[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Sun Jul 1 21:26:41 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9d6bbe7 by Moritz Muehlenhoff at 2018-07-01T22:26:08+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
CVE-2018-13041 (The mint function of a smart contract implementation for Link Platform ...)
- TODO: check
+ NOT-FOR-US: Link Platform
CVE-2018-13040 (OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can ...)
- TODO: check
+ NOT-FOR-US: OpenSID
CVE-2018-13039 (OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the ...)
- TODO: check
+ NOT-FOR-US: OpenSID
CVE-2018-13038 (OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via ...)
- TODO: check
+ NOT-FOR-US: OpenSID
CVE-2018-13037 (An issue was discovered in jpeg-compressor 0.1. The bmp_load function ...)
- TODO: check
+ NOT-FOR-US: jpeg-compressor
CVE-2018-13036
RESERVED
CVE-2018-13035
@@ -17,7 +17,7 @@ CVE-2018-13034
CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
TODO: check
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser ...)
- TODO: check
+ NOT-FOR-US: ECESSA ShieldLink
CVE-2018-13031
RESERVED
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman ...)
@@ -38827,23 +38827,23 @@ CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb atta
NOTE: https://nodesecurity.io/advisories/479
NOTE: nodejs not covered by security support
CVE-2017-16128 (The module npm-script-demo opened a connection to a command and ...)
- TODO: check
+ NOT-FOR-US: npm-script-demo
CVE-2017-16127 (The module pandora-doomsday infects other modules. It's since been ...)
- TODO: check
+ NOT-FOR-US: pandora-doomsday
CVE-2017-16126 (The module botbait is a tool to be used to track bot and automated ...)
- TODO: check
+ NOT-FOR-US: botbait
CVE-2017-16125 (rtcmulticonnection-client is a signaling implementation for ...)
- TODO: check
+ NOT-FOR-US: rtcmulticonnection-client
CVE-2017-16124 (node-server-forfront is a simple static file server. ...)
- TODO: check
+ NOT-FOR-US: node-server-forfront
CVE-2017-16123 (welcomyzt is a simple file server. welcomyzt is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: welcomyzt
CVE-2017-16122 (cuciuci is a simple fileserver. cuciuci is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: cuciuci
CVE-2017-16121 (datachannel-client is a signaling implementation for DataChannel.js. ...)
- TODO: check
+ NOT-FOR-US: datachannel-client
CVE-2017-16120 (liyujing is a static file server. liyujing is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: liyujing
CVE-2017-16119 (Fresh is a module used by the Express.js framework for HTTP response ...)
- node-fresh <unfixed> (unimportant)
NOTE: https://nodesecurity.io/advisories/526
@@ -38864,143 +38864,143 @@ CVE-2017-16113 (The parsejson module is vulnerable to regular expression denial
CVE-2017-16112
RESERVED
CVE-2017-16111 (The content module is a module to parse HTTP Content-* headers. It is ...)
- TODO: check
+ NOT-FOR-US: node content
CVE-2017-16110 (weather.swlyons is a simple web server for weather updates. ...)
- TODO: check
+ NOT-FOR-US: weather.swlyons
CVE-2017-16109 (easyquick is a simple web server. easyquick is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: easyquick
CVE-2017-16108 (gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is ...)
- TODO: check
+ NOT-FOR-US: gaoxiaotingtingting
CVE-2017-16107 (pooledwebsocket is vulnerable to a directory traversal issue, giving ...)
- TODO: check
+ NOT-FOR-US: pooledwebsocket
CVE-2017-16106 (tmock is a static file server. tmock is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: tmock
CVE-2017-16105 (serverwzl is a simple http server. serverwzl is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: serverwzl
CVE-2017-16104 (citypredict.whauwiller is vulnerable to a directory traversal issue, ...)
- TODO: check
+ NOT-FOR-US: citypredict.whauwiller
CVE-2017-16103 (serveryztyzt is a simple http server. serveryztyzt is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: serveryztyzt
CVE-2017-16102 (serverhuwenhui is a simple http server. serverhuwenhui is vulnerable ...)
