[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jan 30 21:29:27 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bfdbac0 by Salvatore Bonaccorso at 2018-01-30T22:28:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,13 +11,13 @@ CVE-2018-6400
 CVE-2018-6399
 	RESERVED
 CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...)
-	TODO: check
+	NOT-FOR-US: CP Event Calendar component for Joomla!
 CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...)
-	TODO: check
+	NOT-FOR-US: Picture Calendar  component for Joomla!
 CVE-2018-6396
 	RESERVED
 CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Visual Calendar component for Joomla!
 CVE-2018-6394
 	RESERVED
 CVE-2018-6393 (FreePBX 10.13.66-32bit allows post-authentication SQL injection via the ...)
@@ -51,15 +51,15 @@ CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by inval
 	[wheezy] - zziplib <ignored> (Minor issue)
 	NOTE: https://github.com/gdraheim/zziplib/issues/12
 CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-6378
 	RESERVED
 CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-1000029
 	RESERVED
 CVE-2018-1000026
@@ -145,7 +145,7 @@ CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the .
 CVE-2018-6356
 	RESERVED
 CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 ...)
-	TODO: check
+	NOT-FOR-US: iBall 300M devices
 CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...)
 	NOT-FOR-US: Formspree
 CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...)
@@ -2414,7 +2414,7 @@ CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA
 CVE-2018-5442
 	RESERVED
 CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: PHOENIX CONTACT mGuard firmware
 CVE-2018-5440
 	RESERVED
 CVE-2018-5439



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bfdbac054b99b302a60acd2f2884e0e818ee61f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7bfdbac054b99b302a60acd2f2884e0e818ee61f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180130/45408260/attachment.html>


More information about the Secure-testing-commits mailing list