[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Jul 2 17:43:10 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
164fe48e by Moritz Muehlenhoff at 2018-07-02T18:42:44+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -32539,7 +32539,7 @@ CVE-2018-1155
CVE-2018-1154
RESERVED
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the ...)
- TODO: check
+ NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service ...)
- libjpeg-turbo <unfixed>
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
@@ -39020,19 +39020,19 @@ CVE-2017-16042 (Growl adds growl notification support to nodejs. Growl before 1.
NOTE: https://nodesecurity.io/advisories/146
NOTE: nodejs not covered by security support
CVE-2017-16041 (ikst versions before 1.1.2 download resources over HTTP, which leaves ...)
- TODO: check
+ NOT-FOR-US: ikst
CVE-2017-16040 (gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass ...)
- TODO: check
+ NOT-FOR-US: gfe-sass
CVE-2017-16039 (`hftp` is a static http or ftp server `hftp` is vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: hftp
CVE-2017-16038 (`f2e-server` 1.12.11 and earlier is vulnerable to a directory ...)
- TODO: check
+ NOT-FOR-US: f2e-server
CVE-2017-16037 (`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, ...)
- TODO: check
+ NOT-FOR-US: gomeplus-h5-proxy
CVE-2017-16036 (`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. ...)
- TODO: check
+ NOT-FOR-US: badjs-sourcemap-server
CVE-2017-16035 (The hubl-server module is a wrapper for the HubL Development Server. ...)
- TODO: check
+ NOT-FOR-US: hubl-server
CVE-2017-16034
RESERVED
CVE-2017-16033
@@ -39040,13 +39040,13 @@ CVE-2017-16033
CVE-2017-16032
RESERVED
CVE-2017-16031 (Socket.io is a realtime application framework that provides ...)
- TODO: check
+ NOT-FOR-US: Socket.io
CVE-2017-16030 (Useragent is used to parse useragent headers. It uses several regular ...)
NOT-FOR-US: useragent nodejs module
CVE-2017-16029 (hostr is a simple web server that serves up the contents of the ...)
- TODO: check
+ NOT-FOR-US: hostr
CVE-2017-16028 (react-native-meteor-oauth is a library for Oauth2 login to a Meteor ...)
- TODO: check
+ NOT-FOR-US: react-native-meteor-oauth
CVE-2017-16027
RESERVED
CVE-2017-16026 (Request is an http client. If a request is made using ```multipart```, ...)
@@ -39056,36 +39056,36 @@ CVE-2017-16026 (Request is an http client. If a request is made using ```multipa
NOTE: https://github.com/request/request/pull/2018
NOTE: nodejs not covered by security support
CVE-2017-16025 (Nes is a websocket extension library for hapi. Hapi is a webserver ...)
- TODO: check
+ NOT-FOR-US: Nes
CVE-2017-16024 (The sync-exec module is used to simulate child_process.execSync in ...)
- TODO: check
+ NOT-FOR-US: sync-exec
CVE-2017-16023 (Decamelize is used to convert a dash/dot/underscore/space separated ...)
- node-decamelize <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/sindresorhus/decamelize/issues/5
NOTE: https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0
NOTE: nodejs not covered by security support
CVE-2017-16022 (Morris.js creates an svg graph, with labels that appear when hovering ...)
- TODO: check
+ NOT-FOR-US: Morris.js
CVE-2017-16021 (uri-js is a module that tries to fully implement RFC 3986. One of ...)
NOT-FOR-US: uri-js nodejs module
CVE-2017-16020 (Summit is a node web framework. When using the PouchDB driver in the ...)
- TODO: check
+ NOT-FOR-US: Summit
CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for building ...)
- TODO: check
+ NOT-FOR-US: GitBook
CVE-2017-16018 (Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 ...)
- TODO: check
+ NOT-FOR-US: Restify
CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious ...)
- TODO: check
+ NOT-FOR-US: sanitize-html
CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious ...)
- TODO: check
+ NOT-FOR-US: sanitize-html
CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before ...)
