[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Oct 29 08:21:17 GMT 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6be3bdf by Moritz Muehlenhoff at 2018-10-29T08:20:45Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,29 +27,29 @@ CVE-2018-18794
 CVE-2018-18793
 	RESERVED
 CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18790 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18789 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18788 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18787 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18786 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18785 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18784 (An issue was discovered in zzcms 8.3. SQL Injection exists in ...)
-	TODO: check
+	NOT-FOR-US: zzcms
 CVE-2018-18783 (XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok ...)
-	TODO: check
+	NOT-FOR-US: SEMCMS
 CVE-2018-18782 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-18781 (DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2018-18780
 	RESERVED
 CVE-2018-18779
@@ -69,7 +69,7 @@ CVE-2018-18773
 CVE-2018-18772
 	RESERVED
 CVE-2018-18771 (An issue was discovered in LuLu CMS through 2015-05-14. ...)
-	TODO: check
+	NOT-FOR-US: Lulu CMS
 CVE-2018-18770
 	RESERVED
 CVE-2018-18769
@@ -81,9 +81,15 @@ CVE-2018-18767
 CVE-2018-18766
 	RESERVED
 CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
-	TODO: check
+	- smplayer 18.5.0~ds1-1
+	[stretch] - smplayer <not-affected> (Vulnerable code not present)
+	[jessie] - smplayer <not-affected> (Vulnerable code not present)
+	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
 CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
-	TODO: check
+	- smplayer 18.5.0~ds1-1
+	[stretch] - smplayer <not-affected> (Vulnerable code not present)
+	[jessie] - smplayer <not-affected> (Vulnerable code not present)
+	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
 CVE-2018-18763
 	RESERVED
 CVE-2018-18762
@@ -105,7 +111,7 @@ CVE-2018-18755
 CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account ...)
 	NOT-FOR-US: ZyXEL
 CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via ...)
-	TODO: check
+	NOT-FOR-US: Typecho
 CVE-2018-18752 (Webiness Inventory 2.3 suffers from an Arbitrary File upload ...)
 	NOT-FOR-US: Webiness Inventory
 CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double free ...)
@@ -113,9 +119,9 @@ CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double
 CVE-2018-18750
 	RESERVED
 CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading to an ...)
-	TODO: check
+	NOT-FOR-US: data-tools
 CVE-2018-18748 (Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2018-18747
 	RESERVED
 CVE-2018-18746
@@ -17312,17 +17318,17 @@ CVE-2018-11855
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11854 (Lack of check of valid length of input parameter may cause buffer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11853 (Lack of check on out of range for channels When processing channel ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11852 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11851 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11850 (Lack of check on remaining length parameter When processing scan start ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing scan ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11848
 	RESERVED
 CVE-2018-11847



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6be3bdfea28444a507c0241eee0ca180f53c806

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b6be3bdfea28444a507c0241eee0ca180f53c806
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181029/786a9bdf/attachment.html>

More information about the debian-security-tracker-commits mailing list