[Git][security-tracker-team/security-tracker][master] 2 commits: Take one item

Salvatore Bonaccorso carnil at debian.org
Fri Sep 21 09:36:16 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd716eea by Salvatore Bonaccorso at 2018-09-21T08:26:01Z
Take one item

- - - - -
51be2f83 by Salvatore Bonaccorso at 2018-09-21T08:35:49Z
Process more NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2018-17300 (Stored XSS exists in CuppaCMS through 2018-09-03 via an ...)
 CVE-2018-17299
 	RESERVED
 CVE-2018-17298 (An issue was discovered in Enalean Tuleap before 10.5. Reset password ...)
-	TODO: check
+	NOT-FOR-US: Enalean Tuleap
 CVE-2018-17297 (The unzip function in ZipUtil.java in Hutool before 4.1.12 allows ...)
 	NOT-FOR-US: Hutool
 CVE-2018-17296
@@ -19,9 +19,9 @@ CVE-2018-17295
 CVE-2018-17294 (The matchCurrentInput function inside lou_translateString.c of Liblouis ...)
 	TODO: check
 CVE-2018-17293 (An issue was discovered in WAVM before 2018-09-16. The run function in ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-17292 (An issue was discovered in WAVM before 2018-09-16. The loadModule ...)
-	TODO: check
+	NOT-FOR-US: WAVM
 CVE-2018-17291
 	RESERVED
 CVE-2018-17290
@@ -160,7 +160,7 @@ CVE-2018-17230 (Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attacke
 CVE-2018-17229 (Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to ...)
 	TODO: check
 CVE-2018-17228 (nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell ...)
-	TODO: check
+	NOT-FOR-US: nmap4j
 CVE-2018-17227
 	RESERVED
 CVE-2018-17226
@@ -1232,7 +1232,7 @@ CVE-2018-16754
 CVE-2018-16753
 	RESERVED
 CVE-2018-16752 (LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code ...)
-	TODO: check
+	NOT-FOR-US: LINK-NET LW-N605R devices
 CVE-2018-16751
 	RESERVED
 CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier, a memory leak in the ...)
@@ -2392,7 +2392,7 @@ CVE-2018-16284
 CVE-2018-16283
 	RESERVED
 CVE-2018-16282 (A command injection vulnerability in the web server functionality of ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2018-16281
 	RESERVED
 CVE-2018-16280
@@ -3562,7 +3562,7 @@ CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in
 CVE-2018-15833 (In Vanilla before 2.6.1, the polling functionality allows Insecure ...)
 	NOT-FOR-US: Vanilla
 CVE-2018-15832 (upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows ...)
-	TODO: check
+	NOT-FOR-US: upc.exe in Ubisoft Uplay Desktop Client
 CVE-2018-15831
 	RESERVED
 CVE-2018-15830
@@ -5808,11 +5808,11 @@ CVE-2018-14831
 CVE-2018-14830
 	RESERVED
 CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14828
 	RESERVED
 CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14826
 	RESERVED
 CVE-2018-14825
@@ -5824,7 +5824,7 @@ CVE-2018-14823
 CVE-2018-14822
 	RESERVED
 CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2018-14820
 	RESERVED
 CVE-2018-14819
@@ -5874,7 +5874,7 @@ CVE-2018-14798
 CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a ...)
 	NOT-FOR-US: Emerson DeltaV DCS
 CVE-2018-14796 (Tec4Data SmartCooler, all versions prior to firmware 180806, the ...)
-	TODO: check
+	NOT-FOR-US: Tec4Data SmartCooler
 CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable ...)
 	NOT-FOR-US: DeltaV
 CVE-2018-14794
@@ -6492,7 +6492,7 @@ CVE-2018-14593 (An issue was discovered in Open Ticket Request System (OTRS) 6.0
 	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/7b6802723e1f5d1764b617e9fcf0a8dd21e96216
 	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/78331ea187181d6130189d4563a50b4c30256320
 CVE-2018-14592 (The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW ...)
-	TODO: check
+	NOT-FOR-US: CWJoomla
 CVE-2018-14591
 	RESERVED
 CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -44,7 +44,7 @@ libspring-java
 libxml2 (carnil)
   Re-evaluate situation for unstable first, risky to expose some fixes directly
 --
-linux
+linux (carnil)
   Wait until more issues have piled up
 --
 mariadb-10.1/stable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/79f520f0bb273ab62b6641ecb595639854557bf3...51be2f83c7368026e124dc4ae36d23c2625e9a86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/79f520f0bb273ab62b6641ecb595639854557bf3...51be2f83c7368026e124dc4ae36d23c2625e9a86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180921/991c25f6/attachment.html>

More information about the debian-security-tracker-commits mailing list