[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff jmm at debian.org
Sat Jun 30 12:16:53 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f89170a by Moritz Muehlenhoff at 2018-06-30T13:16:02+02:00
NFUs

- - - - -
7e316eeb by Moritz Muehlenhoff at 2018-06-30T13:16:29+02:00
gosa fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -967,7 +967,7 @@ CVE-2018-1000530
 CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...)
 	NOT-FOR-US: Grails Fields plugin
 CVE-2018-1000528 (GONICUS GOsa version before commit ...)
-	- gosa <unfixed> (low; bug #902723)
+	- gosa 2.7.4+reloaded3-5 (low; bug #902723)
 	NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
 	NOTE: https://github.com/gosa-project/gosa-core/issues/14
 CVE-2018-1000527 (Froxlor version <= 0.9.39.5 contains a PHP Object Injection ...)
@@ -38566,49 +38566,49 @@ CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory ..
 CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to a ...)
 	NOT-FOR-US: lessindex
 CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: jn_jj_server
 CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: enserver
 CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: dmmcquay.lab6
 CVE-2017-16207 (discordi.js is a malicious module based on the discord.js library that ...)
-	TODO: check
+	NOT-FOR-US: discordi.js
 CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a user's ...)
-	TODO: check
+	NOT-FOR-US: cofee-script
 CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a user's ...)
-	TODO: check
+	NOT-FOR-US:  coffescript
 CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's private ...)
-	TODO: check
+	NOT-FOR-US: jquey
 CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a user's ...)
-	TODO: check
+	NOT-FOR-US: coffe-script
 CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a user's ...)
-	TODO: check
+	NOT-FOR-US: cofeescript
 CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: zjjserver
 CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: uv-tj-demo
 CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: sus-sum
 CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: ritp
 CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: sinserve
 CVE-2017-16196 (quickserver is a simple static file server. quickserver is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: quickserver
 CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: pytservce
 CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: picard
 CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: mfrs
 CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is ...)
-	TODO: check
+	NOT-FOR-US: getcityapi.yoehoehne
 CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: cypserver
 CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: dcdcdcdcdc
 CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: sly07
 CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a directory ...)
 	TODO: check
 CVE-2017-16187 (open-device creates a web interface for any device. open-device is ...)
@@ -76115,11 +76115,11 @@ CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web ..
 CVE-2017-3963
 	REJECTED
 CVE-2017-3962 (Password recovery exploitation vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in ...)
 	NOT-FOR-US: McAfee
 CVE-2017-3960 (Exploitation of Authorization vulnerability in the web interface in ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3959
 	REJECTED
 CVE-2017-3958
@@ -76167,7 +76167,7 @@ CVE-2017-3938
 CVE-2017-3937
 	RESERVED
 CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...)
 	NOT-FOR-US: McAfee Network Data Loss Prevention
 CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...)
@@ -76225,7 +76225,7 @@ CVE-2017-3909
 CVE-2017-3908
 	RESERVED
 CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3906
 	RESERVED
 CVE-2017-3905
@@ -78729,11 +78729,11 @@ CVE-2017-3210
 CVE-2017-3209
 	RESERVED
 CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3206 (The Java implementation of AMF3 deserializers used by Flamingo ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3205
 	RESERVED
 CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host ...)
@@ -78742,15 +78742,15 @@ CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host
 	NOTE: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
 	NOTE: https://github.com/golang/go/issues/19767
 CVE-2017-3203 (The Java implementations of AMF3 deserializers in Pivotal/Spring ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3202 (The Java implementation of AMF3 deserializers used in Flamingo ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3201 (The Java implementation of AMF3 deserializers used in Flamingo ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3200 (The Java implementation of AMF3 deserializers used in GraniteDS, ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3199 (The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 ...)
-	TODO: check
+	NOT-FOR-US: AMF3 deserialisers
 CVE-2017-3198
 	RESERVED
 CVE-2017-3197



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a2bff4e1dc6fabeafdb505e0917ceb9679e3233...7e316eebf46739a84f05bc29e60c5e6fac3ab8ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/3a2bff4e1dc6fabeafdb505e0917ceb9679e3233...7e316eebf46739a84f05bc29e60c5e6fac3ab8ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180630/5d2d1d6b/attachment.html>

More information about the debian-security-tracker-commits mailing list