[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 27 20:28:58 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6922d3ee by Salvatore Bonaccorso at 2018-03-27T22:28:40+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,5 +1,5 @@
 CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Terraform Amazon Web Services
 CVE-2018-9056 (Systems with microprocessors utilizing speculative execution may allow ...)
 	TODO: check
 CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...)
@@ -36,7 +36,7 @@ CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
 CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
 	NOT-FOR-US: Advanced SystemCare Ultimate
 CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2018-9038
 	RESERVED
 CVE-2018-9037
@@ -644,7 +644,7 @@ CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows 
 CVE-2018-8803
 	RESERVED
 CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...)
-	TODO: check
+	NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
 CVE-2018-8801
 	RESERVED
 	- gitlab 10.5.6+dfsg-1 (bug #893905)
@@ -3211,7 +3211,7 @@ CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation 
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
 CVE-2018-7700 (DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-7699
 	RESERVED
 CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L ...)
@@ -3325,7 +3325,7 @@ CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.1
 	NOTE: https://simplesamlphp.org/security/201803-01
 	NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
 CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 ...)
-	TODO: check
+	NOT-FOR-US: Softros Network Time System
 CVE-2018-7657
 	RESERVED
 CVE-2018-7656
@@ -6046,9 +6046,9 @@ CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) 
 CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
 	NOT-FOR-US: Jiangmin Antivirus
 CVE-2018-6766 (Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could ...)
-	TODO: check
+	NOT-FOR-US: Swisscom TVMediaHelper
 CVE-2018-6765 (Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Swisscom MySwisscomAssistant
 CVE-2018-6763
 	RESERVED
 CVE-2018-6762
@@ -24264,7 +24264,7 @@ CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service
 CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified Communications ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0197
 	RESERVED
 CVE-2018-0196
@@ -38796,7 +38796,7 @@ CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-depend
 CVE-2017-12411
 	RESERVED
 CVE-2017-12410 (It is possible to exploit a Time of Check & Time of Use (TOCTOU) ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Virtual System Administrator agent
 CVE-2017-12409
 	RESERVED
 CVE-2017-12408
@@ -39022,7 +39022,7 @@ CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Regis
 CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...)
@@ -39040,7 +39040,7 @@ CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in t
 CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark Hybrid ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allow ...)
 	NOT-FOR-US: Cisco
 CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business Managed ...)
@@ -116413,7 +116413,7 @@ CVE-2015-5018 (IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 bef
 CVE-2015-5017 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
 	NOT-FOR-US: IBM
 CVE-2015-5016 (IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management ...)
-	TODO: check
+	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2015-5015 (IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack ...)
 	NOT-FOR-US: IBM
 CVE-2015-5014 (IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 ...)
@@ -116471,7 +116471,7 @@ CVE-2015-4989 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 
 CVE-2015-4988 (Directory traversal vulnerability in the replay server in IBM Tealeaf ...)
 	NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2015-4987 (The search and replay servers in IBM Tealeaf Customer Experience 8.0 ...)
-	TODO: check
+	NOT-FOR-US: IBM Tealeaf Customer Experience
 CVE-2015-4986
 	RESERVED
 CVE-2015-4985
@@ -116537,7 +116537,7 @@ CVE-2015-4956 (The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch
 CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
 	NOT-FOR-US: IBM
 CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4953
 	RESERVED
 CVE-2015-4952



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6922d3eee275fbda7d6db47393fa7896c219c032

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6922d3eee275fbda7d6db47393fa7896c219c032
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180327/0e374aab/attachment-0001.html>

More information about the Secure-testing-commits mailing list