[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sun Jul 15 22:01:24 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3edc141e by Moritz Muehlenhoff at 2018-07-15T23:00:53+02:00
NFUs
new ruby-rails-admin issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21,19 +21,19 @@ CVE-2018-14071
 CVE-2018-14070
 	RESERVED
 CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
-	TODO: check
+	NOT-FOR-US: SRCMS
 CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
-	TODO: check
+	NOT-FOR-US: SRCMS
 CVE-2018-14067
 	RESERVED
 CVE-2018-14066 (The content://wappush content provider in ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
-	TODO: check
+	NOT-FOR-US: PHPOffice
 CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices ...)
-	TODO: check
+	NOT-FOR-US: VelotiSmart WiFi B-380 camera devices
 CVE-2018-14063 (The increaseApproval function of a smart contract implementation for ...)
-	TODO: check
+	NOT-FOR-US: smart contract
 CVE-2018-14062
 	RESERVED
 CVE-2018-14061
@@ -206,7 +206,7 @@ CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the 
 CVE-2018-14011
 	RESERVED
 CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi
 CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different ...)
 	NOT-FOR-US: Codiad
 CVE-2018-14008
@@ -42039,29 +42039,30 @@ CVE-2016-10531 (marked is an application that is meant to parse and compile mark
 	NOTE: https://nodesecurity.io/advisories/101
 	NOTE: nodejs not covered by security support
 CVE-2016-10530 (The airbrake module 0.3.8 and earlier defaults to sending environment ...)
-	TODO: check
+	NOT-FOR-US: airbrake
 CVE-2016-10529 (Droppy versions <3.5.0 does not perform any verification for ...)
-	TODO: check
+	NOT-FOR-US: Droppy
 CVE-2016-10528 (restafary is a REpresentful State Transfer API for Creating, Reading, ...)
-	TODO: check
+	NOT-FOR-US: restafary
 CVE-2016-10527 (The riot-compiler version version 2.3.21 has an issue in a regex ...)
-	TODO: check
+	NOT-FOR-US: riot-compiler
 CVE-2016-10526 (A common setup to deploy to gh-pages on every commit via a CI system ...)
-	TODO: check
+	NOT-FOR-US: gh-pages
 CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, ...)
-	TODO: check
+	NOT-FOR-US: hapi
 CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n and ...)
-	TODO: check
+	NOT-FOR-US: i18n-node-angular
 CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted ...)
-	TODO: check
+	- node-mqtt-packet <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://nodesecurity.io/advisories/75
 CVE-2016-10522 (rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request ...)
-	TODO: check
+	- ruby-rails-admin <unfixed>
 CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service ...)
-	TODO: check
+	NOT-FOR-US: jshamcrest
 CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...)
-	TODO: check
+	NOT-FOR-US: jadedown
 CVE-2016-10519 (A security issue was found in bittorrent-dht before 5.1.3 that allows ...)
-	TODO: check
+	NOT-FOR-US: bittorrent-dht
 CVE-2016-10518 (A vulnerability was found in the ping functionality of the ws module ...)
 	TODO: check
 CVE-2015-9243 (When server level, connection level or route level CORS configurations ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3edc141ec54c832ff0acdb897506e044f3a931b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3edc141ec54c832ff0acdb897506e044f3a931b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180715/0d64acd0/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list