- TODO: check
+ NOT-FOR-US: Forms
CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are ...)
- node-http-proxy <itp> (bug #896978)
NOTE: https://nodesecurity.io/advisories/323
NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101
CVE-2017-16013 (hapi is a web and services application framework. When hapi >= 15.0.0 ...)
- TODO: check
+ NOT-FOR-US: hapi
CVE-2017-16012
REJECTED
CVE-2017-16011
@@ -39096,13 +39096,13 @@ CVE-2017-16010 (i18next is a language translation framework. When using the .ini
NOTE: https://nodesecurity.io/advisories/326
NOTE: nodejs not covered by security support
CVE-2017-16009 (ag-grid is an advanced data grid that is library agnostic. ag-grid is ...)
- TODO: check
+ NOT-FOR-US: ag-grid
CVE-2017-16008 (i18next is a language translation framework. Because of how the ...)
- TODO: check
+ NOT-FOR-US: i18next
CVE-2017-16007 (node-jose is a JavaScript implementation of the JSON Object Signing ...)
- TODO: check
+ NOT-FOR-US: node-jose
CVE-2017-16006 (Remarkable is a markdown parser. In versions 1.6.2 and lower, ...)
- TODO: check
+ NOT-FOR-US: Remarkable
CVE-2017-16005 (Http-signature is a "Reference implementation of Joyent's HTTP ...)
- node-http-signature <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/joyent/node-http-signature/issues/10
@@ -39111,7 +39111,7 @@ CVE-2017-16005 (Http-signature is a "Reference implementation of Joyent's H
CVE-2017-16004
RESERVED
CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools for ...)
- TODO: check
+ NOT-FOR-US: windows-build-tools
CVE-2017-16002
RESERVED
CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
@@ -39135,33 +39135,33 @@ CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attacker
CVE-2017-15995
RESERVED
CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...)
- TODO: check
+ NOT-FOR-US: mystem-fix
CVE-2016-10697 (react-native-baidu-voice-synthesizer is a baidu voice speech ...)
- TODO: check
+ NOT-FOR-US: react-native-baidu-voice-synthesizer
CVE-2016-10696 (windows-latestchromedriver downloads the latest version of ...)
- TODO: check
+ NOT-FOR-US: windows-latestchromedriver
CVE-2016-10695 (The npm-test-sqlite3-trunk module provides asynchronous, non-blocking ...)
- TODO: check
+ NOT-FOR-US: npm-test-sqlite3-trunk
CVE-2016-10694 (alto-saxophone is a module to install and launch Chromedriver for Mac, ...)
- TODO: check
+ NOT-FOR-US: alto-saxophone
CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka server ...)
- TODO: check
+ NOT-FOR-US: pm2-kafka
CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim ...)
- TODO: check
+ NOT-FOR-US: haxeshim
CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium Jar file ...)
- TODO: check
+ NOT-FOR-US: windows-seleniumjar
CVE-2016-10690 (openframe-ascii-image module is an openframe plugin which adds support ...)
- TODO: check
+ NOT-FOR-US: openframe-ascii-image
CVE-2016-10689 (The windows-iedriver module downloads fixed version of ...)
- TODO: check
+ NOT-FOR-US: The windows-iedriver
CVE-2016-10688 (Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's ...)
TODO: check
CVE-2016-10687 (windows-selenium-chromedriver is a module that downloads the Selenium ...)
- TODO: check
+ NOT-FOR-US: windows-selenium-chromedriver
CVE-2016-10686 (fis-sass-all is another libsass wrapper for node. fis-sass-all ...)
- TODO: check
+ NOT-FOR-US: fis-sass-all
CVE-2016-10685 (pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox ...)
- TODO: check
+ NOT-FOR-US: pk-app-wonderbox
CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health Center agent ...)
NOT-FOR-US: IBM
CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it vulnerable to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/164fe48ef72e4a454dad302d851da6fcf98f65d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/164fe48ef72e4a454dad302d851da6fcf98f65d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180702/4d461c9e/attachment.html>
More information about the debian-security-tracker-commits
mailing list