[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Mar 8 20:46:14 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3127a92 by Moritz Muehlenhoff at 2018-03-08T21:46:00+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -592,7 +592,7 @@ CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kerne
 	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
 CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py ...)
-	TODO: check
+	NOTE: Nonsense report for Python
 CVE-2018-1000103
 	- jenkins <removed>
 CVE-2018-1000102
@@ -1838,7 +1838,7 @@ CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary Fi
 CVE-2018-7207
 	REJECTED
 CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthenticator ...)
-	TODO: check
+	NOT-FOR-US: JupyterHub
 CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...)
 	NOT-FOR-US: Kentico
 CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...)
@@ -26264,7 +26264,7 @@ CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.
 	NOTE: https://github.com/radare/radare2/issues/8673
 	NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
 CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: Bacula-Web
 CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
 	NOT-FOR-US: Thornberry NDoc
 CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...)
@@ -50702,7 +50702,7 @@ CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8.
 CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...)
 	NOT-FOR-US: NetIQ iManager
 CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity ...)
-	TODO: check
+0	NOT-FOR-US: NetIQ Identity Manager Plug-in,
 CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...)
 	NOT-FOR-US: NetIQ Identity Manager Plugins
 CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...)
@@ -54391,9 +54391,9 @@ CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to
 CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does ...)
 	NOT-FOR-US: MikroTik RouterOS
 CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2017-6294
 	RESERVED
 CVE-2017-6293
@@ -54415,11 +54415,11 @@ CVE-2017-6286
 CVE-2017-6285
 	RESERVED
 CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2017-6281
 	RESERVED
 CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...)
@@ -54431,7 +54431,7 @@ CVE-2017-6278
 CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
 	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...)
 	NOT-FOR-US: NVIDIA components for Android
 CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...)
@@ -67790,7 +67790,7 @@ CVE-2017-1656
 CVE-2017-1655
 	RESERVED
 CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
 	NOT-FOR-US: IBM Jazz Foundation
 CVE-2017-1652
@@ -130639,7 +130639,7 @@ CVE-2014-8782
 CVE-2014-8781
 	RESERVED
 CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Jease
 CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...)
 	NOT-FOR-US: Pexip Infinity
 CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3127a929176b28d9cd41ba1c57850650c73dbd7

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3127a929176b28d9cd41ba1c57850650c73dbd7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/aa437eae/attachment-0001.html>

More information about the Secure-testing-commits mailing list