[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b7c0da2 by Moritz Muehlenhoff at 2018-06-11T18:19:46+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21932,7 +21932,7 @@ CVE-2018-3854
 CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
 	NOT-FOR-US: Foxit PDF Reader
 CVE-2018-3852 (An exploitable denial of service vulnerability exists in the Ocularis ...)
-	TODO: check
+	NOT-FOR-US: Ocularis Recorder
 CVE-2018-3851 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
 	NOT-FOR-US: Hyland Perceptive Document Filters
 CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
@@ -22446,7 +22446,7 @@ CVE-2018-3760
 CVE-2018-3759
 	RESERVED
 CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 ...)
-	TODO: check
+	NOT-FOR-US: express-cart
 CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped ...)
 	NOT-FOR-US: node pdf-image
 CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable ...)
@@ -22493,7 +22493,7 @@ CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby
 	NOTE: The 'fragment' method was renamed from 'clean' method in earlier version
 	NOTE: in v3.0.0
 CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer ...)
-	TODO: check
+	NOT-FOR-US: https-proxy-agent
 CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto ...)
 	TODO: check
 CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. ...)
@@ -22549,18 +22549,18 @@ CVE-2018-3719 (mixin-deep node module before 1.3.1 suffers from a Modification o
 	NOTE: https://nodesecurity.io/advisories/578
 	NOTE: nodejs not covered by security support
 CVE-2018-3718 (serve node module suffers from Improper Handling of URL Encoding by ...)
-	TODO: check
+	NOT-FOR-US: serve node module
 CVE-2018-3717 (connect node module before 2.14.0 suffers from a Cross-Site Scripting ...)
 	- node-connect 3.0.0-1
 	NOTE: https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
 CVE-2018-3716 (simplehttpserver node module suffers from a Cross-Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: simplehttpserver node module
 CVE-2018-3715 (glance node module before 3.0.4 suffers from a Path Traversal ...)
-	TODO: check
+	NOT-FOR-US: glance node module
 CVE-2018-3714 (node-srv node module suffers from a Path Traversal vulnerability due ...)
-	TODO: check
+	NOT-FOR-US: node-srv node module
 CVE-2018-3713 (angular-http-server node module suffers from a Path Traversal ...)
-	TODO: check
+	NOT-FOR-US: angular-http-server node module
 CVE-2018-3712 (serve node module before 6.4.9 suffers from a Path Traversal ...)
 	NOT-FOR-US: npm serve
 	NOTE: fixed in 6.4.9 upstream
@@ -22622,7 +22622,7 @@ CVE-2018-3693
 CVE-2018-3692
 	RESERVED
 CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2018-3690
 	RESERVED
 CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b7c0da216022581b0151c18d5fcacf6743fb688

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4b7c0da216022581b0151c18d5fcacf6743fb688
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180611/d7a487d0/attachment.html>