[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Mar 7 20:23:22 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
282e9ca7 by Salvatore Bonaccorso at 2018-03-07T21:22:56+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -580,7 +580,7 @@ CVE-2018-7562
 CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
 	NOT-FOR-US: Tenda AC9 devices
 CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
-	TODO: check
+	NOT-FOR-US: aws-lambda-multipart-parser NPM package
 CVE-2018-7559
 	RESERVED
 CVE-2018-7558
@@ -1378,7 +1378,7 @@ CVE-2018-7309
 CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting ...)
 	NOT-FOR-US: DanWin hosting
 CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles ...)
-	TODO: check
+	NOT-FOR-US: Auth0 Auth0.js library
 CVE-2018-7306
 	RESERVED
 CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...)
@@ -2769,13 +2769,13 @@ CVE-2018-6813
 CVE-2018-6812
 	RESERVED
 CVE-2018-6811 (Multiple cross-site scripting (XSS) vulnerabilities in Citrix ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-6810 (Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-6809 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-6808 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2018-6807
 	RESERVED
 CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read arbitrary files ...)
@@ -6500,19 +6500,19 @@ CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memo
 CVE-2018-5472
 	RESERVED
 CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was discovered ...)
-	TODO: check
+	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5470
 	RESERVED
 CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
-	TODO: check
+	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5468
 	RESERVED
 CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request issue was ...)
-	TODO: check
+	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5466
 	RESERVED
 CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, ...)
-	TODO: check
+	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5464
 	RESERVED
 CVE-2018-5463
@@ -6520,7 +6520,7 @@ CVE-2018-5463
 CVE-2018-5462
 	RESERVED
 CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden ...)
-	TODO: check
+	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
 CVE-2018-5460
 	RESERVED
 CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series ...)
@@ -7107,7 +7107,7 @@ CVE-2018-5256
 CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared ...)
 	NOT-FOR-US: Hitron CVE-30360 devices
 CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...)
-	TODO: check
+	NOT-FOR-US: Arista
 CVE-2018-5254
 	RESERVED
 CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/282e9ca7fd85ab659733545f5520d9ac8a424d67

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/282e9ca7fd85ab659733545f5520d9ac8a424d67
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180307/4e9ad9b0/attachment.html>

More information about the Secure-testing-commits mailing list