[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Jul 6 14:49:05 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1850b7b2 by Moritz Muehlenhoff at 2018-07-06T15:48:42+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25886,9 +25886,9 @@ CVE-2018-3766 (Path traversal in buttle module versions <= 0.2.0 allows to re
 CVE-2018-3765
 	RESERVED
 CVE-2018-3764 (In Nextcloud Contacts before 2.1.2, a missing sanitization of search ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Contacts
 CVE-2018-3763 (In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Contacts
 CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks ...)
 	- nextcloud <itp> (bug #835086)
 CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper ...)
@@ -39987,37 +39987,37 @@ CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. li
 CVE-2016-10673 (ipip-coffee queries geolocation information from IP ipip-coffee ...)
 	NOT-FOR-US: ipip-coffee
 CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis ...)
-	TODO: check
+	NOT-FOR-US: cloudpub-redis
 CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper ...)
-	TODO: check
+	NOT-FOR-US: mystem-wrapper
 CVE-2016-10670 (windows-seleniumjar-mirror downloads the Selenium Jar file ...)
-	TODO: check
+	NOT-FOR-US: windows-seleniumjar-mirror
 CVE-2016-10669 (soci downloads binary resources over HTTP, which leaves it vulnerable ...)
-	TODO: check
+	NOT-FOR-US: soci
 CVE-2016-10668 (libsbml is a module that installs Linux binaries for libSBML libsbml ...)
-	TODO: check
+	NOT-FOR-US: libsbml node integration, different from src:libsml
 CVE-2016-10667 (selenium-portal is a Selenium Testing Framework selenium-portal ...)
-	TODO: check
+	NOT-FOR-US: selenium-portal
 CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...)
-	TODO: check
+	NOT-FOR-US: tomita-parser
 CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on libtins ...)
-	TODO: check
+	NOT-FOR-US: herbivore
 CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text analyzer by ...)
-	TODO: check
+	NOT-FOR-US: mystem
 CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset binaries ...)
-	TODO: check
+	NOT-FOR-US: wixtoolset
 CVE-2016-10662 (tomita is a node wrapper for Yandex Tomita Parser tomita downloads ...)
-	TODO: check
+	NOT-FOR-US: tomita
 CVE-2016-10661 (phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu ...)
-	TODO: check
+	NOT-FOR-US: phantomjs-cheniu
 CVE-2016-10660 (fis-parser-sass-bin a plugin for fis to compile sass using ...)
-	TODO: check
+	NOT-FOR-US: fis-parser-sass-bin
 CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for ...)
 	NOT-FOR-US: nodejs poco module
 CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv ...)
-	TODO: check
+	NOT-FOR-US: native-opencv binding for node, different from src:opencv
 CVE-2016-10657 (co-cli-installer downloads the co-cli module as part of the install ...)
-	TODO: check
+	NOT-FOR-US: co-cli-installer
 CVE-2016-10656 (qbs is a build tool that helps simplify the build process for ...)
 	NOT-FOR-US: npm qbs (different from src:qbs)
 CVE-2016-10655 (The clang-extra module installs LLVM's clang-extra tools. clang-extra ...)
@@ -40033,7 +40033,7 @@ CVE-2016-10651 (webdriver-launcher is a Node.js Selenium Webdriver Launcher. ...
 CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads ...)
 	NOT-FOR-US: ntfserver
 CVE-2016-10649 (frames-compiler downloads binary resources over HTTP, which leaves it ...)
-	TODO: check
+	NOT-FOR-US: frames-compiler
 CVE-2016-10648 (marionette-socket-host is a marionette-js-runner host for sending ...)
 	NOT-FOR-US: marionette-socket-host
 CVE-2016-10647 (node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1850b7b21dba8a3ffa044901b7085243648a65ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1850b7b21dba8a3ffa044901b7085243648a65ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180706/9387ad75/attachment.html>

More information about the debian-security-tracker-commits mailing list