[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 7 10:00:37 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6025a50f by Salvatore Bonaccorso at 2018-03-07T11:00:22+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4,9 +4,9 @@ CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel
CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass ...)
TODO: check
CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as ...)
- TODO: check
+ NOT-FOR-US: Z-BlogPHP
CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME ...)
- TODO: check
+ NOT-FOR-US: Z-BlogPHP
CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux kernel before ...)
- linux 4.11.6-1
[stretch] - linux 4.9.47-1
@@ -57,7 +57,7 @@ CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...)
CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
- piwigo <removed>
CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...)
TODO: check
CVE-2018-7719
@@ -277,7 +277,7 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Ne
NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
NOTE: it's listening on a firewalled interface."
CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application
CVE-2018-7649
RESERVED
CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...)
@@ -3630,13 +3630,13 @@ CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending .
CVE-2018-6531
RESERVED
CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows remote ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
@@ -5079,7 +5079,7 @@ CVE-2018-6021
CVE-2018-6020
RESERVED
CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows ...)
- TODO: check
+ NOT-FOR-US: Samsung Display Solutions App for Android
CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...)
NOT-FOR-US: Tinder
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6025a50f6f7f5bb0abdca008c2d3b80fce5e43f6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6025a50f6f7f5bb0abdca008c2d3b80fce5e43f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180307/4b009b23/attachment-0001.html>
More information about the Secure-testing-commits
mailing list