[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Nov 27 18:29:08 GMT 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48c38fdb by Moritz Muehlenhoff at 2018-11-27T18:28:42Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2041,7 +2041,8 @@ CVE-2018-19589
 CVE-2018-19588
 	RESERVED
 CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c ...)
-	TODO: check
+	NOT-FOR-US: Cesanta Mongoose
+	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
 CVE-2018-19586
 	RESERVED
 CVE-2018-19585
@@ -2719,7 +2720,7 @@ CVE-2018-19550 (Interspire Email Marketer through 6.1.6 allows arbitrary file up
 CVE-2018-19549 (Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids ...)
 	NOT-FOR-US: Interspire Email Marketer
 CVE-2018-19548 (index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict ...)
-	TODO: check
+	NOT-FOR-US: EduSec
 CVE-2018-19547 (JTBC(PHP) 3.0.1.7 has XSS via the ...)
 	NOT-FOR-US: JTBC(PHP)
 CVE-2018-19546 (JTBC(PHP) 3.0.1.7 has CSRF via the ...)
@@ -4797,7 +4798,7 @@ CVE-2018-18809
 CVE-2018-18808
 	RESERVED
 CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2017-18350
 	RESERVED
 CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service ...)
@@ -18513,25 +18514,25 @@ CVE-2018-13319 (Incorrect access control in get_portal_info in Buffalo TS5600D12
 CVE-2018-13318 (System command injection in User.create method in Buffalo TS5600D1206 ...)
 	NOT-FOR-US: Buffalo
 CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13316
 	RESERVED
 CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002RU ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13314
 	RESERVED
 CVE-2018-13313
 	RESERVED
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13310 (Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13309 (Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13307
 	RESERVED
 CVE-2018-13306



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48c38fdb0d0780bd7b84323a054c30503971bd0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48c38fdb0d0780bd7b84323a054c30503971bd0f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181127/294e0fe7/attachment.html>

More information about the debian-security-tracker-commits mailing list