[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Correct some older i-librarian CVEs

Salvatore Bonaccorso carnil at debian.org
Sat Mar 24 20:05:48 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
458221bc by Salvatore Bonaccorso at 2018-03-24T21:05:15+01:00
Correct some older i-librarian CVEs

Convert from a NFU to item referengint the RFP/ITP bug.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1945,7 +1945,7 @@ CVE-2018-1000126 (Ajenti version 2 contains an Information Disclosure vulnerabil
 CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior to commit ...)
 	NOT-FOR-US: inversoft prime-jwt
 CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML ...)
-	NOT-FOR-US: I Librarian I-librarian
+	- i-librarian <itp> (bug #649291)
 CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...)
 	NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
 CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
@@ -24691,13 +24691,13 @@ CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Si
 CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload ...)
 	NOT-FOR-US: InvoicePlane
 CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request ...)
-	NOT-FOR-US: I, Librarian
+	- i-librarian <itp> (bug #649291)
 CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site ...)
-	NOT-FOR-US: I, Librarian
+	- i-librarian <itp> (bug #649291)
 CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection ...)
-	NOT-FOR-US: I, Librarian
+	- i-librarian <itp> (bug #649291)
 CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory ...)
-	NOT-FOR-US: I, Librarian
+	- i-librarian <itp> (bug #649291)
 CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...)
 	- ldns <unfixed> (bug #882014)
 	[stretch] - ldns <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/458221bcab3a66448ecab50412ae0f0564e99abd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/458221bcab3a66448ecab50412ae0f0564e99abd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180324/a517315f/attachment.html>

More information about the Secure-testing-commits mailing list