[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jul 16 21:17:00 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1b1f019 by Salvatore Bonaccorso at 2018-07-16T22:16:37+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -515,7 +515,7 @@ CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in deco
 	[stretch] - libsixel <no-dsa> (Minor issue)
 	NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610
 CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has insufficient ...)
-	TODO: check
+	NOT-FOR-US: Geo Mashup plugin for WordPress
 CVE-2018-14070
 	RESERVED
 CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
@@ -763,9 +763,9 @@ CVE-2018-13983
 CVE-2018-13982
 	RESERVED
 CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS before ...)
-	TODO: check
+	NOT-FOR-US: Zeta Producer Desktop CMS
 CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS before ...)
-	TODO: check
+	NOT-FOR-US: Zeta Producer Desktop CMS
 CVE-2018-13979
 	RESERVED
 CVE-2018-13978
@@ -2039,7 +2039,7 @@ CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6
 CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server before ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-13386
 	RESERVED
 CVE-2018-13385
@@ -6263,9 +6263,9 @@ CVE-2016-1000344 (In the Bouncy Castle JCE Provider version 1.55 and earlier the
 	[jessie] - bouncycastle <ignored> (Intrusive changes, can be mitigated by using a different mode than ECB)
 	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
 CVE-2018-11717 (An issue was discovered in Zoho ManageEngine Desktop Central before ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-11716 (An issue was discovered in Zoho ManageEngine Desktop Central before ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2018-11715 (The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread ...)
 	NOT-FOR-US: Recent Threads plugin for MyBB
 CVE-2018-11714 (An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 ...)
@@ -24358,7 +24358,7 @@ CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6
 CVE-2018-5240
 	RESERVED
 CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass ...)
-	TODO: check
+	NOT-FOR-US: Norton
 CVE-2018-5238
 	RESERVED
 CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 ...)
@@ -24386,7 +24386,7 @@ CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version 
 CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-5229 (The NotificationRepresentationFactoryImpl class in Atlassian Universal ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ...)
 	NOT-FOR-US: Atlassian
 CVE-2018-5227 (Various administrative application link resources in Atlassian ...)
@@ -37641,15 +37641,15 @@ CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 
 CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build ...)
 	NOT-FOR-US: QNAP
 CVE-2018-0710 (Command injection vulnerability in SSH of QNAP Q'center Virtual ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-0709 (Command injection vulnerability in date of QNAP Q'center Virtual ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-0708 (Command injection vulnerability in networking of QNAP Q'center Virtual ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-0707 (Command injection vulnerability in change password of QNAP Q'center ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2018-0706 (Exposure of Private Information in QNAP Q'center Virtual Appliance ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...)
 	- yard 0.9.12-1
 	[stretch] - yard <no-dsa> (Minor issue)
@@ -38510,11 +38510,11 @@ CVE-2018-0387
 CVE-2018-0386
 	RESERVED
 CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT System ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0382
 	RESERVED
 CVE-2018-0381
@@ -38540,15 +38540,15 @@ CVE-2018-0372
 CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0369 (A vulnerability in the reassembly logic for fragmented IPv4 packets of ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) Center ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0367
 	RESERVED
 CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco Web ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -38598,7 +38598,7 @@ CVE-2018-0343
 CVE-2018-0342
 	RESERVED
 CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Identity ...)
@@ -190064,7 +190064,7 @@ CVE-2013-0524
 CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-0522 (The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2013-0521
 	RESERVED
 CVE-2013-0520 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1b1f0191b602e23b9791c465d8ce2626d576126

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1b1f0191b602e23b9791c465d8ce2626d576126
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180716/f9e0df8a/attachment.html>

More information about the debian-security-tracker-commits mailing list