[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: Process NFUs

Wed Mar 14 21:18:55 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f322a8b by Salvatore Bonaccorso at 2018-03-14T22:18:26+01:00
Process NFUs

- - - - -
5ef4d6ae by Salvatore Bonaccorso at 2018-03-14T22:18:27+01:00
Add new webmin issue

- - - - -
96d98e94 by Salvatore Bonaccorso at 2018-03-14T22:18:27+01:00
Add CVE-2018-1000132/mercurial

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,19 +1,19 @@
 CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...)
-	TODO: check
+	NOT-FOR-US: joyplus-cms
 CVE-2018-8716
 	RESERVED
 CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3, have a ...)
-	TODO: check
+	NOT-FOR-US: Embedthis HTTP library / Appweb
 CVE-2018-8714
 	RESERVED
 CVE-2018-8713
 	RESERVED
 CVE-2018-8712 (An issue was discovered in Webmin 1.840 and 1.880 when the default Yes ...)
-	TODO: check
+	- webmin <removed>
 CVE-2018-8711 (A local file inclusion issue was discovered in the WooCommerce Products ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
 CVE-2018-8710 (A remote code execution issue was discovered in the WooCommerce ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
 CVE-2018-8709
 	RESERVED
 CVE-2018-8708
@@ -1215,7 +1215,8 @@ CVE-2018-8111
 CVE-2018-8110
 	RESERVED
 CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control ...)
-	TODO: check
+	- mercurial <unfixed>
+	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
 CVE-2018-1000131 (Pradeep Makone wordpress Support Plus Responsive Ticket System version ...)
 	TODO: check
 CVE-2018-1000130 (A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9451e95f2c9110027b1fced6dae4014172c6e65c...96d98e943a4484358178c8de1322857f6fb0b8f4

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9451e95f2c9110027b1fced6dae4014172c6e65c...96d98e943a4484358178c8de1322857f6fb0b8f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180314/ac8e96b0/attachment-0001.html>
