[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Jun 27 20:53:44 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae4bfd3e by Moritz Muehlenhoff at 2018-06-27T21:52:52+02:00
NFUs

- - - - -
d471b849 by Moritz Muehlenhoff at 2018-06-27T21:53:23+02:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,9 +3,9 @@ CVE-2018-12904 [KVM L1 guest escape]
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
 	NOTE: https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8
 CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) ...)
-	TODO: check
+	NOT-FOR-US: CyberArk Endpoint Privilege Manager
 CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search bar of ...)
-	TODO: check
+	NOT-FOR-US: Easy Magazine
 CVE-2018-12901
 	RESERVED
 CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
@@ -31,7 +31,7 @@ CVE-2018-12891
 CVE-2018-12890
 	RESERVED
 CVE-2018-12889 (An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer ...)
-	TODO: check
+	NOT-FOR-US: CCN-lite
 CVE-2018-12888
 	RESERVED
 CVE-2018-12887
@@ -41,7 +41,7 @@ CVE-2018-12886
 CVE-2018-12885
 	RESERVED
 CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in ...)
 	TODO: check
 CVE-2018-XXXX [grep-excuses: uses YAML::Syck in a unsafe way]
@@ -423,9 +423,9 @@ CVE-2018-12713 (GIMP through 2.10.2 makes g_get_tmp_dir calls to establish tempo
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/issues/1689
 	NOTE: No security impact
 CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-12711 (An XSS issue was discovered in the language switcher module in Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-12710
 	RESERVED
 CVE-2016-10724
@@ -610,21 +610,21 @@ CVE-2018-1000556 (WordPress version 4.8 + contains a Cross Site Scripting (XSS) 
 CVE-2018-1000555
 	REJECTED
 CVE-2018-1000554 (Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token ...)
-	TODO: check
+	NOT-FOR-US: Trovebox
 CVE-2018-1000553 (Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery ...)
-	TODO: check
+	NOT-FOR-US: Trovebox
 CVE-2018-1000552 (Trovebox version <= 4.0.0-rc6 contains a SQL Injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Trovebox
 CVE-2018-1000551 (Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling ...)
-	TODO: check
+	NOT-FOR-US: Trovebox
 CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a ...)
 	TODO: check
 CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration ...)
-	TODO: check
+	NOT-FOR-US: Wekan
 CVE-2018-1000548 (Umlet version < 14.3 contains a XML External Entity (XXE) ...)
-	TODO: check
+	NOT-FOR-US: Umlet
 CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control ...)
-	TODO: check
+	NOT-FOR-US: CoreBOS
 CVE-2018-1000546 (Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) ...)
 	TODO: check
 CVE-2018-1000545
@@ -632,31 +632,31 @@ CVE-2018-1000545
 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...)
 	TODO: check
 CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...)
-	TODO: check
+	NOT-FOR-US: Akiee
 CVE-2018-1000542 (netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity ...)
-	TODO: check
+	NOT-FOR-US: netbeans-mmd-plugin
 CVE-2018-1000541
 	REJECTED
 CVE-2018-1000540 (LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd ...)
-	TODO: check
+	NOT-FOR-US: LoboEvolution
 CVE-2018-1000539 (Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper ...)
 	TODO: check
 CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to ...)
-	TODO: check
+	NOT-FOR-US: Minion
 CVE-2018-1000537 (Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer ...)
-	TODO: check
+	NOT-FOR-US: Marlin
 CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability evolving ...)
-	TODO: check
+	NOT-FOR-US: Media
 CVE-2018-1000535 (lms version <= LMS_011123 contains a Local File Disclosure ...)
-	TODO: check
+	NOT-FOR-US: lms
 CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into code ...)
-	TODO: check
+	NOT-FOR-US: Joplin
 CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing incorrectly ...)
-	TODO: check
+	NOT-FOR-US: klaussilveira GitList
 CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or ...)
 	TODO: check
 CVE-2018-1000531 (inversoft prime-jwt version prior to commit ...)
-	TODO: check
+	NOT-FOR-US: prime-jwt
 CVE-2018-1000530
 	REJECTED
 CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
@@ -664,53 +664,53 @@ CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scrip
 CVE-2018-1000528 (GONICUS GOsa version before commit ...)
 	TODO: check
 CVE-2018-1000527 (Froxlor version <= 0.9.39.5 contains a PHP Object Injection ...)
-	TODO: check
+	NOT-FOR-US: Froxlor
 CVE-2018-1000526 (Openpsa contains a XML Injection vulnerability in RSS file upload ...)
-	TODO: check
+	NOT-FOR-US: openpsa
 CVE-2018-1000525 (openpsa contains a PHP Object Injection vulnerability in Form data ...)
-	TODO: check
+	NOT-FOR-US: openpsa
 CVE-2018-1000524 (miniSphere version 5.2.9 and earlier contains a Integer Overflow ...)
-	TODO: check
+	NOT-FOR-US: miniSphere
 CVE-2018-1000523 (topydo contains a CWE-20: Improper Input Validation vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: topydo
 CVE-2018-1000522
 	REJECTED
 CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BigTree-CMS
 CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows ...)
 	TODO: check
 CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerability in ...)
 	TODO: check
 CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling ...)
-	TODO: check
+	NOT-FOR-US: aaugustin websockets
 CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit ...)
 	TODO: check
 CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper ...)
-	TODO: check
+	NOT-FOR-US: Galaxy Project Galaxy
 CVE-2018-1000515 (ventrian News-Articles version NewsArticles.00.09.11 contains a XML ...)
-	TODO: check
+	NOT-FOR-US: News-Articles
 CVE-2018-1000514 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request ...)
-	TODO: check
+	NOT-FOR-US: LimeSurvey
 CVE-2018-1000513 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: LimeSurvey
 CVE-2018-1000512 (Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-1000511 (WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-1000510 (WP Image Zoom version 1.23 contains a Incorrect Access Control ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-1000509 (Redirection version 2.7.1 contains a Serialisation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Redirection
 CVE-2018-1000508 (WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-1000507 (WP User Groups version 2.0.0 contains a Cross ite Request Forgery ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-1000506 (Metronet Tag Manager version 1.2.7 contains a Cross ite Request ...)
-	TODO: check
+	NOT-FOR-US: Metronet Tag Manager
 CVE-2018-1000505 (Tooltipy (tooltips for WP) version 5 contains a Cross ite Request ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-1000504 (Redirection version 2.7.3 contains a ACE via file inclusion ...)
-	TODO: check
+	NOT-FOR-US: Redirection
 CVE-2018-1000503 (MyBB Group MyBB contains a Incorrect Access Control vulnerability in ...)
 	TODO: check
 CVE-2018-1000502 (MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1d4b25ffa66b274ba4314ccc979b0513e1ee817a...d471b849cd27fb39c893882002a03cf2a08f73b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1d4b25ffa66b274ba4314ccc979b0513e1ee817a...d471b849cd27fb39c893882002a03cf2a08f73b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180627/a108d950/attachment.html>

More information about the debian-security-tracker-commits mailing list