[Git][security-tracker-team/security-tracker][master] Process new NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jul 30 21:14:29 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
445e4eee by Salvatore Bonaccorso at 2018-07-30T20:14:04Z
Process new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3518,7 +3518,7 @@ CVE-2018-13282
 CVE-2018-13281
 	RESERVED
 CVE-2018-13280 (Use of insufficiently random values vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Synology
 CVE-2018-13279
 	RESERVED
 CVE-2018-13278
@@ -14352,11 +14352,11 @@ CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management 
 CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...)
 	NOT-FOR-US: Lenovo
 CVE-2018-9066 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an ...)
-	TODO: check
+	NOT-FOR-US: Lenovo xClarity Administrator
 CVE-2018-9065 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an ...)
-	TODO: check
+	NOT-FOR-US: Lenovo xClarity Administrator
 CVE-2018-9064 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an ...)
-	TODO: check
+	NOT-FOR-US: Lenovo xClarity Administrator
 CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo ...)
 	NOT-FOR-US: Lenovo
 CVE-2018-9062
@@ -29502,7 +29502,7 @@ CVE-2018-3774
 CVE-2018-3773 (There is a stored Cross-Site Scripting vulnerability in Open Graph ...)
 	TODO: check
 CVE-2018-3772 (Concatenating unsanitized user input in the `whereis` npm module < ...)
-	TODO: check
+	NOT-FOR-US: whereis nodejs module
 CVE-2018-3771 (An XSS in statics-server <= 0.0.9 can be used via injected iframe in ...)
 	NOT-FOR-US: statics-server nodejs module
 CVE-2018-3770 (A path traversal exists in markdown-pdf version <9.0.0 that allows a ...)
@@ -39366,7 +39366,7 @@ CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote ..
 	- h2o 2.2.5+dfsg1-1
 	NOTE: https://github.com/h2o/h2o/issues/1775
 CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...)
 	NOT-FOR-US: Pixelpost
 CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/445e4eee682e02c6d63b6574f12c870e57166569

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/445e4eee682e02c6d63b6574f12c870e57166569
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180730/387a09c1/attachment.html>

More information about the debian-security-tracker-commits mailing list