[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jan 27 09:46:31 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fac68fe5 by Salvatore Bonaccorso at 2018-01-27T10:46:11+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -329,12 +329,12 @@ CVE-2018-6195
 CVE-2018-6194
 	RESERVED
 CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
-	TODO: check
+	NOT-FOR-US: Routers2
 CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
 	- mupdf <unfixed> (bug #888487)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
 CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an ...)
-	TODO: check
+	NOT-FOR-US: MuJS
 CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...)
 	NOT-FOR-US: Netis WF2419 V3.2.41381 devices
 CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier ...)
@@ -915,7 +915,7 @@ CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In t
 CVE-2018-5998
 	RESERVED
 CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub ...)
-	TODO: check
+	NOT-FOR-US: RAVPower Filehub
 CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...)
 	{DSA-4098-1}
 	- curl 7.58.0-1
@@ -973,7 +973,7 @@ CVE-2018-5975
 CVE-2018-5974
 	RESERVED
 CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via ...)
-	TODO: check
+	NOT-FOR-US: Professional Local Directory Script
 CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...)
 	NOT-FOR-US: Classified Ads CMS Quickad
 CVE-2018-5971
@@ -991,11 +991,11 @@ CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description par
 CVE-2018-5966
 	RESERVED
 CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...)
@@ -1024,7 +1024,7 @@ CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a de
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
 	NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
 CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: phpFreeChat
 CVE-2018-5953
 	RESERVED
 CVE-2018-5952
@@ -1477,7 +1477,7 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was f
 CVE-2018-5760
 	RESERVED
 CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
-	TODO: check
+	NOT-FOR-US: MuJS
 CVE-2018-5758
 	RESERVED
 CVE-2018-5757
@@ -2216,15 +2216,15 @@ CVE-2018-5449
 CVE-2018-5448
 	RESERVED
 CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...)
-	TODO: check
+	NOT-FOR-US: Nari PCS-9611 relay
 CVE-2018-5446
 	RESERVED
 CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5444
 	RESERVED
 CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2018-5442
 	RESERVED
 CVE-2018-5441
@@ -3807,11 +3807,11 @@ CVE-2018-4839
 CVE-2018-4838
 	RESERVED
 CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...)
-	TODO: check
+	NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...)
-	TODO: check
+	NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < ...)
-	TODO: check
+	NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...)
 	NOT-FOR-US: Desigo
 CVE-2018-4833
@@ -6104,7 +6104,7 @@ CVE-2017-17978
 CVE-2017-17977
 	RESERVED
 CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can ...)
-	TODO: check
+	NOT-FOR-US: Perfex CRM
 CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Vulnerable code path not present)
@@ -15490,7 +15490,7 @@ CVE-2018-0509
 CVE-2018-0508
 	RESERVED
 CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...)
-	TODO: check
+	NOT-FOR-US: FLET'S VIRUS CLEAR
 CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
 	TODO: check
 CVE-2018-0505
@@ -23976,9 +23976,9 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead t
 CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...)
 	NOT-FOR-US: Atlassian Jira
 CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...)
-	TODO: check
+	NOT-FOR-US: Sourcetree
 CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs ...)
-	TODO: check
+	NOT-FOR-US: Sourcetree
 CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...)
 	NOT-FOR-US: Atlassian
 CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...)
@@ -24141,11 +24141,11 @@ CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum We
 CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum ...)
 	NOT-FOR-US: OpenText Documentum Administrator
 CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept arbitrary ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random ...)
-	TODO: check
+	NOT-FOR-US: WonderCMS
 CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in ...)
 	{DSA-4079-1}
 	- poppler 0.61.1-2 (low; bug #876081)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac68fe519f61b244ff7095589ae9e9a41d1c56c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fac68fe519f61b244ff7095589ae9e9a41d1c56c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180127/609aceb3/attachment.html>

More information about the Secure-testing-commits mailing list