[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Jun 5 16:57:00 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d84ceecd by Moritz Muehlenhoff at 2018-06-05T17:56:37+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -37,7 +37,7 @@ CVE-2018-11719
 CVE-2018-11718
 	RESERVED
 CVE-2017-18286 (nZEDb v0.7.3.3 has XSS in the 404 error page. ...)
-	TODO: check
+	NOT-FOR-US: nZEDb
 CVE-2016-1000352 (In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES ...)
 	- bouncycastle 1.56-1
 	NOTE: https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
@@ -13715,7 +13715,9 @@ CVE-2018-6554
 CVE-2018-6553
 	RESERVED
 CVE-2018-6552 (Apport does not properly handle crashes originating from a PID ...)
-	TODO: check
+	[experimental] - apport <unfixed>
+	NOTE: apport only in experimental, so we cannot track this in security-tracker
+	NOTE: add it, to have an explicit reference for apport if it ever enters unstable
 CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), ...)
 	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
 	- glibc 2.27-1
@@ -21583,11 +21585,11 @@ CVE-2018-3759
 CVE-2018-3758
 	RESERVED
 CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped ...)
-	TODO: check
+	NOT-FOR-US: node pdf-image
 CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable ...)
-	TODO: check
+	NOT-FOR-US: Hyperledger Iroha
 CVE-2018-3755 (XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) ...)
-	TODO: check
+	NOT-FOR-US: sexstatic
 CVE-2018-3754
 	RESERVED
 CVE-2018-3753
@@ -35230,7 +35232,7 @@ CVE-2017-16155
 CVE-2017-16154
 	RESERVED
 CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an ...)
-	TODO: check
+	NOT-FOR-US: gaoxuyan
 CVE-2017-16152
 	RESERVED
 CVE-2017-16151



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d84ceecd60e949b1b2f9ce2bbea944fb7b1e3441

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d84ceecd60e949b1b2f9ce2bbea944fb7b1e3441
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180605/3c4b4fd0/attachment.html>

More information about the debian-security-tracker-commits mailing list