[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jun 11 20:53:54 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d746947 by Salvatore Bonaccorso at 2018-06-11T21:53:24+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -22503,7 +22503,7 @@ CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby
 CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer ...)
 	NOT-FOR-US: https-proxy-agent
 CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto ...)
-	TODO: check
+	NOT-FOR-US: protobufjs
 CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. ...)
 	- node-sshpk <unfixed> (unimportant; bug #901093)
 	NOTE: https://github.com/joyent/node-sshpk/issues/44
@@ -22512,19 +22512,19 @@ CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public 
 CVE-2018-3736 (https-proxy-agent passes unsanitized options to Buffer(arg) resulting ...)
 	NOT-FOR-US: https-proxy-agent nodejs module
 CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable ...)
-	TODO: check
+	NOT-FOR-US: bracket-template nodejs module
 CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...)
 	NOT-FOR-US: stattic nodejs module
 CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path ...)
 	NOT-FOR-US: crud-file-server nodejs module
 CVE-2018-3732 (resolve-path node module before 1.4.0 suffers from a Path Traversal ...)
-	TODO: check
+	NOT-FOR-US: resolve-path nodejs module
 CVE-2018-3731 (public node module suffers from a Path Traversal vulnerability due to ...)
-	TODO: check
+	NOT-FOR-US: public nodejs module
 CVE-2018-3730 (mcstatic node module suffers from a Path Traversal vulnerability due ...)
-	TODO: check
+	NOT-FOR-US: mcstatic nodejs module
 CVE-2018-3729 (localhost-now node module suffers from a Path Traversal vulnerability ...)
-	TODO: check
+	NOT-FOR-US: localhost-now nodejs module
 CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of ...)
 	- node-hoek <unfixed> (unimportant)
 	NOTE: fixed in 4.2.1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d746947f1a17a3955d23485567a26119be2ec14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d746947f1a17a3955d23485567a26119be2ec14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180611/27dc7d75/attachment.html>

More information about the debian-security-tracker-commits mailing list