[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Jul 29 05:01:20 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f60a32c2 by Salvatore Bonaccorso at 2018-07-29T04:00:59Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -221,13 +221,13 @@ CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversa
 	NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232
 	TODO: further checks
 CVE-2018-1002207 (mholt/archiver golang package before ...)
-	TODO: check
+	NOT-FOR-US: golang-github-mholt-archiver
 CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory traversal, ...)
-	TODO: check
+	NOT-FOR-US: SharpCompress library (for .NET Standard 1.0)
 CVE-2018-1002205 (DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, ...)
-	TODO: check
+	NOT-FOR-US: DotNetZip.Semvered library (.NET)
 CVE-2018-1002203 (unzipper npm library before 0.8.13 is vulnerable to directory ...)
-	TODO: check
+	NOT-FOR-US: unzipper nodejs module
 CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: wancms
 CVE-2018-14595
@@ -632,7 +632,7 @@ CVE-2018-14441 (An issue was discovered in cckevincyh SSH CompanyWebsite through
 CVE-2018-14440 (An issue was discovered in cckevincyh SSH CompanyWebsite through ...)
 	NOT-FOR-US: cckevincyh SSH CompanyWebsite
 CVE-2018-14439 (espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 ...)
-	TODO: check
+	NOT-FOR-US: eos4j
 CVE-2018-14438 (In Wireshark through 2.6.2, the create_app_running_mutex function in ...)
 	- wireshark <not-affected> (Problem with SetSecurityDescriptorDacl() is Windows specific issue)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921
@@ -1008,7 +1008,7 @@ CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 
 CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a denial of ...)
 	NOT-FOR-US: TP-Link
 CVE-2018-14335 (An issue was discovered in H2 1.4.197. Insecure handling of ...)
-	TODO: check
+	NOT-FOR-US: H2 (different from src:python-h2)
 CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file ...)
 	NOT-FOR-US: joyplus-cms
 CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format within ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60a32c273b4f032afdf0a90630e5bc5aefd40af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f60a32c273b4f032afdf0a90630e5bc5aefd40af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180729/7377934b/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list