[Git][security-tracker-team/security-tracker][master] NFUs

Thu Jul 5 22:11:30 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f7478b0 by Moritz Muehlenhoff at 2018-07-05T23:11:06+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25829,23 +25829,23 @@ CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulner
 CVE-2018-3755 (XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) ...)
 	NOT-FOR-US: sexstatic
 CVE-2018-3754 (Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and ...)
-	TODO: check
+	NOT-FOR-US: query-mysql
 CVE-2018-3753 (The utilities function in all versions <= 1.0.0 of the merge-objects ...)
-	TODO: check
+	NOT-FOR-US: merge-objects
 CVE-2018-3752 (The utilities function in all versions <= 1.0.0 of the merge-options ...)
-	TODO: check
+	NOT-FOR-US: merge-options
 CVE-2018-3751 (The utilities function in all versions <= 0.3.0 of the merge-recursive ...)
-	TODO: check
+	NOT-FOR-US: merge-recursive
 CVE-2018-3750 (The utilities function in all versions <= 0.5.0 of the deep-extend ...)
 	- node-deep-extend <unfixed> (unimportant)
 	NOTE: https://nodesecurity.io/advisories/612
 	NOTE: nodejs not covered by security support
 CVE-2018-3749 (The utilities function in all versions < 1.0.1 of the deap node module ...)
-	TODO: check
+	NOT-FOR-US: deap
 CVE-2018-3748 (There is a Stored XSS vulnerability in the glance node module versions ...)
-	TODO: check
+	NOT-FOR-US: glance node module (different from src:glance)
 CVE-2018-3747 (The public node module versions <= 1.0.3 allows to embed HTML in file ...)
-	TODO: check
+	NOT-FOR-US: public node module versions
 CVE-2018-3746 (The pdfinfojs NPM module versions <= 0.3.6 has a command injection ...)
 	NOT-FOR-US: pdfinfojs nodejs module
 CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is ...)
@@ -33986,9 +33986,9 @@ CVE-2017-17319 (Huawei P9 smartphones with the versions before EVA-AL10C00B399SP
 CVE-2017-17318 (Huawei MBB (Mobile Broadband) products E5771h-937 with the versions ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17317 (Common Open Policy Service Protocol (COPS) module in Huawei USG6300 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17316 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17315 (Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...)
@@ -34270,7 +34270,7 @@ CVE-2017-17177
 CVE-2017-17176
 	RESERVED
 CVE-2017-17175 (Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17174
 	RESERVED
 CVE-2017-17173 (Due to insufficient parameters verification GPU driver of Mate 9 Pro ...)
@@ -37908,7 +37908,7 @@ CVE-2017-16775
 CVE-2017-16774
 	RESERVED
 CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in Synology ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2017-16772 (Improper input validation vulnerability in ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology ...)
@@ -39888,25 +39888,25 @@ CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health Center
 CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it vulnerable to ...)
 	TODO: check
 CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...)
-	TODO: check
+	NOT-FOR-US: massif
 CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add ...)
-	TODO: check
+	NOT-FOR-US: roslib-socketio
 CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation ...)
-	TODO: check
+	NOT-FOR-US: adamvr-geoip-lite
 CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to ...)
-	TODO: check
+	NOT-FOR-US: selenium-standalone-painful
 CVE-2016-10678 (serc.js is a Selenium RC process wrapper serc.js downloads binary ...)
-	TODO: check
+	NOT-FOR-US: serc.js
 CVE-2016-10677 (google-closure-tools-latest is a Node.js module wrapper for ...)
-	TODO: check
+	NOT-FOR-US: google-closure-tools-latest
 CVE-2016-10676 (rs-brightcove is a wrapper around brightcove's web api rs-brightcove ...)
-	TODO: check
+	NOT-FOR-US: rs-brightcove
 CVE-2016-10675 (libsbmlsim is a module that installs linux binaries for libsbmlsim ...)
-	TODO: check
+	NOT-FOR-US: libsbmlsim
 CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ...)
-	TODO: check
+	NOT-FOR-US: limbus-buildgen
 CVE-2016-10673 (ipip-coffee queries geolocation information from IP ipip-coffee ...)
-	TODO: check
+	NOT-FOR-US: ipip-coffee
 CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis ...)
 	TODO: check
 CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper ...)
@@ -54707,7 +54707,7 @@ CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does n
 	- linux 4.11.11-1
 	NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
 CVE-2017-11175 (In J2 Innovations FIN Stack 4.0, the authentication webform is ...)
-	TODO: check
+	NOT-FOR-US: J2 Innovations FIN Stack
 CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of XOOPS ...)
 	NOT-FOR-US: XOOPS
 CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1 allows a ...)
@@ -84910,7 +84910,7 @@ CVE-2017-0931 (html-janitor node module suffers from a Cross-Site Scripting (XSS
 CVE-2017-0930 (augustine node module suffers from a Path Traversal vulnerability due ...)
 	NOT-FOR-US: augustine node module
 CVE-2017-0929 (DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request ...)
-	TODO: check
+	NOT-FOR-US: DNN (aka DotNetNuke)
 CVE-2017-0928 (html-janitor node module suffers from an External Control of Critical ...)
 	NOT-FOR-US: html-janitor node module
 CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
@@ -84967,9 +84967,9 @@ CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and 
 	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
 	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
 CVE-2017-0913 (Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti UCRM
 CVE-2017-0912 (Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: Ubiquiti UCRM
 CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...)
 	NOT-FOR-US: Twitter Kit for iOS
 CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f7478b02a74001b9ac835f18264f5120320eeee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f7478b02a74001b9ac835f18264f5120320eeee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180705/a7ba7bfe/attachment-0001.html>
