[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Feb 28 14:48:48 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7bef0e1 by Moritz Muehlenhoff at 2018-02-28T15:48:24+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15714,7 +15714,7 @@ CVE-2018-1427
 CVE-2018-1426
 	RESERVED
 CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker ...)
-	TODO: check
+	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1424
 	RESERVED
 CVE-2018-1423
@@ -15766,7 +15766,7 @@ CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-sit
 CVE-2018-1400
 	RESERVED
 CVE-2018-1399 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5 and 5.0 is ...)
-	TODO: check
+	NOT-FOR-US: IBM Daeja ViewONE Professional
 CVE-2018-1398
 	RESERVED
 CVE-2018-1397
@@ -81742,7 +81742,7 @@ CVE-2016-6232 (Directory traversal vulnerability in KArchive before 5.24, as use
 	NOTE: https://lists.debian.org/debian-lts/2016/07/msg00144.html
 	NOTE: Fix: https://git.reviewboard.kde.org/r/128185/
 CVE-2016-6217 (Cross-site scripting (XSS) vulnerability in Sophos PureMessage for ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2016-6216
 	RESERVED
 CVE-2016-6215
@@ -139800,7 +139800,7 @@ CVE-2014-4707 (Huawei Campus S7700 with software V200R001C00SPC300, ...)
 CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 ...)
 	NOT-FOR-US: Huawei
 CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software platform in ...)
-	TODO: check
+	NOT-FOR-US: eSap
 CVE-2014-4704
 	RESERVED
 CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
@@ -141182,7 +141182,7 @@ CVE-2014-4147
 CVE-2014-4146
 	REJECTED
 CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4144
 	REJECTED
 CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
@@ -141248,7 +141248,7 @@ CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, 
 CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
@@ -141340,7 +141340,7 @@ CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013
 CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
@@ -141607,7 +141607,7 @@ CVE-2014-3973 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) be
 	[squeeze] - frontaccounting <no-dsa> (Minor issue)
 	[wheezy] - frontaccounting <no-dsa> (Minor issue)
 CVE-2014-3972 (Directory traversal vulnerability in Apexis APM-J601-WS cameras with ...)
-	TODO: check
+	NOT-FOR-US: Apexis cameras
 CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in ...)
 	- mongodb <not-affected> (X.509 certifictate authentication introduced in 2.6.x)
 	NOTE: https://jira.mongodb.org/browse/SERVER-13753
@@ -142501,7 +142501,7 @@ CVE-2014-3631 (The assoc_array_gc function in the associative-array implementati
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 (v3.13)
 	NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
 CVE-2014-3630 (XML external entity (XXE) vulnerability in the Java XML processing ...)
-	TODO: check
+	NOT-FOR-US: Play framework
 CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in ...)
 	- qpid-cpp <removed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
@@ -143769,7 +143769,7 @@ CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote ...)
 CVE-2014-3245
 	RESERVED
 CVE-2014-3244 (XML external entity (XXE) vulnerability in the RSSDashlet dashlet in ...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2014-3241
 	RESERVED
 CVE-2014-3240
@@ -143914,9 +143914,9 @@ CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Boo
 CVE-2014-3208
 	RESERVED
 CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Seagate
 CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a ...)
-	TODO: check
+	NOT-FOR-US: Seagate
 CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...)
 	NOT-FOR-US: Unity
 CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...)
@@ -147159,7 +147159,7 @@ CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 1
 	- icedove 24.2.0-1
 	[squeeze] - icedove <end-of-life>
 CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition before ...)
-	TODO: check
+	NOT-FOR-US: OXID eShop
 CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop ...)
 	NOT-FOR-US: OXID eShop
 CVE-2014-2012
@@ -171504,7 +171504,7 @@ CVE-2012-6349 (Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as u
 CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify ...)
 	NOT-FOR-US: Centrify
 CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java number ...)
-	TODO: check
+	NOT-FOR-US: FortiGate
 CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before ...)
 	NOT-FOR-US: FortiWeb
 CVE-2012-6345



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7bef0e1d7919823a01abaff9d4089423b9d935e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7bef0e1d7919823a01abaff9d4089423b9d935e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180228/6f400835/attachment-0001.html>

More information about the Secure-testing-commits mailing list