[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jan 6 22:20:46 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9e46dfa by Salvatore Bonaccorso at 2018-01-06T23:02:12+01:00
Process more NFUs

- - - - -
01ccaa49 by Salvatore Bonaccorso at 2018-01-06T23:02:48+01:00
Add CVE-2017-1000424/electron, itp'ed: #842420

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3066,7 +3066,7 @@ CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniCo
 CVE-2017-1000449
 	REJECTED
 CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: Structured Data Linter
 CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer ...)
 	{DLA-1229-1}
 	- imagemagick <unfixed> (bug #886281)
@@ -3076,17 +3076,17 @@ CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null p
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/839a14e43d0c88db7b3fffe8aa4ec57d80c93623
 CVE-2017-1000444 (Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in ...)
-	TODO: check
+	NOT-FOR-US: Eleix Openhacker
 CVE-2017-1000443 (Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Eleix Openhacker
 CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS in the ...)
-	TODO: check
+	NOT-FOR-US: Passbolt API
 CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is ...)
 	NOT-FOR-US: eZ Systems eZ Publish
 CVE-2017-1000430 (rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when ...)
 	TODO: check
 CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2017-1000423 (b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation ...)
 	- b2evolution <removed>
 CVE-2017-1000422 (Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/660d704bd8ff3e998a5057812cd18d608753a051...01ccaa49fa9e09edc3025757a4dac42f21a8699a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/660d704bd8ff3e998a5057812cd18d608753a051...01ccaa49fa9e09edc3025757a4dac42f21a8699a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180106/f95e2dc5/attachment-0001.html>

More information about the Secure-testing-commits mailing list