[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb63d911 by Moritz Muehlenhoff at 2018-09-25T20:27:11Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -181,35 +181,27 @@ CVE-2018-17440
 CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
-	TODO: check
 CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
-	TODO: check
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
-	TODO: check
 CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
-	TODO: check
 CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
-	TODO: check
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
-	TODO: check
 CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
-	TODO: check
 CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
-	TODO: check
 CVE-2018-17431
 	RESERVED
 CVE-2018-17430
@@ -436,17 +428,17 @@ CVE-2018-17324
 CVE-2018-17323
 	RESERVED
 CVE-2018-17322 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: YUNUCMS
 CVE-2018-17321 (An issue was discovered in SeaCMS 6.64. XSS exists in ...)
-	TODO: check
+	NOT-FOR-US: SeaCMS
 CVE-2018-17320 (An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via ...)
-	TODO: check
+	NOT-FOR-US: UCMS
 CVE-2018-17319
 	RESERVED
 CVE-2018-17318
 	RESERVED
 CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: FruityWifi
 CVE-2018-17316
 	RESERVED
 CVE-2018-17315
@@ -620,7 +612,6 @@ CVE-2018-17238
 CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
-	TODO: check
 CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally ...)
 	- mp4v2 <unfixed> (bug #909277)
 	[stretch] - mp4v2 <no-dsa> (Minor issue)
@@ -634,11 +625,9 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
-	TODO: check
 CVE-2018-17233 (A SIGFPE signal is raised in the function ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
-	TODO: check
 CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1 Slack ...)
 	NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)
 CVE-2018-17231 (** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow ...)
@@ -772,9 +761,9 @@ CVE-2018-17175 (In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9
 	- python-marshmallow 3.0.0b14-1 (bug #909140)
 	NOTE: https://github.com/marshmallow-code/marshmallow/issues/772
 CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA ...)
-	TODO: check
+	NOT-FOR-US: nmealib
 CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
-	TODO: check
+	NOT-FOR-US: LG SuperSign CMS
 CVE-2018-17172
 	RESERVED
 CVE-2018-17171



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb63d911b3124adb0c52c0c965fe72bd53d1a101

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb63d911b3124adb0c52c0c965fe72bd53d1a101
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/da476bd0/attachment-0001.html>