[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 13 20:54:45 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71c155d7 by Salvatore Bonaccorso at 2018-03-13T21:53:43+01:00
Process NFUs

- - - - -
3980c0da by Salvatore Bonaccorso at 2018-03-13T21:54:06+01:00
Add two glpi issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,13 +9,13 @@ CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a
 	- sharutils <unfixed>
 	NOTE: http://seclists.org/bugtraq/2018/Feb/54
 CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...)
-	TODO: check
+	NOT-FOR-US: tiny-json-http
 CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) ...)
-	TODO: check
+	NOT-FOR-US: ovirt-engine
 CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey ...)
-	TODO: check
+	NOT-FOR-US: Remedy Mid Tier in BMC Remedy AR System
 CVE-2018-8084
 	RESERVED
 CVE-2018-8083
@@ -29,7 +29,7 @@ CVE-2018-8080
 CVE-2018-8079
 	RESERVED
 CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
-	TODO: check
+	NOT-FOR-US: YzmCMS
 CVE-2018-8077
 	RESERVED
 CVE-2018-8076
@@ -1395,9 +1395,11 @@ CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
 CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
 	NOT-FOR-US: Polycom QDX 6000 devices
 CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
 	NOT-FOR-US: Tenda AC9 devices
 CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
@@ -4049,7 +4051,7 @@ CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD3
 CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass ...)
 	NOT-FOR-US: OMRON NS devices
 CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could ...)
-	TODO: check
+	NOT-FOR-US: Hola
 CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an ...)
 	NOT-FOR-US: jenkins-plugin-workflow-support
 CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...)
@@ -4902,7 +4904,7 @@ CVE-2018-6402
 CVE-2018-6401
 	RESERVED
 CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...)
-	TODO: check
+	NOT-FOR-US: Kingsoft WPS Office Free
 CVE-2018-6399
 	RESERVED
 CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...)
@@ -5182,9 +5184,9 @@ CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descrip
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
 CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges ...)
-	TODO: check
+	NOT-FOR-US: Panda Global Protection
 CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering ...)
-	TODO: check
+	NOT-FOR-US: Panda Global Protection
 CVE-2018-6320
 	RESERVED
 CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special ...)
@@ -5503,7 +5505,7 @@ CVE-2018-6185
 CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...)
 	NOT-FOR-US: ZEIT Next.js
 CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...)
-	TODO: check
+	NOT-FOR-US: BitDefender Total Security
 CVE-2018-6182
 	RESERVED
 CVE-2018-6181
@@ -6050,7 +6052,7 @@ CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Andro
 CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)
 	NOT-FOR-US: Tinder
 CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: 10-Strike Network Monitor
 CVE-2018-6015 (An issue was discovered in the "Email Subscribers & Newsletters" ...)
 	NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
 CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash ...)
@@ -6760,7 +6762,7 @@ CVE-2018-5760
 CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
 	NOT-FOR-US: MuJS
 CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n ...)
-	TODO: check
+	NOT-FOR-US: Aurea Jive Jive-n
 CVE-2018-5757
 	RESERVED
 CVE-2018-5756
@@ -18598,7 +18600,7 @@ CVE-2018-1208
 CVE-2018-1207
 	RESERVED
 CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
-	TODO: check
+	NOT-FOR-US: EMC Data Protection Advisor
 CVE-2018-1205
 	RESERVED
 CVE-2018-1204



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d55696b4365e536e849b819e25508d4a0901bae...3980c0da790ba8dae423b662388e5da8d6e3cb78

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8d55696b4365e536e849b819e25508d4a0901bae...3980c0da790ba8dae423b662388e5da8d6e3cb78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180313/b7fdf805/attachment.html>

More information about the Secure-testing-commits mailing list