[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-18751/gettext

Salvatore Bonaccorso carnil at debian.org
Sun Oct 28 21:51:19 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ac5669b by Salvatore Bonaccorso at 2018-10-28T21:50:55Z
Add CVE-2018-18751/gettext

- - - - -
71dc0037 by Salvatore Bonaccorso at 2018-10-28T21:50:55Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,13 +21,13 @@ CVE-2018-18756
 CVE-2018-18755
 	RESERVED
 CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL
 CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via ...)
 	TODO: check
 CVE-2018-18752 (Webiness Inventory 2.3 suffers from an Arbitrary File upload ...)
-	TODO: check
+	NOT-FOR-US: Webiness Inventory
 CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double free ...)
-	TODO: check
+	- gettext <unfixed>
 CVE-2018-18750
 	RESERVED
 CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading to an ...)
@@ -118,13 +118,13 @@ CVE-2018-18707 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
 CVE-2018-18706 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 ...)
 	NOT-FOR-US: Tenda devices
 CVE-2016-10734 (ProjectSend (formerly cFTP) r582 allows Insecure Direct Object ...)
-	TODO: check
+	NOT-FOR-US: ProjectSend
 CVE-2016-10733 (ProjectSend (formerly cFTP) r582 allows directory traversal via ...)
-	TODO: check
+	NOT-FOR-US: ProjectSend
 CVE-2016-10732 (ProjectSend (formerly cFTP) r582 allows authentication bypass via a ...)
-	TODO: check
+	NOT-FOR-US: ProjectSend
 CVE-2016-10731 (ProjectSend (formerly cFTP) r582 allows SQL injection via ...)
-	TODO: check
+	NOT-FOR-US: ProjectSend
 CVE-2018-18710 (An issue was discovered in the Linux kernel through 4.19. An ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5ddb8ac56c1ebf5c742ec516f72cbf698c21d2a0...71dc0037a4e3c6353419930ab7beeb9a0731e699

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5ddb8ac56c1ebf5c742ec516f72cbf698c21d2a0...71dc0037a4e3c6353419930ab7beeb9a0731e699
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181028/b80b517a/attachment.html>

More information about the debian-security-tracker-commits mailing list