[Git][security-tracker-team/security-tracker][master] Replace some NFUs with source package name tracking

Salvatore Bonaccorso carnil at debian.org
Tue Jun 19 21:59:47 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62cf9c51 by Salvatore Bonaccorso at 2018-06-19T22:59:14+02:00
Replace some NFUs with source package name tracking

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35145,7 +35145,7 @@ CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded fro
 	[stretch] - ruby-redis-store 1.1.6-1+deb9u1
 	NOTE: https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e
 CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the ...)
 	- python-pysaml2 <unfixed> (bug #882012)
 	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
@@ -71341,7 +71341,7 @@ CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in j
 CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a ...)
 	NOT-FOR-US: MuJS
 CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of ...)
 	- ed <not-affected> (Vulnerable code not present, cf #851159)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/5
@@ -124124,7 +124124,7 @@ CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 
 	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
 	NOTE: http://botan.randombit.net/security.html
 CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...)
 	{DLA-449-1}
 	- botan1.10 1.10.8-1
@@ -144215,11 +144215,11 @@ CVE-2014-8688 (An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8
 CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow ...)
 	NOT-FOR-US: Seagate Business NAS devices
 CVE-2014-8686 (CodeIgniter before 2.2.0 makes it easier for attackers to decode ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2014-8685
 	RESERVED
 CVE-2014-8684 (CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs ...)
 	NOT-FOR-US: Go Git Service
 CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) ...)
@@ -172930,7 +172930,7 @@ CVE-2013-4893
 CVE-2013-4892
 	RESERVED
 CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow remote ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: Digital Signage Xibo
 CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital ...)
@@ -270059,13 +270059,13 @@ CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2
 CVE-2007-3710 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: PHP Comet-Server
 CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...)
-	NOT-FOR-US: CodeIgniter
+	- codeigniter <itp> (bug #471583)
 CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...)
 	NOT-FOR-US: FuseTalk
 CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62cf9c510c22d9479efcbe1adb9bca8d8a5d8e3a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62cf9c510c22d9479efcbe1adb9bca8d8a5d8e3a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180619/16d4da57/attachment.html>

More information about the debian-security-tracker-commits mailing list