[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 8 21:40:35 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c791ef1 by Salvatore Bonaccorso at 2018-03-08T22:40:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7367,7 +7367,7 @@ CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4
 	NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
 	NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4
 CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid ...)
-	TODO: check
+	NOT-FOR-US: Rapid Scada
 CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...)
 	- matrixssl <removed>
 	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
@@ -8648,11 +8648,11 @@ CVE-2018-4842
 CVE-2018-4841
 	RESERVED
 CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet module ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic < ...)
 	NOT-FOR-US: Siemens / TeleControl Server Basic
 CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < ...)
@@ -16802,9 +16802,9 @@ CVE-2018-1445
 CVE-2018-1444
 	RESERVED
 CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1441
 	RESERVED
 CVE-2018-1440
@@ -16914,7 +16914,7 @@ CVE-2018-1389
 CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...)
 	NOT-FOR-US: IBM WebSphere MQ
 CVE-2018-1387 (IBM Application Performance Management for Monitoring & Diagnostics ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1386
 	RESERVED
 CVE-2018-1385
@@ -17983,17 +17983,17 @@ CVE-2018-1222
 CVE-2018-1221
 	RESERVED
 CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Archer
 CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...)
-	TODO: check
+	NOT-FOR-US: EMC RSA Archer
 CVE-2018-1218
 	RESERVED
 CVE-2018-1217
 	RESERVED
 CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...)
 	NOT-FOR-US: EMC
 CVE-2018-1213
@@ -18063,7 +18063,7 @@ CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines 
 CVE-2018-1183
 	RESERVED
 CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2018-1181
 	RESERVED
 CVE-2017-17447
@@ -50107,13 +50107,13 @@ CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileg
 CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...)
 	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
 CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
-	TODO: check
+	NOT-FOR-US: QNAP NAS application Media Streaming add-on
 CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
-	TODO: check
+	NOT-FOR-US: QNAP NAS application Media Streaming add-on
 CVE-2017-7639
 	RESERVED
 CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
-	TODO: check
+	NOT-FOR-US: QNAP NAS application Media Streaming add-on
 CVE-2017-7637
 	RESERVED
 CVE-2017-7636
@@ -50121,7 +50121,7 @@ CVE-2017-7636
 CVE-2017-7635
 	RESERVED
 CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...)
-	TODO: check
+	NOT-FOR-US: QNAP NAS application Media Streaming add-on
 CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...)
 	NOT-FOR-US: QNAP
 CVE-2017-7632
@@ -55023,7 +55023,7 @@ CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1
 CVE-2017-6153
 	RESERVED
 CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IQ Centralized Management
 CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - ...)
@@ -68128,7 +68128,7 @@ CVE-2017-1627
 CVE-2017-1626
 	RESERVED
 CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1624
 	RESERVED
 CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c791ef14632dff4cb4f32cf210e308db6e5205c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c791ef14632dff4cb4f32cf210e308db6e5205c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/bb2660b2/attachment-0001.html>


More information about the Secure-testing-commits mailing list