[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU

Wed Oct 10 21:18:08 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f436aace by Salvatore Bonaccorso at 2018-10-10T20:16:35Z
Process one NFU

- - - - -
33362c3b by Salvatore Bonaccorso at 2018-10-10T20:16:36Z
Add CVE-2018-18088/openjpeg2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2018-18203
 CVE-2018-18202 (The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 ...)
 	NOT-FOR-US: IBM
 CVE-2018-18201 (qibosoft V7.0 allows CSRF via ...)
-	TODO: check
+	NOT-FOR-US: qibosoft
 CVE-2018-18200 (There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. ...)
 	NOT-FOR-US: REDAXO
 CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
@@ -267,7 +267,8 @@ CVE-2018-18090
 CVE-2018-18089
 	RESERVED
 CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the ...)
-	TODO: check
+	- openjpeg2 <unfixed>
+	NOTE: https://github.com/uclouvain/openjpeg/issues/1152
 CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
 	TODO: check
 CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ebb30f7cbe5d529c881aea235dbcd7bbdc42bdc0...33362c3bf0c4d9cb990f9631dc973fb38e437e48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ebb30f7cbe5d529c881aea235dbcd7bbdc42bdc0...33362c3bf0c4d9cb990f9631dc973fb38e437e48
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181010/df5f87a5/attachment-0001.html>
