[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jan 6 21:57:10 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
660d704b by Salvatore Bonaccorso at 2018-01-06T22:54:56+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -816,7 +816,7 @@ CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exi
 	- exiv2 <unfixed>
 	NOTE: https://github.com/Exiv2/exiv2/issues/202
 CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2017-1000499 (phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a ...)
 	- phpmyadmin <not-affected> (Only affects phpMyAdmin starting from 4.7.0)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-9/
@@ -862,7 +862,7 @@ CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjackin
 CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...)
 	NOT-FOR-US: ELabftw
 CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
-	TODO: check
+	NOT-FOR-US: XMLBundle
 CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
 	{DLA-1229-1}
 	- imagemagick <unfixed>
@@ -3008,15 +3008,15 @@ CVE-2017-1000492 (Leanote-desktop version v2.5 is vulnerable to a XSS which lead
 CVE-2017-1000491 (Shiba markdown live preview app version 1.1.0 is vulnerable to XSS ...)
 	NOT-FOR-US: Shiba markdown live preview app
 CVE-2017-1000466 (Invoice Ninja version 3.8.1 is vulnerable to stored cross-site ...)
-	TODO: check
+	NOT-FOR-US: Invoice Ninja
 CVE-2017-1000463 (Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site ...)
-	TODO: check
+	NOT-FOR-US: Leafpub
 CVE-2017-1000459 (Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input ...)
-	TODO: check
+	NOT-FOR-US: Leanote
 CVE-2017-1000438 (In OMERO 5.3.3 or earlier a user could create an OriginalFile and ...)
-	TODO: check
+	NOT-FOR-US: OMERO
 CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in the ...)
-	TODO: check
+	NOT-FOR-US: Creolabs Gravity
 CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open ...)
 	NOT-FOR-US: Wordpress plugin Furikake
 CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with ...)
@@ -3057,7 +3057,7 @@ CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty
 CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and ...)
 	TODO: check
 CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git ...)
-	TODO: check
+	NOT-FOR-US: fs-git
 CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
 	- opencv <unfixed> (bug #886282)
 	NOTE: https://github.com/opencv/opencv/issues/9723



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/660d704bd8ff3e998a5057812cd18d608753a051

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/660d704bd8ff3e998a5057812cd18d608753a051
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180106/ac65e1f5/attachment.html>


More information about the Secure-testing-commits mailing list