,7 +30629,7 @@ CVE-2017-13184 (In the enableVSyncInjections function of SurfaceFlinger, there i
CVE-2017-13183 (In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, ...)
NOT-FOR-US: Android media framework
CVE-2017-13182 (In the sendFormatChange function of ACodec, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android media framework
CVE-2017-13181 (In the doGetThumb and getThumbnail functions of MtpServer, there is a ...)
NOT-FOR-US: Android media framework
CVE-2017-13180 (In the onQueueFilled function of SoftAVCDec, there is a possible ...)
@@ -37514,7 +37514,7 @@ CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -37563,7 +37563,7 @@ CVE-2017-11009
CVE-2017-11008
RESERVED
CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -53739,55 +53739,55 @@ CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Manageme
CVE-2017-5804 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5803 (A Remote Disclosure of Information vulnerability in HPE NonStop ...)
- TODO: check
+ NOT-FOR-US: HPE NonStop Servers
CVE-2017-5802 (A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics ...)
- TODO: check
+ NOT-FOR-US: HPE Vertica Analytics Platform
CVE-2017-5801 (A Remote Unauthorized Access to Data vulnerability in HPE Business ...)
- TODO: check
+ NOT-FOR-US: HPE Business Process Monitor
CVE-2017-5800 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations ...)
- TODO: check
+ NOT-FOR-US: HPE Operations Bridge Analytics
CVE-2017-5799 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ...)
- TODO: check
+ NOT-FOR-US: HPE OpenCall Media Platform
CVE-2017-5798 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ...)
- TODO: check
+ NOT-FOR-US: HPE OpenCall Media Platform
CVE-2017-5797 (A Remote Unauthenticated Disclosure of Information vulnerability in ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5796 (A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 ...)
NOT-FOR-US: HPE 2620 Series Network Switches
CVE-2017-5795 (A Local Arbitrary File Download vulnerability in HPE Intelligent ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5794 (A Remote Arbitrary File Download vulnerability in HPE Intelligent ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5793 (A Remote Arbitrary Code Execution vulnerability in HPE Intelligent ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5792 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5791 (The doFilter method in UrlAccessController in HPE Intelligent ...)
NOT-FOR-US: HPE Intelligent Management Center
NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
CVE-2017-5790 (A remote deserialization of untrusted data vulnerability in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5789 (HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before ...)
NOT-FOR-US: HPE LoadRunner
NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
CVE-2017-5788 (A Local Disclosure of Sensitive Information vulnerability in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE NonStop Software Essentials
CVE-2017-5787 (A remote denial of service vulnerability in HPE Version Control ...)
- TODO: check
+ NOT-FOR-US: HPE Version Control Manager
CVE-2017-5786 (A local Unauthorized Data Modification vulnerability in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE OfficeConnect Network Switches
CVE-2017-5785 (A remote information disclosure vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5784 (A missing HSTS Header vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5783 (A remote clickjacking vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5782 (A missing HSTS Header vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5779
RESERVED
CVE-2017-5778
@@ -72946,17 +72946,17 @@ CVE-2016-8537
CVE-2016-8536
REJECTED
CVE-2016-8535 (A remote HTTP parameter Pollution vulnerability in HPE Matrix ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8534 (A remote privilege elevation vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8533 (A remote priviledge escalation vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8532 (A cross site scripting vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8531 (A remote information disclosure vulnerability in HPE Matrix Operating ...)
- TODO: check
+ NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8530 (A remote denial of service vulnerability in HPE iMC PLAT version v7.2 ...)
- TODO: check
+ NOT-FOR-US: HPE iMC PLAT
CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual ...)
NOT-FOR-US: HPE StoreVirtual
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3042c4acf092808199b8bfceacb03b977aec2739
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3042c4acf092808199b8bfceacb03b977aec2739
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180221/6c277830/attachment.html>
More information about the Secure-testing-commits
mailing list