[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jan 1 10:45:40 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ebc69ed4 by Salvatore Bonaccorso at 2018-01-01T11:45:16+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26,7 +26,7 @@ CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPIm
 CVE-2017-18007
 	RESERVED
 CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in the ...)
-	TODO: check
+	NOT-FOR-US: Extensis Portfolio NetPublish
 CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...)
 	- exiv2 <unfixed> (bug #885981)
 	[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -34,13 +34,13 @@ CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...)
 	NOTE: https://github.com/Exiv2/exiv2/issues/168
 	NOTE: Fixed via: https://github.com/Exiv2/exiv2/pull/199
 CVE-2017-18004 (Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to ...)
-	TODO: check
+	NOT-FOR-US: Zurmo
 CVE-2017-18003
 	RESERVED
 CVE-2017-18002
 	RESERVED
 CVE-2017-18001 (Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Trustwave Secure Web Gateway
 CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
 	NOT-FOR-US: Magento
 CVE-2017-18000
@@ -1433,7 +1433,7 @@ CVE-2017-17706
 CVE-2017-17705
 	RESERVED
 CVE-2017-17704 (A door-unlocking issue was discovered on Software House iStar Ultra ...)
-	TODO: check
+	NOT-FOR-US: Software House iStar Ultra devices
 CVE-2017-17703
 	RESERVED
 CVE-2017-17702
@@ -13897,7 +13897,7 @@ CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radi
 CVE-2017-15887 (An improper restriction of excessive authentication attempts ...)
 	NOT-FOR-US: Synology
 CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in ...)
-	TODO: check
+	NOT-FOR-US: Synology Chat
 CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...)
 	NOT-FOR-US: Axis
 CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebc69ed421d7a2c9ad8000afe59a5b03e88f359d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ebc69ed421d7a2c9ad8000afe59a5b03e88f359d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180101/ad5edd19/attachment.html>

More information about the Secure-testing-commits mailing list