[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Thu Sep 6 09:29:26 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bf63df5 by Salvatore Bonaccorso at 2018-09-06T08:28:47Z
Process NFUs

- - - - -
54c518c1 by Salvatore Bonaccorso at 2018-09-06T08:29:06Z
Add CVE-2018-16548/zziplib

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,13 +5,14 @@ CVE-2018-16553
 CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, ...)
 	TODO: check
 CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...)
-	TODO: check
+	NOT-FOR-US: LavaLite
 CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the ...)
-	TODO: check
+	NOT-FOR-US: TeamViewer
 CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via ...)
-	TODO: check
+	NOT-FOR-US: HScripts PHP File Browser Script
 CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...)
-	TODO: check
+	- zziplib <unfixed>
+	NOTE: https://github.com/gdraheim/zziplib/issues/58
 CVE-2018-16547
 	RESERVED
 CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key across ...)
@@ -226,9 +227,9 @@ CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is
 	- hdf5 <undetermined>
 	NOTE: H5L_extern_query at H5Lexternal.c:498-10___out-of-bounds-read
 CVE-2018-16437 (Gxlcms 2.0 has Directory Traversal exploitable by an administrator. ...)
-	TODO: check
+	NOT-FOR-US: Gxlcms
 CVE-2018-16436 (Gxlcms 2.0 has SQL Injection exploitable by an administrator. ...)
-	TODO: check
+	NOT-FOR-US: Gxlcms
 CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ...)
 	{DSA-4284-1}
 	- lcms2 2.9-3 (bug #907983)
@@ -409,7 +410,7 @@ CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in ...)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-16381 (e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list ...)
-	TODO: check
+	NOT-FOR-US: e107
 CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF ...)
 	NOT-FOR-US: Ogma CMS
 CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the ...)
@@ -4128,11 +4129,11 @@ CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 thro
 CVE-2018-14772
 	RESERVED
 CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: VIVOTEK FD8177 devices
 CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: VIVOTEK FD8177 devices
 CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. ...)
-	TODO: check
+	NOT-FOR-US: VIVOTEK FD8177 devices
 CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, ...)
 	NOT-FOR-US: VIVOTEK devices
 CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins TraceTronic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/eadd37be3f5a81d9c7a536827cc1331e054c4f1e...54c518c1f8ef2de0ce86193a83c810969dad5b32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/eadd37be3f5a81d9c7a536827cc1331e054c4f1e...54c518c1f8ef2de0ce86193a83c810969dad5b32
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180906/96bf2d5f/attachment.html>
