[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Process NFUs

Thu Mar 29 21:37:42 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
396ab576 by Salvatore Bonaccorso at 2018-03-29T23:37:35+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -201,7 +201,7 @@ CVE-2018-9033
 CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...)
 	NOT-FOR-US: D-Link
 CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices ...)
-	TODO: check
+	NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
 CVE-2018-9030
 	RESERVED
 CVE-2018-9029
@@ -595,7 +595,7 @@ CVE-2018-8887
 CVE-2018-8886
 	RESERVED
 CVE-2018-8885 (screenresolution-mechanism in screen-resolution-extra 0.17.2 does not ...)
-	TODO: check
+	NOT-FOR-US: screen-resolution-extra
 CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to ...)
 	- electron <itp> (bug #842420)
 CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...)
@@ -3425,11 +3425,11 @@ CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration 
 CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity ...)
 	NOT-FOR-US: NetIQ Access Manager
 CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp with log ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Identity Manager
 CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the ...)
 	NOT-FOR-US: NetIQ Sentinel
 CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 4.7, is ...)
-	TODO: check
+	NOT-FOR-US: NetIQ Identity Manager
 CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
 	NOT-FOR-US: NetIQ Identity Manager
 CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...)
@@ -6716,7 +6716,7 @@ CVE-2018-6610 (Information Leakage exists in the jLike 1.0 component for Joomla!
 CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via ...)
 	NOT-FOR-US: JSP Tickets component for Joomla!
 CVE-2018-6608 (In the WebRTC component in Opera 51.0.2830.55, after visiting a web ...)
-	TODO: check
+	NOT-FOR-US: WebRTC component in Opera
 CVE-2018-6607
 	RESERVED
 CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
@@ -6768,11 +6768,11 @@ CVE-2018-6590
 CVE-2018-6589
 	RESERVED
 CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a ...)
-	TODO: check
+	NOT-FOR-US: CA API Developer Portal
 CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...)
-	TODO: check
+	NOT-FOR-US: CA API Developer Portal
 CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...)
-	TODO: check
+	NOT-FOR-US: CA API Developer Portal
 CVE-2018-1000040
 	RESERVED
 CVE-2018-1000039
@@ -58864,7 +58864,7 @@ CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Pre
 CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. ...)
 	NOT-FOR-US: OnePlus One
 CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices ...)
-	TODO: check
+	NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS
 CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...)
 	{DSA-3801-1 DLA-846-1}
 	- ruby-zip 1.2.0-1.1 (bug #856269)
@@ -116749,9 +116749,9 @@ CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process 
 CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
 	NOT-FOR-US: IBM
 CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect ...)
 	NOT-FOR-US: IBM Spectrum Protect
 CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: ...)
@@ -125535,7 +125535,7 @@ CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Pa
 CVE-2015-2010
 	REJECTED
 CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
 	NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...)
@@ -139641,7 +139641,7 @@ CVE-2014-6606
 CVE-2014-6605
 	RESERVED
 CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in ...)
-	TODO: check
+	NOT-FOR-US: Subscribe2 plugin for WordPress
 CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in ...)
 	[squeeze] - suricata <not-affected> (Vulnerable code not yet present)
 	[wheezy] - suricata <not-affected> (Vulnerable code not yet present)
@@ -143154,7 +143154,7 @@ CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained acces
 	[squeeze] - libvirt <not-affected> (Not exploitable in that version)
 	NOTE: http://security.libvirt.org/2014/0003.html
 CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might allow ...)
-	TODO: check
+	NOT-FOR-US: Storage API module for Drupal
 CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module before ...)
 	NOT-FOR-US: Drupal module Date
 CVE-2014-5168



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/396ab5762d557945a4f2a8bc211a0203f909ebdf

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/396ab5762d557945a4f2a8bc211a0203f909ebdf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180329/38cc398e/attachment.html>
