[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Jun 22 22:00:00 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48b4aae9 by Moritz Muehlenhoff at 2018-06-22T22:54:43+02:00
NFUs

- - - - -
34cee06d by Moritz Muehlenhoff at 2018-06-22T22:59:42+02:00
add slurm-llnl to dsa-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,13 +1,13 @@
 CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...)
-	TODO: check
+	NOT-FOR-US: tinyexr
 CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. ...)
-	TODO: check
+	NOT-FOR-US: tinyexr
 CVE-2018-12686
 	RESERVED
 CVE-2018-12685
 	RESERVED
 CVE-2018-12684 (Out-of-bounds Read in the send_ssi_file function in civetweb.c in ...)
-	TODO: check
+	NOT-FOR-US: CivetWeb
 CVE-2018-12683
 	RESERVED
 CVE-2018-12682
@@ -19,7 +19,7 @@ CVE-2018-12680
 CVE-2018-12679
 	RESERVED
 CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to the ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2018-12677
 	RESERVED
 CVE-2018-12676
@@ -57,17 +57,17 @@ CVE-2018-12661
 CVE-2018-12660
 	RESERVED
 CVE-2018-12659 (SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF ...)
-	TODO: check
+	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12658 (Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in ...)
-	TODO: check
+	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12657 (Reflected Cross-Site Scripting (XSS) exists in the Master File module ...)
-	TODO: check
+	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12656 (Reflected Cross-Site Scripting (XSS) exists in the Membership module in ...)
-	TODO: check
+	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation module ...)
-	TODO: check
+	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the Bibliography module ...)
-	TODO: check
+	NOT-FOR-US: SLiMS 8 Akasia
 CVE-2018-12653
 	RESERVED
 CVE-2018-12652
@@ -77,7 +77,7 @@ CVE-2018-12651
 CVE-2018-12650
 	RESERVED
 CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in MISP ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2018-12648 (The WEBP::GetLE32 function in ...)
 	TODO: check
 CVE-2018-12647
@@ -91,7 +91,7 @@ CVE-2018-12644
 CVE-2018-12643
 	RESERVED
 CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not ...)
-	TODO: check
+	NOT-FOR-US: Floxlor
 CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as ...)
 	TODO: check
 CVE-2018-12640
@@ -225,7 +225,7 @@ CVE-2018-1000404
 CVE-2018-12637
 	RESERVED
 CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to ...)
 	NOT-FOR-US: CirCarLife Scada
 CVE-2018-12634 (CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive ...)


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -70,6 +70,8 @@ ruby-rack-protection (jmm)
 -
 ruby-sprockets
 --
+slurm-llnl
+--
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7005065cf71562ebe0f54190bc6f6d96ed1e6e58...34cee06de1a87bc64daac4118e389c4262549d1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7005065cf71562ebe0f54190bc6f6d96ed1e6e58...34cee06de1a87bc64daac4118e389c4262549d1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180622/c62c48dd/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list