[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Mar 7 10:00:37 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6025a50f by Salvatore Bonaccorso at 2018-03-07T11:00:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4,9 +4,9 @@ CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel
 CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass ...)
 	TODO: check
 CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as ...)
-	TODO: check
+	NOT-FOR-US: Z-BlogPHP
 CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME ...)
-	TODO: check
+	NOT-FOR-US: Z-BlogPHP
 CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux kernel before ...)
 	- linux 4.11.6-1
 	[stretch] - linux 4.9.47-1
@@ -57,7 +57,7 @@ CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...)
 CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
 	- piwigo <removed>
 CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...)
 	TODO: check
 CVE-2018-7719
@@ -277,7 +277,7 @@ CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Ne
 	NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
 	NOTE: it's listening on a firewalled interface."
 CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application
 CVE-2018-7649
 	RESERVED
 CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...)
@@ -3630,13 +3630,13 @@ CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending .
 CVE-2018-6531
 	RESERVED
 CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-6526 (view_all_bug_page.php in MantisBT before 2018-02-02 allows remote ...)
 	- mantis <removed>
 	[wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
@@ -5079,7 +5079,7 @@ CVE-2018-6021
 CVE-2018-6020
 	RESERVED
 CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows ...)
-	TODO: check
+	NOT-FOR-US: Samsung Display Solutions App for Android
 CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...)
 	NOT-FOR-US: Tinder
 CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6025a50f6f7f5bb0abdca008c2d3b80fce5e43f6

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6025a50f6f7f5bb0abdca008c2d3b80fce5e43f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180307/4b009b23/attachment-0001.html>


More information about the Secure-testing-commits mailing list