[Git][security-tracker-team/security-tracker][master] NFUs

Wed Oct 24 21:49:10 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30295648 by Moritz Muehlenhoff at 2018-10-24T20:47:36Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -460,7 +460,7 @@ CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of
 CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in ...)
 	- openexr <unfixed>
 	NOTE: https://github.com/openexr/openexr/issues/350
-	TODO: check, the issue seems not locaated in the (not-installed) exrmultiview tool, but in library, but no upstream response yet
+	TODO: check, the issue seems not located in the (not-installed) exrmultiview tool, but in library, but no upstream response yet
 CVE-2018-18442
 	RESERVED
 CVE-2018-18441
@@ -1821,7 +1821,7 @@ CVE-2018-17937
 CVE-2018-17936
 	RESERVED
 CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A use ...)
-	TODO: check
+	NOT-FOR-US: Telecrane
 CVE-2018-17934
 	RESERVED
 CVE-2018-17933
@@ -7853,7 +7853,7 @@ CVE-2018-15444
 CVE-2018-15443
 	RESERVED
 CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings Desktop ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-15441
 	RESERVED
 CVE-2018-15440
@@ -17041,7 +17041,7 @@ CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins
 CVE-2018-11805
 	RESERVED
 CVE-2018-11804 (Spark's Apache Maven-based build includes a convenience script, ...)
-	TODO: check
+	NOT-FOR-US: Apache Spark
 CVE-2018-11803
 	RESERVED
 CVE-2018-11802
@@ -19175,7 +19175,7 @@ CVE-2018-11027 (A reflected XSS vulnerability on Ruckus ICX7450-48 devices allow
 CVE-2018-11026
 	RESERVED
 CVE-2018-11025 (kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in ...)
-	TODO: check
+	NOT-FOR-US: kernel component on Amazon Fire
 CVE-2018-11024 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
 	NOT-FOR-US: kernel component on Amazon Fire
 CVE-2018-11023 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
@@ -45708,7 +45708,7 @@ CVE-2018-1543 (IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obt
 CVE-2018-1542 (IBM FileNet Content Manager, IBM Content Foundation, and IBM Case ...)
 	NOT-FOR-US: IBM
 CVE-2018-1541 (IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1540
 	RESERVED
 CVE-2018-1539 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 ...)
@@ -47981,7 +47981,6 @@ CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 an
 	[jessie] - resteasy <not-affected> (Incomplete fix for CVE-2016-9606 wasn't backported)
 	- resteasy3.0 <not-affected> (Incomplete fix for CVE-2016-9606 not applied)
 	NOTE: Removing deprecated YamlProvider was done in 4.0.0.Beta4
-	TODO: check
 CVE-2018-1050 (All versions of Samba from 4.0.0 onwards are vulnerable to a denial of ...)
 	{DSA-4135-1 DLA-1320-1}
 	- samba 2:4.7.4+dfsg-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30295648795aa99459cc761b4e48027a6156e01e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/30295648795aa99459cc761b4e48027a6156e01e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181024/058f8606/attachment.html>
