[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Mar 10 09:17:47 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d2c8346 by Salvatore Bonaccorso at 2018-03-10T10:17:25+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2365,31 +2365,31 @@ CVE-2018-7241
 CVE-2018-7240
 	RESERVED
 CVE-2018-7239 (A DLL hijacking vulnerability exists in Schneider Electric's SoMove ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7238 (A buffer overflow vulnerability exist in the web-based GUI of ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7237 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7236 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7235 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7234 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7233 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7232 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7231 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7230 (A XML external entity (XXE) vulnerability exists in the import.cgi of ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7229 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7228 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2018-7227 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2017-18191 (An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x ...)
 	- nova <unfixed>
 	[stretch] - nova <no-dsa> (Minor issue)
@@ -19142,7 +19142,7 @@ CVE-2017-17284 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 .
 CVE-2017-17283 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17282 (SCCP (Signalling Connection Control Part) module in Huawei DP300 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones with ...)
@@ -26990,7 +26990,7 @@ CVE-2017-15325
 CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...)
@@ -27006,9 +27006,9 @@ CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR12
 CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15315 (Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-15314 (Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...)
@@ -40643,11 +40643,11 @@ CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72
 CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...)
 	NOT-FOR-US: FENCE-Explorer for Windows
 CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Corega CG-WGR1200 firmware
 CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Corega CG-WGR1200 firmware
 CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Corega CG-WGR1200 firmware
 CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge ...)
 	NOT-FOR-US: Installer for ContentsBridge Utility for Windows
 CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...)
@@ -74581,15 +74581,15 @@ CVE-2016-8788
 CVE-2016-8787
 	REJECTED
 CVE-2016-8786 (Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-8785 (Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-8784 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-8783 (Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-8782 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2016-8781 (Huawei Secospace USG6300 with software V500R001C20 and ...)
 	NOT-FOR-US: Huawei
 CVE-2016-8780 (Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, ...)
@@ -103109,7 +103109,7 @@ CVE-2016-0288 (IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.
 CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover registry ...)
 	NOT-FOR-US: IBM
 CVE-2016-0286 (IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Business Service Manager
 CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
 	NOT-FOR-US: IBM
 CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle Management ...)
@@ -103129,15 +103129,15 @@ CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domin
 CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
 	NOT-FOR-US: IBM
 CVE-2016-0276 (IBM Financial Transaction Manager (FTM) for ACH Services for ...)
-	TODO: check
+	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2016-0275 (IBM Financial Transaction Manager (FTM) for ACH Services for ...)
-	TODO: check
+	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2016-0274 (IBM Financial Transaction Manager (FTM) for ACH Services for ...)
-	TODO: check
+	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
 	NOT-FOR-US: IBM
 CVE-2016-0272 (Cross-site request forgery (CSRF) vulnerability in IBM Financial ...)
-	TODO: check
+	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before ...)
 	NOT-FOR-US: IBM
 CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 ...)
@@ -103145,7 +103145,7 @@ CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 
 CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x ...)
 	NOT-FOR-US: IBM
 CVE-2016-0268 (XML external entity (XXE) vulnerability in IBM Financial Transaction ...)
-	TODO: check
+	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
 	NOT-FOR-US: IBM
 CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the ...)
@@ -103175,7 +103175,7 @@ CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross
 CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a ...)
 	NOT-FOR-US: IBM
 CVE-2016-0253 (Cross-site scripting (XSS) vulnerability in IBM Financial Transaction ...)
-	TODO: check
+	NOT-FOR-US: IBM Financial Transaction Manager
 CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control ...)
 	NOT-FOR-US: IBM
 CVE-2016-0251
@@ -147156,7 +147156,7 @@ CVE-2014-2594
 CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager ...)
 	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
 CVE-2014-2592 (Unrestricted file upload vulnerability in Aruba Web Management portal ...)
-	TODO: check
+	NOT-FOR-US: Aruba Web Management portal
 CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 ...)
 	NOT-FOR-US: AIX
 CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d2c834647b4adccb8445e7decfa66eb7968f7f2

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1d2c834647b4adccb8445e7decfa66eb7968f7f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180310/87f463f1/attachment-0001.html>

More information about the Secure-testing-commits mailing list