[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jan 6 15:27:16 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f6431eb by Salvatore Bonaccorso at 2018-01-06T16:26:58+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -846,17 +846,17 @@ CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection 
 	NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
 	NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41
 CVE-2017-1000486 (Primetek Primefaces 5.x is vulnerable to a weak encryption flaw ...)
-	TODO: check
+	NOT-FOR-US: Primetek Primefaces
 CVE-2017-1000485 (Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, ...)
 	NOT-FOR-US: Nylas Mail Lives
 CVE-2017-1000484 (By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2017-1000483 (Accessing private content via str.format in through-the-web templates ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in the ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends ...)
-	TODO: check
+	NOT-FOR-US: Plone
 CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...)
 	- smarty <removed>
 	- smarty3 <unfixed> (bug #886460)
@@ -864,7 +864,7 @@ CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection w
 CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking ...)
 	NOT-FOR-US: pfSense
 CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...)
-	TODO: check
+	NOT-FOR-US: ELabftw
 CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
 	TODO: check
 CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f6431eb884533667aee725776a74ba856559df7

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f6431eb884533667aee725776a74ba856559df7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180106/054ea30a/attachment.html>

More information about the Secure-testing-commits mailing list