[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Mar 15 11:10:18 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f5ccdba by Moritz Muehlenhoff at 2018-03-15T12:10:04+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2357,9 +2357,9 @@ CVE-2018-7680
 CVE-2018-7679
 	RESERVED
 CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7676
 	RESERVED
 CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the ...)
@@ -2641,7 +2641,6 @@ CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a 
 	[stretch] - cimg <no-dsa> (Minor issue)
 	[jessie] - cimg <no-dsa> (Minor issue)
 	[wheezy] - cimg <no-dsa> (Minor issue)
-	TODO: check, not reported upstream
 CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery ...)
 	NOT-FOR-US: nextgen-gallery plugin for WordPress
 CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based ...)
@@ -2890,15 +2889,15 @@ CVE-2018-7535
 CVE-2018-7534
 	RESERVED
 CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7532
 	RESERVED
 CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7530
 	RESERVED
 CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7528
 	RESERVED
 CVE-2018-7527
@@ -2940,7 +2939,7 @@ CVE-2018-7510
 CVE-2018-7509
 	RESERVED
 CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7507
 	RESERVED
 CVE-2018-7506
@@ -2948,7 +2947,7 @@ CVE-2018-7506
 CVE-2018-7505
 	RESERVED
 CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7503
 	RESERVED
 CVE-2018-7502
@@ -2956,7 +2955,7 @@ CVE-2018-7502
 CVE-2018-7501
 	RESERVED
 CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7499
 	RESERVED
 CVE-2018-7498
@@ -2964,7 +2963,7 @@ CVE-2018-7498
 CVE-2018-7497
 	RESERVED
 CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft PI
 CVE-2018-7495
 	RESERVED
 CVE-2018-7494
@@ -3062,7 +3061,7 @@ CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross S
 CVE-2018-7475
 	RESERVED
 CVE-2018-7474 (An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is ...)
-	TODO: check
+	- textpattern <removed>
 CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web ...)
 	NOT-FOR-US: SO Connect SO WIFI
 CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service ...)
@@ -3666,13 +3665,13 @@ CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation ..
 CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
 	NOT-FOR-US: Ninja Forms plugin for WordPress
 CVE-2018-1000093 (CryptoNote version version 0.8.9 and possibly later contain a local ...)
-	TODO: check
+	NOT-FOR-US: CryptoNote
 CVE-2018-1000092 (CMS Made Simple version versions 2.2.5 contains a Cross ite Request ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2018-1000091 (KadNode version version 2.2.0 contains a Buffer Overflow vulnerability ...)
-	TODO: check
+	NOT-FOR-US: KadNode
 CVE-2018-1000090 (textpattern version version 4.6.2 contains a XML Injection ...)
-	TODO: check
+	- textpattern <removed>
 CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contains a ...)
 	- django-anymail 1.4-1 (bug #890097)
 	[stretch] - django-anymail <no-dsa> (Minor issue; non-free/contrib not security supported)
@@ -3684,7 +3683,7 @@ CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site S
 CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site ...)
 	NOT-FOR-US: WolfCMS
 CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...)
-	TODO: check
+	NOT-FOR-US: pym.js
 CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory ...)
 	- clamav 0.99.3~beta1+dfsg-1
 	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
@@ -3775,11 +3774,11 @@ CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permi
 	NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
 	NOTE: Can be mitigated by moving home folder outside the scope of the webserver
 CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after ...)
-	TODO: check
+	NOT-FOR-US: PyBitmessage
 CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External Entity ...)
 	TODO: check
 CVE-2018-7279 (A remote code execution issue was discovered in AlienVault USM and ...)
-	TODO: check
+	NOT-FOR-US: AlienVault
 CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...)
 	NOT-FOR-US: RLE Protocol Converter FDS-PC / FDS-PC-DP devices
 CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent ...)
@@ -4849,7 +4848,7 @@ CVE-2018-6877
 CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...)
 	NOT-FOR-US: libfpx
 CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: KeepKey
 CVE-2018-6874
 	RESERVED
 CVE-2018-6873



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f5ccdbab6e34afb0e47f35d693b645f8670a615

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f5ccdbab6e34afb0e47f35d693b645f8670a615
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180315/b2e1f616/attachment-0001.html>

More information about the Secure-testing-commits mailing list