- TODO: check
+ NOT-FOR-US: serverhuwenhui
CVE-2017-16101 (serverwg is a simple http server. serverwg is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: serverwg
CVE-2017-16100 (dns-sync is a sync/blocking dns resolver. If untrusted user input is ...)
- TODO: check
+ NOT-FOR-US: dns-sync
CVE-2017-16099 (The no-case module is vulnerable to regular expression denial of ...)
- TODO: check
+ NOT-FOR-US: no-case
CVE-2017-16098 (charset 1.0.0 and below are vulnerable to regular expression denial of ...)
- TODO: check
+ NOT-FOR-US: charset
CVE-2017-16097 (tiny-http is a simple http server. tiny-http is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: tiny-http
CVE-2017-16096 (serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable ...)
- TODO: check
+ NOT-FOR-US: serveryaozeyan
CVE-2017-16095 (serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: serverliujiayi1
CVE-2017-16094 (iter-http is a server for static files. iter-http is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: iter-http
CVE-2017-16093 (cyber-js is a simple http server. A cyberjs server is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: cyber-js
CVE-2017-16092 (Sencisho is a simple http server for local development. Sencisho is ...)
- TODO: check
+ NOT-FOR-US: Sencisho
CVE-2017-16091 (xtalk helps your browser talk to nodex, a simple web framework. xtalk ...)
- TODO: check
+ NOT-FOR-US: xtalk (not the chat client)
CVE-2017-16090 (fsk-server is a simple http server. fsk-server is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: fsk-server
CVE-2017-16089 (serverlyr is a simple http server. serverlyr is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: serverlyr
CVE-2017-16088 (The safe-eval module describes itself as a safer version of eval. By ...)
- TODO: check
+ NOT-FOR-US: safe-eval
CVE-2017-16087
RESERVED
CVE-2017-16086 (ua-parser is a port of Browserscope's user agent parser. ua-parser is ...)
- TODO: check
+ NOT-FOR-US: ua-parser
CVE-2017-16085 (tinyserver2 is a webserver for static files. tinyserver2 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: tinyserver2
CVE-2017-16084 (list-n-stream is a server for static files to list and stream local ...)
- TODO: check
+ NOT-FOR-US: list-n-stream
CVE-2017-16083 (node-simple-router is a minimalistic router for Node. ...)
- TODO: check
+ NOT-FOR-US: node-simple-router
CVE-2017-16082 (A remote code execution vulnerability was found within the pg module ...)
TODO: check
CVE-2017-16081 (cross-env.js was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16080 (nodesass was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16079 (smb was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16078 (shadowsock was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16077 (mongose was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16076 (proxy.js was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16075 (http-proxy.js was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16074 (crossenv was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16073 (noderequest was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16072 (nodemailer.js was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16071 (nodemailer-js was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16070 (nodecaffe was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16069 (nodeffmpeg was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16068 (ffmepg was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16067 (node-opencv was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16066 (opencv.js was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16065 (openssl.js was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16064 (node-openssl was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16063 (node-opensl was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16062 (node-tkinter was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16061 (tkinter was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16060 (babelcli was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16059 (mssql-node was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16058 (gruntcli was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16057 (nodemssql was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16056 (mssql.js was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16055 (`sqlserver` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16054 (`nodefabric` was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16053 (`fabric-js` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16052 (`node-fabric` was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16051 (`sqliter` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16050 (`sqlite.js` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16049 (`nodesqlite` was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16048 (`node-sqlite` was a malicious module published with the intent to ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16047 (mysqljs was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16046 (`mariadb` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16045 (`jquery.js` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16044 (`d3.js` was a malicious module published with the intent to hijack ...)
- TODO: check
+ NOT-FOR-US: malicious node module
CVE-2017-16043 (Shout is an IRC client. Because the `/topic` command in messages is ...)
- TODO: check
+ NOT-FOR-US: Shout
CVE-2017-16042 (Growl adds growl notification support to nodejs. Growl before 1.10.2 ...)
- node-growl <unfixed> (unimportant; bug #900868)
NOTE: Issue: https://github.com/tj/node-growl/issues/60
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9d6bbe779d0d4466dadd968d49b05a4809fcd9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f9d6bbe779d0d4466dadd968d49b05a4809fcd9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180701/a62b4142/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list