[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Convert previous freepbx items to NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jan 29 21:41:11 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a436b88c by Salvatore Bonaccorso at 2018-01-29T22:40:34+01:00
Convert previous freepbx items to NFUs

The ITP bug was closed back to 2011 due to inactivity. Unlikely at the
moment that that one will re reemeerge as itp in near future. Thus
decide to convert all freepbx items to NFUs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -130030,7 +130030,7 @@ CVE-2014-7236
 	- twiki <removed>
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2014-7234
 	REJECTED
 CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...)
@@ -143697,7 +143697,7 @@ CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in ...)
 	- libspring-java 3.0.6.RELEASE-13 (bug #741604)
 	NOTE: http://www.gopivotal.com/security/cve-2014-1904
 CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2014-1902 (Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera ...)
 	NOT-FOR-US: Y-Cam cameras
 CVE-2014-1901 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
@@ -172875,9 +172875,9 @@ CVE-2012-4872 (Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kay
 CVE-2012-4871 (Cross-site scripting (XSS) vulnerability in service/graph_html.php in ...)
 	NOT-FOR-US: LiteSpeed Web Server
 CVE-2012-4870 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2012-4869 (The callme_startcall function in recordings/misc/callme_page.php in ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2012-4868 (SQL injection vulnerability in news.php in the Kunena component 1.7.2 ...)
 	NOT-FOR-US: Kunena component for Joomla!
 CVE-2012-4867 (Directory traversal vulnerability in ...)
@@ -203683,7 +203683,7 @@ CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle
 CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...)
 	NOT-FOR-US: TIBCO ActiveMatrix Service Grid
 CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: CMS Digital Workroom
 CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...)
@@ -214204,7 +214204,7 @@ CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character 
 	- sendmail 8.14.3-9.1 (medium; bug #564581)
 	NOTE: http://www.sendmail.org/releases/8.14.4
 CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...)
 	NOT-FOR-US: Webmin
 CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...)
@@ -222726,11 +222726,11 @@ CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounti
 CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in ...)
 	NOT-FOR-US: videoscript
 CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, ...)
-	- freepbx <itp> (bug #464926)
+	NOT-FOR-US: FreePBX
 CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control ...)
 	NOT-FOR-US: Chinagames
 CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a436b88cdefc11c916f74348839cccb666a04fdd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a436b88cdefc11c916f74348839cccb666a04fdd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180129/32413fd9/attachment.html>

More information about the Secure-testing-commits mailing list