[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jul 5 21:26:47 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05df54e2 by Moritz Muehlenhoff at 2018-07-05T22:26:31+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,11 +1,11 @@
 CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13327 (The transfer and transferFrom functions of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13326 (The transfer and transferFrom functions of a smart contract ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13325 (The _sell function of a smart contract implementation for GROWCHAIN ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-13324
 	RESERVED
 CVE-2018-13323
@@ -151,7 +151,7 @@ CVE-2018-13254
 CVE-2018-13253
 	RESERVED
 CVE-2018-13252 (Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain ...)
-	TODO: check
+	NOT-FOR-US: Entrust Datacard Syntera CS
 CVE-2018-13251 (In libming 0.4.8, there is an excessive memory allocation attempt in ...)
 	TODO: check
 CVE-2018-13250 (libming 0.4.8 has a NULL pointer dereference in the getString function ...)
@@ -395,7 +395,7 @@ CVE-2018-13134 (TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices 
 CVE-2018-13133 (Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated ...)
 	NOT-FOR-US: Golden Frog VyprVPN
 CVE-2015-9260 (An issue was discovered in BEdita before 3.7.0. A cross-site scripting ...)
-	TODO: check
+	NOT-FOR-US: BEdita
 CVE-2018-13132 (Spadeico is a smart contract running on Ethereum. The mint function has ...)
 	NOT-FOR-US: Spadeico
 CVE-2018-13131 (SpadePreSale is a smart contract running on Ethereum. The mint function ...)
@@ -747,7 +747,7 @@ CVE-2018-12978
 CVE-2018-12977
 	RESERVED
 CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use ...)
-	TODO: check
+	NOT-FOR-US: Go Doc Dot Org
 CVE-2018-12975
 	RESERVED
 CVE-2018-12974
@@ -1416,7 +1416,7 @@ CVE-2018-12693 (Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Ex
 CVE-2018-12692 (TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows ...)
 	NOT-FOR-US: TP-Link
 CVE-2018-12691 (Time-of-check to time-of-use (TOCTOU) race condition in ...)
-	TODO: check
+	NOT-FOR-US: ONOS
 CVE-2018-12690
 	RESERVED
 CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id ...)
@@ -3330,7 +3330,7 @@ CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 inte
 	NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
 	NOTE: https://neopg.io/blog/enigmail-signature-spoof/
 CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in Go ...)
-	TODO: check
+	NOT-FOR-US: Go Ethereum
 CVE-2018-12017
 	RESERVED
 CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows ...)
@@ -10488,7 +10488,7 @@ CVE-2018-9187
 CVE-2018-9186 (A cross-site scripting (XSS) vulnerability in Fortinet ...)
 	NOT-FOR-US: Fortinet
 CVE-2018-9185 (An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2018-9184
 	RESERVED
 CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
@@ -11162,7 +11162,7 @@ CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor
 CVE-2018-8929
 	RESERVED
 CVE-2018-8928 (Cross-site scripting (XSS) vulnerability in Address Book Editor in ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in Calendar ...)
 	NOT-FOR-US: Synology
 CVE-2018-8926 (Permissive regular expression vulnerability in synophoto_dsm_user in ...)
@@ -13534,7 +13534,7 @@ CVE-2018-7946
 CVE-2018-7945
 	RESERVED
 CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7943 (There is an authentication bypass vulnerability in some Huawei ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05df54e22350bb3c8f5b8cbf51278f555dfd825d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05df54e22350bb3c8f5b8cbf51278f555dfd825d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180705/c6dd9685/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list