[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sat Jun 16 15:16:32 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86143657 by Moritz Muehlenhoff at 2018-06-16T16:16:13+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1135,7 +1135,7 @@ CVE-2018-12032
 CVE-2018-12031 (Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an ...)
 	NOT-FOR-US: Eaton Intelligent Power Manager
 CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Chevereto Free
 CVE-2018-12029 [CHMOD race vulnerability]
 	RESERVED
 	- passenger <unfixed>
@@ -1158,7 +1158,7 @@ CVE-2018-12026
 	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
 	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
 CVE-2018-12025 (The transferFrom function of a smart contract implementation for ...)
-	TODO: check
+	NOT-FOR-US: FuturXE
 CVE-2018-12024
 	RESERVED
 CVE-2018-12023
@@ -3239,11 +3239,11 @@ CVE-2018-11224 (An issue was discovered in Libav 12.3. A read access violation i
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1129
 	TODO: check
 CVE-2018-11223 (XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2018-11222 (Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS through ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command ...)
 	NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
 CVE-2018-11219 [integer overflow]
@@ -6589,7 +6589,7 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0
 	NOTE: https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
 	NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
 CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale before ...)
-	TODO: check
+	NOT-FOR-US: Whale
 CVE-2018-1000168 (nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper ...)
 	- nghttp2 1.31.1-1 (low; bug #895566)
 	[stretch] - nghttp2 <no-dsa> (Minor issue)
@@ -37585,27 +37585,27 @@ CVE-2016-10634 (scala-standalone-bin is a Binary wrapper for ScalaJS. ...)
 CVE-2016-10633 (dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. ...)
 	TODO: check
 CVE-2016-10632 (apk-parser2 is a module which extracts Android Manifest info from an ...)
-	TODO: check
+	NOT-FOR-US: apk-parser2
 CVE-2016-10631 (jvminstall is a module for downloading and unpacking jvm to local ...)
-	TODO: check
+	NOT-FOR-US: jvminstall
 CVE-2016-10630 (install-g-test downloads resources over HTTP, which leaves it ...)
-	TODO: check
+	NOT-FOR-US: install-g-test
 CVE-2016-10629 (nw-with-arm is a NW Installer including ARM-Build. nw-with-arm ...)
-	TODO: check
+	NOT-FOR-US: nw-with-arm
 CVE-2016-10628 (selenium-wrapper is a selenium server wrapper, including installation ...)
-	TODO: check
+	NOT-FOR-US: selenium-wrapper
 CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary ...)
-	TODO: check
+	NOT-FOR-US: scala-bin
 CVE-2016-10626 (mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads ...)
-	TODO: check
+	NOT-FOR-US: mystem3
 CVE-2016-10625 (headless-browser-lite is a minimal npm installer for phantomjs and ...)
-	TODO: check
+	NOT-FOR-US: headless-browser-lite
 CVE-2016-10624 (selenium-chromedriver is a simple utility for downloading the Selenium ...)
-	TODO: check
+	NOT-FOR-US: selenium-chromedriver
 CVE-2016-10623 (macaca-chromedriver-zxa is a Node.js wrapper for the selenium ...)
-	TODO: check
+	NOT-FOR-US: macaca-chromedriver-zxa
 CVE-2016-10622 (nodeschnaps is a NodeJS compatibility layer for Java (Rhino). ...)
-	TODO: check
+	NOT-FOR-US: nodeschnaps
 CVE-2016-10621 (fibjs is a runtime for javascript applictions built on google v8 JS. ...)
 	NOT-FOR-US: fibjs
 CVE-2016-10620 (atom-node-module-installer installs node modules for atom-shell ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86143657fd0ed285acb394d34467ccabdd97ad39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86143657fd0ed285acb394d34467ccabdd97ad39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180616/cbaf7e3c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list