[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
022dac1b by Salvatore Bonaccorso at 2018-06-11T22:24:08+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -223,11 +223,11 @@ CVE-2018-12114
 CVE-2018-12113
 	RESERVED
 CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: md4c
 CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI ...)
-	TODO: check
+	NOT-FOR-US: Canon PrintMe EFI webinterface
 CVE-2018-12110 (portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php ...)
-	TODO: check
+	NOT-FOR-US: portfolioCMS
 CVE-2018-12109 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
 	TODO: check
 CVE-2018-12108 (An issue was discovered in Dropbox Lepton 1.2.1. The ...)
@@ -243,11 +243,11 @@ CVE-2018-12104
 CVE-2018-12103
 	RESERVED
 CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function ...)
-	TODO: check
+	NOT-FOR-US: md4c
 CVE-2018-12101
 	RESERVED
 CVE-2018-12100 (Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
 	TODO: check
 CVE-2018-12098
@@ -257,19 +257,19 @@ CVE-2018-12097
 CVE-2018-12096
 	RESERVED
 CVE-2018-12095 (A Reflected Cross-Site Scripting web vulnerability has been discovered ...)
-	TODO: check
+	NOT-FOR-US: OEcms
 CVE-2018-12094 (Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS ...)
-	TODO: check
+	NOT-FOR-US: Dimofinf CMS
 CVE-2018-12093 (tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in ...)
-	TODO: check
+	NOT-FOR-US: tinyexr
 CVE-2018-12092 (tinyexr 0.9.5 has a heap-based buffer over-read in ...)
-	TODO: check
+	NOT-FOR-US: tinyexr
 CVE-2018-12091
 	RESERVED
 CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in LAMS ...)
 	TODO: check
 CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2018-XXXX [bug in the get_missing_events federation API where event visibility rules were not applied correctly]
 	- matrix-synapse 0.31.1+dfsg-1 (bug #901293)
 	NOTE: https://github.com/matrix-org/synapse/pull/3371



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/022dac1b008a3e6c802f150ee147560a195373c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/022dac1b008a3e6c802f150ee147560a195373c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180611/7ec763f3/attachment.html>