[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Sep 7 16:02:24 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5151dd49 by Moritz Muehlenhoff at 2018-09-07T15:02:03Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87,7 +87,7 @@ CVE-2018-16624
 CVE-2018-16623
 	RESERVED
 CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: DoraCMS
 CVE-2018-16621
 	RESERVED
 CVE-2018-16620
@@ -157,7 +157,7 @@ CVE-2018-16592
 CVE-2018-16591
 	RESERVED
 CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScript for ...)
-	TODO: check
+	NOT-FOR-US: FURUNO FELCOM
 CVE-2018-16589
 	RESERVED
 CVE-2018-16588
@@ -232,7 +232,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
 	NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference ...)
-	TODO: check
+	NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
 	TODO: check
 CVE-2018-1000673
@@ -241,25 +241,25 @@ CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirec
 	- sympa <unfixed> (bug #908165)
 	NOTE: https://github.com/sympa-community/sympa/issues/268
 CVE-2018-1000668 (jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2018-1000667 (NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...)
 	- nasm <unfixed> (unimportant)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392507
 	NOTE: https://github.com/cyrillos/nasm/issues/3
 	NOTE: Crash in CLI tool, no security impact
 CVE-2018-1000666 (GIG Technology NV JumpScale Portal 7 version before commit ...)
-	TODO: check
+	NOT-FOR-US: GIG Technology NV JumpScale Portal
 CVE-2018-1000665 (Dojo Dojo Objective Harness (DOH) version prior to version 1.14 ...)
 	- dojo 1.14.1+dfsg1-1 (unimportant)
 	NOTE: https://github.com/dojo/dojo/pull/307
 CVE-2018-1000664 (daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains ...)
-	TODO: check
+	NOT-FOR-US: daneren2005 DSub for Subsonic
 CVE-2018-1000663 (jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2018-1000661 (jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference ...)
-	TODO: check
+	NOT-FOR-US: jsish
 CVE-2018-1000660 (TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. ...)
-	TODO: check
+	NOT-FOR-US: TOCK
 CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory traversal ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload ...)
@@ -446,7 +446,7 @@ CVE-2018-16461
 CVE-2018-16460
 	RESERVED
 CVE-2018-16459 (An unescaped payload in exceljs <v1.6 allows a possible XSS via cell ...)
-	TODO: check
+	NOT-FOR-US: exceljs
 CVE-2018-1000672
 	REJECTED
 CVE-2018-1000662
@@ -863,7 +863,7 @@ CVE-2018-16312
 CVE-2018-16311
 	RESERVED
 CVE-2018-16310 (Technicolor TG588V V2 devices allow remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Technicolor
 CVE-2018-16309
 	RESERVED
 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...)
@@ -913,7 +913,7 @@ CVE-2018-16287
 CVE-2018-16286
 	RESERVED
 CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-16284
 	RESERVED
 CVE-2018-16283
@@ -962,7 +962,7 @@ CVE-2018-16263
 CVE-2018-16262
 	RESERVED
 CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Desktop Client
 CVE-2018-16260
 	RESERVED
 CVE-2018-16259
@@ -1928,7 +1928,7 @@ CVE-2018-15867
 CVE-2018-15866
 	RESERVED
 CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in ...)
 	- libxkbcommon 0.8.2-1 (low; bug #907302)
 	[stretch] - libxkbcommon <no-dsa> (Minor issue)
@@ -2206,7 +2206,7 @@ CVE-2018-15751
 CVE-2018-15750
 	RESERVED
 CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, ...)
 	NOT-FOR-US: Dell 2335dn printers
 CVE-2018-15747
@@ -2269,7 +2269,7 @@ CVE-2018-1999043 (A denial of service vulnerability exists in Jenkins 2.137 and
 CVE-2018-1999042 (A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and ...)
 	- jenkins <removed>
 CVE-2018-15726 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Desktop
 CVE-2018-15725
 	RESERVED
 CVE-2018-15724
@@ -5608,7 +5608,7 @@ CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protoco
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-42.html
 CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2018-14365
 	RESERVED
 CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before ...)
@@ -10971,7 +10971,7 @@ CVE-2018-12236
 CVE-2018-12235
 	RESERVED
 CVE-2018-12234 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: Adrenalin HRMS Software
 CVE-2018-12231
 	RESERVED
 CVE-2018-12230 (An wrong logical check identified in the transferFrom function of a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5151dd4989ee9a8fc9aaf2bd5cda4af9687d8fb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5151dd4989ee9a8fc9aaf2bd5cda4af9687d8fb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180907/29bf69aa/attachment.html>

More information about the debian-security-tracker-commits mailing list