[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs / two ITPs

Moritz Muehlenhoff jmm at debian.org
Wed Feb 28 12:38:10 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9f626cf by Moritz Muehlenhoff at 2018-02-28T13:37:49+01:00
NFUs / two ITPs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15807,7 +15807,7 @@ CVE-2018-1379
 CVE-2018-1378
 	RESERVED
 CVE-2018-1377 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1376
 	RESERVED
 CVE-2018-1375
@@ -15817,7 +15817,7 @@ CVE-2018-1374
 CVE-2018-1373
 	RESERVED
 CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1371
 	RESERVED
 CVE-2018-1370
@@ -18344,7 +18344,7 @@ CVE-2018-0910
 CVE-2018-0909
 	RESERVED
 CVE-2018-0908 (Microsoft Identity Manager 2016 SP1 allows an attacker to gain ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2018-0907
 	RESERVED
 CVE-2018-0906
@@ -19324,11 +19324,11 @@ CVE-2018-0522
 CVE-2018-0521
 	RESERVED
 CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...)
-	TODO: check
+	NOT-FOR-US: FS010W firmware
 CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...)
-	TODO: check
+	NOT-FOR-US: FS010W firmware
 CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...)
-	TODO: check
+	NOT-FOR-US: LINE for iOS
 CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
 	NOT-FOR-US: Anshin net security for Windows
 CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...)
@@ -21299,9 +21299,9 @@ CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in co
 	[wheezy] - collectd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/collectd/collectd/issues/2291
 CVE-2017-16814 (A Directory Traversal issue was discovered in the Foxit MobilePDF app ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2017-16813 (A denial-of-service issue was discovered in the Foxit MobilePDF app ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2017-16812
 	RESERVED
 CVE-2017-16811
@@ -24071,11 +24071,11 @@ CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol S
 CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin ...)
 	NOT-FOR-US: WordPress plugin wp-noexternallinks
 CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15859
 	RESERVED
 	NOT-FOR-US: Qualcomm component for Android
@@ -24850,7 +24850,7 @@ CVE-2017-15520
 CVE-2017-15519
 	RESERVED
 CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to ...)
 	NOT-FOR-US: AltaVault OST Plug-in
 CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...)
@@ -28354,13 +28354,13 @@ CVE-2017-14462
 CVE-2017-14461
 	RESERVED
 CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist ...)
-	TODO: check
+	- parity <itp> (bug #890550)
 CVE-2017-14459
 	RESERVED
 CVE-2017-14458
 	RESERVED
 CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...)
-	TODO: check
+	- cpp-etherum <itp> (bug #860434)
 CVE-2017-14456
 	RESERVED
 CVE-2017-14455



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d9f626cfa456c82ac2d272f4d4f6f7bdd45c2d61

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d9f626cfa456c82ac2d272f4d4f6f7bdd45c2d61
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/96a19284/attachment.html>

More information about the Secure-testing-commits mailing list