[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Sat Mar 17 07:57:51 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb73a334 by Salvatore Bonaccorso at 2018-03-17T08:57:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20532,7 +20532,7 @@ CVE-2018-1080 [Mishandled ACL configuration in AAclAuthz.java reverses rules tha
 CVE-2018-1079
 	RESERVED
 CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenDayLight
 CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the ...)
 	NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2018-1076
@@ -27632,7 +27632,7 @@ CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP me
 CVE-2017-15720
 	RESERVED
 CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and ...)
-	TODO: check
+	NOT-FOR-US: Wicket jQuery UI
 CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the ...)
 	- hadoop <itp> (bug #793644)
 CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
@@ -31810,7 +31810,7 @@ CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction L
 CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, versions ...)
 	NOT-FOR-US: EMC Data Domain DD OS
 CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the ...)
-	TODO: check
+	NOT-FOR-US: EMConfigMigration service
 CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for File ...)
 	NOT-FOR-US: EMC VNX
 CVE-2017-14382
@@ -37356,7 +37356,7 @@ CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation .
 CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross ...)
 	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
 CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS ...)
-	TODO: check
+	NOT-FOR-US: ASUS RT-N14UHP devices
 CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any ...)
 	NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices
 CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...)
@@ -50682,7 +50682,7 @@ CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection 
 CVE-2017-8014
 	RESERVED
 CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before ...)
-	TODO: check
+	NOT-FOR-US: EMC Data Protection Adv
 CVE-2017-8012 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS ...)
 	NOT-FOR-US: EMC
 CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution ...)
@@ -143399,7 +143399,7 @@ CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5
 CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
 	NOT-FOR-US: EMC Documentum Content Server
 CVE-2014-4612 (Cross-site scripting (XSS) vulnerability in the keywords manager ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in Yann ...)
 	- linux 3.14.9-1 (unimportant)
 	[wheezy] - linux <not-affected> (LZ4 support introduced in 3.11)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb73a3343ed31c435a7adacdead0f3ea95eb821a

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb73a3343ed31c435a7adacdead0f3ea95eb821a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180317/f057116f/attachment.html>
