[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 6 21:57:10 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
660d704b by Salvatore Bonaccorso at 2018-01-06T22:54:56+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -816,7 +816,7 @@ CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exi
- exiv2 <unfixed>
NOTE: https://github.com/Exiv2/exiv2/issues/202
CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2017-1000499 (phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a ...)
- phpmyadmin <not-affected> (Only affects phpMyAdmin starting from 4.7.0)
NOTE: https://www.phpmyadmin.net/security/PMASA-2017-9/
@@ -862,7 +862,7 @@ CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjackin
CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...)
NOT-FOR-US: ELabftw
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
- TODO: check
+ NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
{DLA-1229-1}
- imagemagick <unfixed>
@@ -3008,15 +3008,15 @@ CVE-2017-1000492 (Leanote-desktop version v2.5 is vulnerable to a XSS which lead
CVE-2017-1000491 (Shiba markdown live preview app version 1.1.0 is vulnerable to XSS ...)
NOT-FOR-US: Shiba markdown live preview app
CVE-2017-1000466 (Invoice Ninja version 3.8.1 is vulnerable to stored cross-site ...)
- TODO: check
+ NOT-FOR-US: Invoice Ninja
CVE-2017-1000463 (Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site ...)
- TODO: check
+ NOT-FOR-US: Leafpub
CVE-2017-1000459 (Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input ...)
- TODO: check
+ NOT-FOR-US: Leanote
CVE-2017-1000438 (In OMERO 5.3.3 or earlier a user could create an OriginalFile and ...)
- TODO: check
+ NOT-FOR-US: OMERO
CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in the ...)
- TODO: check
+ NOT-FOR-US: Creolabs Gravity
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open ...)
NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with ...)
@@ -3057,7 +3057,7 @@ CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty
CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and ...)
TODO: check
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git ...)
- TODO: check
+ NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
- opencv <unfixed> (bug #886282)
NOTE: https://github.com/opencv/opencv/issues/9723
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/660d704bd8ff3e998a5057812cd18d608753a051
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/660d704bd8ff3e998a5057812cd18d608753a051
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180106/ac65e1f5/attachment.html>
More information about the Secure-testing-commits
mailing list