[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sat Jun 30 22:24:53 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d26828c by Moritz Muehlenhoff at 2018-06-30T23:22:55+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3084,7 +3084,6 @@ CVE-2018-1002209 [arbitrary file write vulnerability / arbitrary code execution 
 	[stretch] - libquazip <no-dsa> (Minor issue)
 	[jessie] - libquazip <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011
-	TODO: further checks, should be fixedin 0.7.6
 CVE-2018-1002204 [nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file]
 	NOT-FOR-US: adm-zip nodejs module
 CVE-2018-1002202 [Arbitrary File Write via Archive Extraction]
@@ -38691,65 +38690,65 @@ CVE-2017-16170 (liuyaserver is a static file server. liuyaserver is vulnerable t
 CVE-2017-16169 (looppake is a simple http server. looppake is vulnerable to a ...)
 	NOT-FOR-US: looppake
 CVE-2017-16168 (wffserve is vulnerable to a directory traversal issue, giving an ...)
-	TODO: check
+	NOT-FOR-US: wffserve
 CVE-2017-16167 (yyooopack is a simple file server. yyooopack is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: yyooopack
 CVE-2017-16166 (byucslabsix is an http server. byucslabsix is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: byucslabsix
 CVE-2017-16165 (calmquist.static-server is a static file server. ...)
-	TODO: check
+	NOT-FOR-US: calmquist.static-server
 CVE-2017-16164 (desafio is a simple web server. desafio is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: desafio
 CVE-2017-16163 (dylmomo is a simple file server. dylmomo is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: dylmomo
 CVE-2017-16162 (22lixian is a simple file server. 22lixian is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: 22lixian
 CVE-2017-16161 (shenliru is a simple file server. shenliru is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: shenliru
 CVE-2017-16160 (11xiaoli is a simple file server. 11xiaoli is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: 11xiaoli
 CVE-2017-16159 (caolilinode is a simple file server. caolilinode is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: caolilinode
 CVE-2017-16158 (dcserver is a static file server. dcserver is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: dcserver
 CVE-2017-16157 (censorify.tanisjr is a simple web server and API RESTful service. ...)
-	TODO: check
+	NOT-FOR-US: censorify.tanisjr
 CVE-2017-16156 (myprolyz is a static file server. myprolyz is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: myprolyz
 CVE-2017-16155 (fast-http-cli is the command line interface for fast-http, a simple ...)
-	TODO: check
+	NOT-FOR-US: fast-http-cli
 CVE-2017-16154 (earlybird is a web server module for early development. earlybird is ...)
-	TODO: check
+	NOT-FOR-US: earlybird
 CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an ...)
 	NOT-FOR-US: gaoxuyan
 CVE-2017-16152 (static-html-server is a static file server. static-html-server is ...)
-	TODO: check
+	NOT-FOR-US: static-html-server
 CVE-2017-16151 (Based on details posted by the ElectronJS team; A remote code ...)
-	TODO: check
+	NOT-FOR-US: Electron
 CVE-2017-16150 (wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: wanggoujing123
 CVE-2017-16149 (zwserver is a weather web server. zwserver is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: zwserver
 CVE-2017-16148 (serve46 is a static file server. serve46 is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: serve46
 CVE-2017-16147 (shit-server is a file server. shit-server is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: shit-server
 CVE-2017-16146 (mockserve is a file server. mockserve is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: mockserve
 CVE-2017-16145 (sspa is a server dedicated to single-page apps. sspa is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: sspa
 CVE-2017-16144 (myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is ...)
-	TODO: check
+	NOT-FOR-US: myserver.alexcthomas18
 CVE-2017-16143 (commentapp.stetsonwood is an http server. commentapp.stetsonwood is ...)
-	TODO: check
+	NOT-FOR-US: commentapp.stetsonwood
 CVE-2017-16142 (infraserver is a RESTful server. infraserver is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: infraserver
 CVE-2017-16141 (lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: lab6drewfusbyu
 CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: lab6.brit95
 CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal ...)
-	TODO: check
+	NOT-FOR-US: jikes
 CVE-2017-16138 (The mime module is vulnerable to regular expression denial of service ...)
 	- node-mime 2.3.1-1 (unimportant; bug #901277)
 	NOTE: https://github.com/broofa/node-mime/issues/167
@@ -38764,17 +38763,17 @@ CVE-2017-16137 (The debug module is vulnerable to regular expression denial of s
 CVE-2017-16136 (method-override is a module used by the Express.js framework to let ...)
 	NOT-FOR-US: method-override nodejs module
 CVE-2017-16135 (serverzyy is a static file server. serverzyy is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: serverzyy
 CVE-2017-16134 (http_static_simple is an http server. http_static_simple is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: http_static_simple
 CVE-2017-16133 (goserv is an http server. goserv is vulnerable to a directory ...)
-	TODO: check
+	NOT-FOR-US: goserv
 CVE-2017-16132 (simple-npm-registry is a local npm package cache. simple-npm-registry ...)
-	TODO: check
+	NOT-FOR-US: simple-npm-registry
 CVE-2017-16131 (unicorn-list is a web framework. unicorn-list is vulnerable to a ...)
-	TODO: check
+	NOT-FOR-US: unicorn-list
 CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. ...)
-	TODO: check
+	NOT-FOR-US: exxxxxxxxxxx
 CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb attacks. ...)
 	- node-superagent <unfixed> (unimportant)
 	NOTE: https://github.com/visionmedia/superagent/issues/1259



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d26828cbb30d3b21f161ded863925081d2b6d06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d26828cbb30d3b21f161ded863925081d2b6d06
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180630/664d5bb8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list