[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jan 19 21:17:14 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b62055e by Salvatore Bonaccorso at 2018-01-19T22:16:49+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -10516,7 +10516,7 @@ CVE-2018-1364
 CVE-2018-1363
 	RESERVED
 CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM Curam Social Program Management
 CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 ...)
@@ -23949,13 +23949,13 @@ CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping ..
 CVE-2017-14101 (A security researcher found an XML External Entity (XXE) vulnerability ...)
 	NOT-FOR-US: Conserus Image Repository
 CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend Micro Smart ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro ScanMail for ...)
 	NOT-FOR-US: Trend Micro ScanMail for Exchange
 CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange ...)
@@ -23979,7 +23979,7 @@ CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Tre
 CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote ...)
 	NOT-FOR-US: Trend Micro
 CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability in Trend ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...)
 	NOT-FOR-US: Trend Micro Mobile Security
 CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security ...)
@@ -31844,7 +31844,7 @@ CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0
 	NOTE: Fixed in 3.2.7
 CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend Micro ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro Encryption for ...)
 	NOT-FOR-US: Trend Micro
 CVE-2017-11396 (Vulnerability issues with the web service inspection of input ...)
@@ -61189,7 +61189,7 @@ CVE-2017-1695
 CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain ...)
 	NOT-FOR-US: IBM Integration Bus
 CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has ...)
-	TODO: check
+	NOT-FOR-US: IBM Integration Bus
 CVE-2017-1692
 	RESERVED
 CVE-2017-1691
@@ -99846,11 +99846,11 @@ CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.
 CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
 	NOT-FOR-US: IBM
 CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7483
 	RESERVED
 CVE-2015-7482
@@ -99870,7 +99870,7 @@ CVE-2015-7476
 CVE-2015-7475
 	RESERVED
 CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
 CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
 	NOT-FOR-US: IBM
 CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b62055e5e011c784a4cefe3c92047d2eacf94bb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b62055e5e011c784a4cefe3c92047d2eacf94bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180119/2d9ed1ac/attachment.html>

More information about the Secure-testing-commits mailing list