[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jul 19 21:37:31 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9859ef22 by Salvatore Bonaccorso at 2018-07-19T22:36:38+02:00
Process NFUs

- - - - -
8286abdc by Salvatore Bonaccorso at 2018-07-19T22:37:15+02:00
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -48,9 +48,9 @@ CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles sub
 	[jessie] - mp4v2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3
 CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the ...)
-	TODO: check
+	NOT-FOR-US: axmldec
 CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an ...)
-	TODO: check
+	NOT-FOR-US: AXML Parser
 CVE-2018-14400
 	RESERVED
 CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote ...)
@@ -9566,7 +9566,7 @@ CVE-2018-10622
 CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 ...)
 	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
 CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01 ...)
 	NOT-FOR-US: RSLinx
 CVE-2018-10618
@@ -23905,7 +23905,7 @@ CVE-2018-5542
 CVE-2018-5541
 	RESERVED
 CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5539
 	RESERVED
 CVE-2018-5538
@@ -23915,13 +23915,13 @@ CVE-2018-5537
 CVE-2018-5536
 	RESERVED
 CVE-2018-5535 (On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5533 (Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5531
 	RESERVED
 CVE-2018-5530
@@ -27930,9 +27930,9 @@ CVE-2018-3873
 CVE-2018-3872
 	RESERVED
 CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing ...)
-	TODO: check
+	NOT-FOR-US: Canvas Draw
 CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing ...)
-	TODO: check
+	NOT-FOR-US: Canvas Draw
 CVE-2018-3869
 	RESERVED
 CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead ...)
@@ -27952,13 +27952,13 @@ CVE-2018-3862 (A specially crafted TIFF image processed via the application can 
 CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead ...)
 	NOT-FOR-US: Computerinsel Photoline
 CVE-2018-3860 (An exploitable out-of-bounds write exists in the TIFF parsing ...)
-	TODO: check
+	NOT-FOR-US: Canvas Draw
 CVE-2018-3859 (An exploitable out-of-bounds write exists in the TIFF parsing ...)
-	TODO: check
+	NOT-FOR-US: Canvas Draw
 CVE-2018-3858 (An exploitable heap overflow exists in the TIFF parsing functionality ...)
-	TODO: check
+	NOT-FOR-US: Canvas Draw
 CVE-2018-3857 (An exploitable heap overflow exists in the TIFF parsing functionality ...)
-	TODO: check
+	NOT-FOR-US: Canvas Draw
 CVE-2018-3856
 	RESERVED
 CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
@@ -34193,11 +34193,11 @@ CVE-2018-1589
 CVE-2018-1588
 	RESERVED
 CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Rhapsody Design Manager
 CVE-2018-1586
 	RESERVED
 CVE-2018-1585 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Rhapsody Design Manager
 CVE-2018-1584
 	RESERVED
 CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to bypass ...)
@@ -34295,9 +34295,9 @@ CVE-2018-1538
 CVE-2018-1537
 	RESERVED
 CVE-2018-1536 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Rhapsody Design Manager
 CVE-2018-1535 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational Rhapsody Design Manager
 CVE-2018-1534
 	RESERVED
 CVE-2018-1533
@@ -34309,7 +34309,7 @@ CVE-2018-1531
 CVE-2018-1530
 	RESERVED
 CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational DOORS Next Generation
 CVE-2018-1528
 	RESERVED
 CVE-2018-1527
@@ -38877,39 +38877,39 @@ CVE-2018-0405
 CVE-2018-0404
 	RESERVED
 CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0397
 	RESERVED
 CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0395
 	RESERVED
 CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0391
 	RESERVED
 CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0389
 	RESERVED
 CVE-2018-0388
 	RESERVED
 CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0386
 	RESERVED
 CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket ...)
@@ -38923,23 +38923,23 @@ CVE-2018-0382
 CVE-2018-0381
 	RESERVED
 CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0378
 	RESERVED
 CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interface ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite before ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy Suite ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System ...)
@@ -38985,25 +38985,25 @@ CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Secu
 CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN ...)
-	TODO: check
+	NOT-FOR-US: Cisco (tcpdump utility in Cisco SD-WAN Solution, but CVE is Cisco specific assigned)
 CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0345 (A vulnerability in the configuration and management database of the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration and ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0343 (A vulnerability in the configuration and management service of the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0342 (A vulnerability in the configuration and monitoring service of the ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified ...)
@@ -165730,7 +165730,7 @@ CVE-2014-2304
 CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ...)
 	NOT-FOR-US: webEdition CMS
 CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x ...)
-	TODO: check
+	NOT-FOR-US: webEdition CMS
 CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...)
 	NOT-FOR-US: OrbiTeam BSCW
 CVE-2014-2300



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a0ebc6a0552f949a2ae453b106f9be10dba670ef...8286abdc6f5cb724b7c69b3c36bfd51fb665a827

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a0ebc6a0552f949a2ae453b106f9be10dba670ef...8286abdc6f5cb724b7c69b3c36bfd51fb665a827
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180719/6e4e3aec/attachment.html>

More information about the debian-security-tracker-commits mailing list