[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jan 23 20:49:39 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c857635 by Salvatore Bonaccorso at 2018-01-23T21:49:18+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...)
-	TODO: check
+	NOT-FOR-US: NoneCms
 CVE-2018-6028
 	RESERVED
 CVE-2018-6027
@@ -13,7 +13,7 @@ CVE-2018-6024
 CVE-2018-6023
 	RESERVED
 CVE-2018-6022 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: NoneCms
 CVE-2018-6021
 	RESERVED
 CVE-2018-6020
@@ -31,15 +31,15 @@ CVE-2018-6015
 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...)
 	TODO: check
 CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...)
-	TODO: check
+	NOT-FOR-US: BigTree CMS
 CVE-2018-6012
 	RESERVED
 CVE-2018-6011
 	RESERVED
 CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...)
-	TODO: check
+	NOT-FOR-US: Yii Framework
 CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...)
-	TODO: check
+	NOT-FOR-US: Yii Framework
 CVE-2018-6008
 	RESERVED
 CVE-2018-6007
@@ -101,9 +101,9 @@ CVE-2017-18051
 CVE-2017-18050
 	RESERVED
 CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads ...)
-	TODO: check
+	NOT-FOR-US: Monstra CMS
 CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...)
 	TODO: check
 CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...)
@@ -115,13 +115,13 @@ CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function i
 	NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3)
 	NOTE: Fixed by: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13)
 CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...)
-	TODO: check
+	NOT-FOR-US: Soundy Background Music plugin for WordPress
 CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...)
-	TODO: check
+	NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
 CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The ...)
-	TODO: check
+	NOT-FOR-US: AsusWRT
 CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ...)
-	TODO: check
+	NOT-FOR-US: AsusWRT
 CVE-2018-5998
 	RESERVED
 CVE-2018-5997
@@ -197,27 +197,27 @@ CVE-2018-5964
 CVE-2018-5963
 	RESERVED
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...)
-	TODO: check
+	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of ...)
 	TODO: check
 CVE-2018-5959
 	RESERVED
 CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
-	TODO: check
+	NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
-	TODO: check
+	NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
-	TODO: check
+	NOT-FOR-US: Zillya! Antivirus
 CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...)
 	TODO: check
 CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...)
 	TODO: check
 CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...)
-	TODO: check
+	NOT-FOR-US: Dasan GPON ONT WiFi Router devices
 CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...)
 	TODO: check
 CVE-2018-5954



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c8576358eb3164e0ec4bfaab12f27a0494c48fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180123/00ef8064/attachment.html>


More information about the Secure-testing-commits mailing list