[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 20 21:55:53 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6863fa6c by Salvatore Bonaccorso at 2018-03-20T22:55:35+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3225,7 +3225,7 @@ CVE-2018-7513
 CVE-2018-7512
 	RESERVED
 CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...)
-	TODO: check
+	NOT-FOR-US: Eaton ELCSoft
 CVE-2018-7510
 	RESERVED
 CVE-2018-7509
@@ -8398,11 +8398,11 @@ CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontroll
 CVE-2018-5771
 	RESERVED
 CVE-2018-5770 (An issue was discovered on Tenda AC15 devices. A remote, ...)
-	TODO: check
+	NOT-FOR-US: Tenda AC15 devices
 CVE-2018-5769
 	RESERVED
 CVE-2018-5768 (A remote, unauthenticated attacker can gain remote code execution on ...)
-	TODO: check
+	NOT-FOR-US: Tenda AC15 router
 CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A ...)
 	NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices
 CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...)
@@ -8574,7 +8574,7 @@ CVE-2018-5719
 CVE-2018-5718
 	RESERVED
 CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before firmware ...)
-	TODO: check
+	NOT-FOR-US: NCR S2 Dispenser controller
 CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This ...)
 	NOT-FOR-US: Reprise License Manager
 CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query ...)
@@ -9209,7 +9209,7 @@ CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CO
 CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge E3 ...)
 	NOT-FOR-US: Nortek Linear eMerge E3 series
 CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an insufficient ...)
-	TODO: check
+	NOT-FOR-US: Philips ISCV application
 CVE-2018-5437
 	RESERVED
 CVE-2018-5436
@@ -10912,9 +10912,9 @@ CVE-2018-4846
 CVE-2018-4845
 	RESERVED
 CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
-	TODO: check
+	NOT-FOR-US: SIMATIC
 CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All ...)
-	TODO: check
+	NOT-FOR-US: SIMATIC
 CVE-2018-4842
 	RESERVED
 CVE-2018-4841
@@ -19313,7 +19313,7 @@ CVE-2017-17669 (There is a heap-based buffer over-read in the ...)
 	[wheezy] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/187
 CVE-2017-17668 (Memory write mechanism in NCR S1 Dispenser controller before firmware ...)
-	TODO: check
+	NOT-FOR-US: NCR S1 Dispenser controller
 CVE-2017-17667
 	RESERVED
 CVE-2017-17666
@@ -21042,9 +21042,9 @@ CVE-2017-17322 (Huawei Honor Smart Scale Application with software of 1.1.1 has 
 CVE-2017-17321 (Huawei eNSP software with software of versions earlier than ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17320 (Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17319 (Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17318
 	RESERVED
 CVE-2017-17317
@@ -21068,9 +21068,9 @@ CVE-2017-17309
 CVE-2017-17308
 	RESERVED
 CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17305
 	RESERVED
 CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
@@ -21252,7 +21252,7 @@ CVE-2017-17217 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C0
 CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; ...)
 	NOT-FOR-US: Huawei
 CVE-2017-17215 (Huawei HG532 with some customized versions has a remote code execution ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-17214
 	RESERVED
 CVE-2017-17213
@@ -32585,7 +32585,7 @@ CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineC
 CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCms ...)
 	NOT-FOR-US: dayrui FineCms
 CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to ...)
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...)
@@ -33209,19 +33209,19 @@ CVE-2017-14010
 CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...)
 	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
 CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current ...)
-	TODO: check
+	NOT-FOR-US: GE Centricity PACS RA1000
 CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in ProMinent ...)
 	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
 CVE-2017-14006 (GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all ...)
-	TODO: check
+	NOT-FOR-US: GE Xeleris
 CVE-2017-14005 (An Unverified Password Change issue was discovered in ProMinent ...)
 	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
 CVE-2017-14004 (GE GEMNet License server (EchoServer) all current versions are ...)
-	TODO: check
+	NOT-FOR-US: GE GEMNet License server
 CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA ...)
 	NOT-FOR-US: LAVA Ether-Serial Link
 CVE-2017-14002 (GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current ...)
-	TODO: check
+	NOT-FOR-US: GE Infinia/Infinia with Hawkeye 4 medical imaging systems
 CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command ...)
 	NOT-FOR-US: Asterisk GUI
 	NOTE: Different from standard asterisk: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI
@@ -50460,7 +50460,7 @@ CVE-2017-8189 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal
 CVE-2017-8188 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection ...)
 	NOT-FOR-US: Huawei
 CVE-2017-8187 (Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-8186 (The Bastet of some Huawei mobile phones with software of earlier than ...)
 	NOT-FOR-US: Huawei
 CVE-2017-8185 (ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a ...)
@@ -50482,7 +50482,7 @@ CVE-2017-8178 (Huawei Email APP Vicky-AL00 smartphones with software of earlier 
 CVE-2017-8177 (Huawei APP HiWallet earlier than 5.0.3.100 versions do not support ...)
 	NOT-FOR-US: Huawei
 CVE-2017-8176 (Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-8175 (The Bastet of some Huawei mobile phones with software earlier than ...)
 	NOT-FOR-US: Huawei
 CVE-2017-8174 (Huawei USG6300 V100R001C30SPC300 and USG6600 with software of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6863fa6c7cbb7e5b5a04fbd8cedbd56f522ef097

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6863fa6c7cbb7e5b5a04fbd8cedbd56f522ef097
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180320/b5fdf360/attachment.html>

More information about the Secure-testing-commits mailing list