[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Mar 22 22:15:21 UTC 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65727d38 by Moritz Muehlenhoff at 2018-03-22T23:14:55+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9,19 +9,19 @@ CVE-2018-8938
 CVE-2018-8937
 	RESERVED
 CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access control ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient access ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2018-8929
 	RESERVED
 CVE-2018-8928
@@ -3454,7 +3454,7 @@ CVE-2018-7534
 CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck ...)
-	TODO: check
+	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7530
@@ -3462,7 +3462,7 @@ CVE-2018-7530
 CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...)
 	NOT-FOR-US: OSIsoft PI
 CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck ...)
-	TODO: check
+	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7527
 	RESERVED
 CVE-2018-7526
@@ -3470,7 +3470,7 @@ CVE-2018-7526
 CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in ...)
-	TODO: check
+	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7522
@@ -3478,7 +3478,7 @@ CVE-2018-7522
 CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7520 (An improper access control vulnerability has been identified in ...)
-	TODO: check
+	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7518
@@ -3486,7 +3486,7 @@ CVE-2018-7518
 CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7516 (A server-side request forgery vulnerability has been identified in ...)
-	TODO: check
+	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7514
@@ -3494,7 +3494,7 @@ CVE-2018-7514
 CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
 	NOT-FOR-US: Omron CX-Supervisor
 CVE-2018-7512 (A cross-site scripting vulnerability has been identified in Geutebruck ...)
-	TODO: check
+	NOT-FOR-US: IP Geutebruck and Topline IP cameras
 CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...)
 	NOT-FOR-US: Eaton ELCSoft
 CVE-2018-7510
@@ -6628,7 +6628,7 @@ CVE-2017-18096
 CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
 	NOT-FOR-US: Atlassian Crucible
 CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before version ...)
 	NOT-FOR-US: Atlassian Fisheye and Crucible
 CVE-2017-18092 (The print snippet resource in Atlassian Crucible before version 4.4.3 ...)
@@ -8815,7 +8815,7 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds 
 	NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5
 	NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
 CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning ...)
-	TODO: check
+	NOT-FOR-US: Heimdal PRO
 CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...)
 	- krb5 <unfixed> (bug #891869)
 	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
@@ -9339,7 +9339,7 @@ CVE-2018-5511
 CVE-2018-5510
 	RESERVED
 CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5508
 	RESERVED
 CVE-2018-5507
@@ -9347,13 +9347,13 @@ CVE-2018-5507
 CVE-2018-5506
 	RESERVED
 CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM) does ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5503 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5502 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to ...)
-	TODO: check
+	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
@@ -9713,7 +9713,7 @@ CVE-2018-5351
 CVE-2018-5350
 	RESERVED
 CVE-2018-5349 (A vulnerability has been found in Heimdal PRO v2.2.190, but it is most ...)
-	TODO: check
+	NOT-FOR-US: Heimdal PRO
 CVE-2018-5348
 	RESERVED
 CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticated ...)
@@ -10101,7 +10101,7 @@ CVE-2018-5227
 CVE-2018-5226
 	RESERVED
 CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Bitbucket Server
 CVE-2018-5224
 	RESERVED
 CVE-2018-5223
@@ -19350,7 +19350,7 @@ CVE-2018-1450
 CVE-2018-1449
 	RESERVED
 CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1447
 	RESERVED
 CVE-2018-1446
@@ -19390,11 +19390,11 @@ CVE-2018-1430
 CVE-2018-1429
 	RESERVED
 CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker ...)
 	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
 CVE-2018-1424



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65727d38ecd18b2edbf4b27fa9b980288801d08d

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65727d38ecd18b2edbf4b27fa9b980288801d08d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180322/000d6e74/attachment.html>


More information about the Secure-testing-commits mailing list